https://github.com/151henry151/romp-crm/ ·
lang: elixir ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 17 |
AUC009 [AUC009] Sensitive function route lacks elevated authorizat… |
medium | 10 |
AUC004 [AUC004] Admin route does not show super_admin separation: … |
medium | 4 |
AUC001 [AUC001] No Repobility access matrix policy found: The repo… |
medium | 1 |
CORE_NO_CI No CI/CD configuration found |
medium | 1 |
WEB005 robots.txt does not advertise a sitemap |
low | 1 |
AUC005 [AUC005] No authorization-focused tests detected: No test f… |
low | 1 |
JRN004 Consent is collected in UI without visible backend audit pe… |
high | 1 |
JRN004
Consent is collected in UI without visible backend audit persistence
deploy/legal/privacy-policy.html:69
· conf 0.78
Consent is collected in UI without visible backend audit persistenceAUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
lib/romp_crm_web/router.ex:104
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
lib/romp_crm_web/router.ex:123
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
lib/romp_crm_web/router.ex:124
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
lib/romp_crm_web/router.ex:125
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:85
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:86
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:87
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:88
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:90
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:91
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:93
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:95
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:96
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
lib/romp_crm_web/router.ex:97
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundAIC003
Duplicated implementation block across source files
lib/mix/tasks/twilio.configure_voice.ex:55
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_job_extractor/anthropic.ex:21
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_job_extractor.ex:72
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_time_extractor/anthropic.ex:23
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_time_extractor/deterministic_stub.ex:36
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_time_extractor.ex:35
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_time_extractor.ex:98
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_unified_inbound_extractor/anthropic.ex:55
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_unified_inbound_extractor/anthropic.ex:56
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_unified_inbound_extractor/anthropic.ex:77
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/ai/sms_unified_inbound_extractor/deterministic_stub.ex:215
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/businesses/notifier.ex:6
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/reminder_scheduler.ex:8
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm/time_tracking/time_entry.ex:46
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm_web/live/my_timeclock_live.ex:122
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/romp_crm_web/live/time_log_live.ex:35
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
test/romp_crm_web/controllers/twilio_webhook_controller_test.exs:185
· conf 0.86
Duplicated implementation block across source filesAUC005
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.WEB005
robots.txt does not advertise a sitemap
priv/static/robots-9e2c81b0855bbff2baa8371bc4a78186.txt
· conf 0.74
robots.txt does not advertise a sitemapReading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/7c7c145b-47a4-485b-b4b5-e7ae91f6aa71/.