https://github.com/EKKOLearnAI/hermes-web-ui ·
lang: typescript ·
LOC: ·
source: both
| Rule | Severity | Count |
|---|---|---|
SEC020 Secret Printed to Logs |
high | 4 |
SEC015 Insecure Randomness for Security |
medium | 4 |
SEC007 Unsafe Deserialization |
medium | 4 |
SEC018 AI-Agent Secret Retrieval Command |
high | 3 |
SEC018
AI-Agent Secret Retrieval Command
packages/client/src/i18n/locales/en.ts:569
· conf 1.00
[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but the…SEC018
AI-Agent Secret Retrieval Command
packages/client/src/i18n/locales/fr.ts:438
· conf 1.00
[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but the…SEC020
Secret Printed to Logs
packages/server/src/controllers/hermes/codex-auth.ts:122
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
packages/server/src/controllers/hermes/copilot-auth.ts:71
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC007
Unsafe Deserialization
packages/server/src/controllers/hermes/config.ts:94
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
packages/server/src/services/config-helpers.ts:77
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
packages/server/src/services/hermes/file-provider.ts:718
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
[SEC007] Unsafe Deserialization (and 3 more): Same pattern found in 3 additional files. Review if needed.SEC015
Insecure Randomness for Security
[SEC015] Insecure Randomness for Security (and 7 more): Same pattern found in 7 additional files. Review if needed.SEC015
Insecure Randomness for Security
packages/client/src/api/hermes/group-chat.ts:96
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
packages/client/src/stores/hermes/chat.ts:77
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
packages/server/src/routes/hermes/group-chat.ts:17
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC018
AI-Agent Secret Retrieval Command
[SEC018] AI-Agent Secret Retrieval Command (and 6 more): Same pattern found in 6 additional files. Review if needed.SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 3 more): Same pattern found in 3 additional files. Review if needed.SEC020
Secret Printed to Logs
packages/server/src/services/hermes/run-chat/compression.ts:108
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/83b6894f-d7a6-4199-baab-e18f21ac96e3/.