← Legacy view v2 (rp.*)

tntcomp88-gif/bioskop-app

https://github.com/tntcomp88-gif/bioskop-app.git · lang: typescript · LOC: · source: user_submitted

Quality
48.5
Grade D+
Security
83.5
Findings
22
0 critical · 5 high
Status
completed
May 29, 2026 07:36
medium: 8 high: 5 low: 5 info: 4
Top rules by occurrence
RuleSeverityCount
JRN009 Secret-like setting is echoed into a password input value high 3
MINED044 Js Console Log Prod info 2
JRN002 Browser storage is used for session token material medium 2
WEB002 Public web app has no sitemap low 1
AUC001 [AUC001] No Repobility access matrix policy found: The repo… medium 1
MINED045 Ts Non Null Assertion info 1
SEC136 AI-typical over-broad exception handler swallowing all erro… medium 1
CORE_LARGE_FILES Average file size is 1080 lines (recommend <300) medium 1
CORE_NO_CI No CI/CD configuration found medium 1
CORE_NO_LICENSE No LICENSE file low 1
First 22 findings (severity-sorted)
high CORE_NO_TESTS No test files found 
No test files found
high JRN009 Secret-like setting is echoed into a password input value
src/components/LoginScreen.tsx:396 · conf 0.83 
Secret-like setting is echoed into a password input value
high JRN009 Secret-like setting is echoed into a password input value
src/components/LoginScreen.tsx:471 · conf 0.83 
Secret-like setting is echoed into a password input value
high JRN009 Secret-like setting is echoed into a password input value
src/components/LoginScreen.tsx:576 · conf 0.83 
Secret-like setting is echoed into a password input value
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
public/service-worker.js:31 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
medium AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
· conf 0.92 
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
medium CORE_LARGE_FILES Average file size is 1080 lines (recommend <300) 
Average file size is 561 lines (recommend <300)
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
medium JRN002 Browser storage is used for session token material
src/App.tsx:31 · conf 0.82 
Browser storage is used for session token material
medium JRN002 Browser storage is used for session token material
src/App.tsx:281 · conf 0.82 
Browser storage is used for session token material
medium SEC136 AI-typical over-broad exception handler swallowing all errors
src/data.ts:169 · conf 1.00 
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…
medium WEB003 Public web service has no security.txt
.well-known/security.txt · conf 0.78 
Public web service has no security.txt
medium WEB015 Public web app has no Content Security Policy
index.html · conf 0.70 
Public web app has no Content Security Policy
low AUC005 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
· conf 0.76 
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
low CORE_NO_LICENSE No LICENSE file 
No LICENSE file
low WEB001 Public web app has no robots.txt
robots.txt · conf 0.74 
Public web app has no robots.txt
low WEB002 Public web app has no sitemap
sitemap.xml · conf 0.72 
Public web app has no sitemap
low WEB011 Public web app has no humans.txt
humans.txt · conf 0.50 
Public web app has no humans.txt
info MINED044 Js Console Log Prod CWE-532
src/components/ReceiptModal.tsx:26 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
src/firebase.ts:57 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED045 Ts Non Null Assertion CWE-476
src/components/ReceiptModal.tsx:200 · conf 1.00 
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.
info MINED056 React Key As Index CWE-682
src/components/ReceiptModal.tsx:158 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/9297dd00-009b-4802-bbd6-5baa73e26910/.