← Legacy view v2 (rp.*)

rhyssullivan/executor

https://github.com/RhysSullivan/executor · lang: typescript · LOC: · source: corpus_mined

Quality
65.3
Grade B-
Security
58.9
Findings
11
3 critical · 1 high
Status
completed
May 15, 2026 00:07
info: 6 critical: 3 high: 1 medium: 1
Top rules by occurrence
RuleSeverityCount
SEC022 Database URL With Embedded Credential critical 4
SEC015 Insecure Randomness for Security medium 4
SEC001 Hardcoded Password critical 1
SEC020 Secret Printed to Logs high 1
SEC013 Path Traversal — User Input in File Path high 1
First 11 findings (severity-sorted)
critical SEC022 Database URL With Embedded Credential
apps/cloud/drizzle.config.ts:9 · conf 1.00 
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…
critical SEC022 Database URL With Embedded Credential
apps/cloud/src/test-worker.ts:74 · conf 1.00 
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…
critical SEC022 Database URL With Embedded Credential
apps/cloud/vitest.node.config.ts:23 · conf 1.00 
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…
high SEC013 Path Traversal — User Input in File Path
packages/react/src/api/oauth-popup.ts:73 · conf 0.80 
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
medium SEC001 Hardcoded Password
apps/desktop/scripts/smoke-sidecar.ts:33 · conf 0.30 
[SEC001] Hardcoded Password: Hardcoded password found in source code.
info SEC015 Insecure Randomness for Security
· conf 0.20 
[SEC015] Insecure Randomness for Security (and 3 more): Same pattern found in 3 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
apps/local/src/server/observability.ts:15 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
packages/core/storage-core/src/factory.ts:51 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
packages/react/src/api/atoms.tsx:238 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC020 Secret Printed to Logs
apps/cli/src/main.ts:536 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
info SEC022 Database URL With Embedded Credential
· conf 0.20 
[SEC022] Database URL With Embedded Credential (and 1 more): Same pattern found in 1 additional files. Review if needed.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/9e76e374-3f6a-40ae-8952-9a1b69f44931/.