https://github.com/Cee-oj/project.git ·
lang: javascript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC135 Auth/permission check missing on AI-generated endpoint |
high | 1 |
CORE_NO_LICENSE No LICENSE file |
low | 1 |
AUC005 [AUC005] No authorization-focused tests detected: No test f… |
low | 1 |
AUC001 [AUC001] No Repobility access matrix policy found: The repo… |
medium | 1 |
CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of co… |
medium | 1 |
CORE_NO_README No README file found |
medium | 1 |
CORE_NO_CI No CI/CD configuration found |
medium | 1 |
MINED044 Js Console Log Prod |
info | 1 |
AUC002 [AUC002] Low visible authorization coverage in route invent… |
medium | 1 |
WEB003 Public web service has no security.txt |
medium | 1 |
AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
app.js:18
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…CORE_NO_TESTS
No test files found
No test files foundMINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
app.js:40
· conf 0.80
[MINED113] Express POST /api/v1/products has no auth: Express route POST /api/v1/products declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unau…SEC135
Auth/permission check missing on AI-generated endpoint
app.js:40
· conf 1.00
[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we…AUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC002
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.CFG006
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundCORE_NO_README
No README file found
No README file foundSEC034
Log Injection / Log Forging — unsanitized user input in log
app.js:19
· conf 1.00
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtAUC005
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.CORE_NO_LICENSE
No LICENSE file
No LICENSE fileMINED044
Js Console Log Prod
CWE-532
app.js:15
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/ad1aaf2d-279b-4d6b-a8f8-016646ff87b3/.