https://github.com/monlip0119-eng/netflix-api.git ·
lang: go ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC045 eval()/exec() on stored or user-supplied data |
medium | 3 |
SEC085 JS: child_process.exec with non-literal |
high | 3 |
MINED134 [MINED134] Binary file `bin/ref/ScriptoriaCommonDefs.dll` c… |
high | 2 |
CORE_NO_README No README file found |
medium | 1 |
CORE_NO_CI No CI/CD configuration found |
medium | 1 |
AIC003 Duplicated implementation block across source files |
low | 1 |
CORE_NO_TESTS No test files found |
high | 1 |
CORE_NO_LICENSE No LICENSE file |
low | 1 |
CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of co… |
medium | 1 |
CORE_NO_TESTS
No test files found
No test files foundMINED134
[MINED134] Binary file `bin/ref/ScriptoriaCommonDefs.dll` committed in source repo: `bin/ref/ScriptoriaCommonDefs.dll` is a .dll binary (29,208 bytes) committed to a repo that otherwise has 1643 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
files (1).exe:1
· conf 0.90
[MINED134] Binary file `files (1).exe` committed in source repo: `files (1).exe` is a .exe binary (22,051,328 bytes) committed to a repo that otherwise has 11 source files. Trojan binaries inside oth…MINED134
[MINED134] Binary file `bin/ref/ScriptoriaCommonDefs.dll` committed in source repo: `bin/ref/ScriptoriaCommonDefs.dll` is a .dll binary (29,208 bytes) committed to a repo that otherwise has 1643 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
netflix_api.exe:1
· conf 0.90
[MINED134] Binary file `netflix_api.exe` committed in source repo: `netflix_api.exe` is a .exe binary (22,059,520 bytes) committed to a repo that otherwise has 11 source files. Trojan binaries inside…SEC085
JS: child_process.exec with non-literal
database/db.go:91
· conf 1.00
[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).SEC085
JS: child_process.exec with non-literal
models/model_tarjetas.go:110
· conf 1.00
[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).SEC085
JS: child_process.exec with non-literal
models/model_usuarios.go:90
· conf 1.00
[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).CFG006
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundCORE_NO_README
No README file found
No README file foundSEC045
eval()/exec() on stored or user-supplied data
database/db.go:91
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
models/model_tarjetas.go:110
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
models/model_usuarios.go:90
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …AIC003
Duplicated implementation block across source files
controllers/controller_usuarios.go:19
· conf 0.86
Duplicated implementation block across source filesCORE_NO_LICENSE
No LICENSE file
No LICENSE fileReading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/b4d59782-e956-4004-baaf-a466a5db11f0/.