https://github.com/boku7/Loki.git ·
lang: javascript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 8 |
MINED044 Js Console Log Prod |
info | 4 |
SEC118 UUIDv1 / UUIDv3 used for security-sensitive identifier |
low | 1 |
SEC040 innerHTML XSS — template literal with server-supplied data |
high | 1 |
MINED075 C Malloc No Check |
info | 1 |
CORE_NO_CI No CI/CD configuration found |
medium | 1 |
SEC006 XSS Risk |
high | 1 |
SEC084 JS: require() with non-literal |
critical | 1 |
SEC084
JS: require() with non-literal
agent/renderer.js:48
· conf 1.00
[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules — equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0).SEC040
innerHTML XSS — template literal with server-supplied data
client/task-queue.js:168
· conf 1.00
[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundAIC003
Duplicated implementation block across source files
backdoor/QRLWallet/init.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
client/dashboard.js:9
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
client/dashboard.js:300
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
client/explorer.js:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
dev/COFFLoader/runBOF.js:3
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
dev/loader/node_loader.cpp:3
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
dev/scexec/node_scexec.cpp:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
dev/scexec/node_scexec.cpp:3
· conf 0.86
Duplicated implementation block across source filesSEC006
XSS Risk
client/task-queue.js:168
· conf 0.40
[SEC006] XSS Risk: Direct HTML injection without sanitization.MINED044
Js Console Log Prod
CWE-532
[MINED044] Js Console Log Prod (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED044
Js Console Log Prod
CWE-532
agent/renderer.js:158
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
backdoor/Cursor/init.js:17
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
backdoor/QRLWallet/init.js:17
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED075
C Malloc No Check
CWE-690
dev/COFFLoader/beacon_compatibility.c:162
· conf 1.00
[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.SEC118
UUIDv1 / UUIDv3 used for security-sensitive identifier
client/crypt.js:44
· conf 0.10
[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/bf7c966f-70bf-4cf3-a3c2-efbee0268295/.