https://github.com/elastic/kibana.git ·
lang: typescript ·
LOC: ·
source: both
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 25 |
JRN003 Frontend API reference is not matched by discovered backend… |
medium | 4 |
SEC085 JS: child_process.exec with non-literal |
high | 3 |
SEC045 eval()/exec() on stored or user-supplied data |
medium | 3 |
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… |
high | 3 |
SEC040 innerHTML XSS — template literal with server-supplied data |
high | 3 |
SEC083 JS: new RegExp() with non-literal |
high | 2 |
AUC001 [AUC001] No Repobility access matrix policy found: The repo… |
medium | 1 |
AIC001 Parallel implementation file sits beside a canonical file |
medium | 1 |
AGT015 Remote install command pipes network code directly to a she… |
medium | 1 |
SEC084
JS: require() with non-literal
.buildkite/pipeline-utils/ci-stats/get_tests_from_config.ts:22
· conf 1.00
[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules — equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0).SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
.buildkite/pipeline-utils/buildkite/client.ts:213
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
.buildkite/pipeline-utils/buildkite/parse_link_header.ts:27
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
.buildkite/scripts/pipelines/chromium_linux_build/issue_feedback/entry.js:205
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC040
innerHTML XSS — template literal with server-supplied data
.buildkite/pipeline-utils/ci-stats/pick_test_group_run_order/jest_configs.ts:93
· conf 1.00
[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…SEC040
innerHTML XSS — template literal with server-supplied data
.buildkite/pipeline-utils/ci-stats/pick_test_group_run_order/run_groups.ts:67
· conf 1.00
[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…SEC040
innerHTML XSS — template literal with server-supplied data
.buildkite/scripts/serverless/create_deploy_tag/info_sections/useful_links.ts:49
· conf 1.00
[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…SEC083
JS: new RegExp() with non-literal
.buildkite/scripts/pipelines/pull_request/pipeline.ts:45
· conf 1.00
[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).SEC083
JS: new RegExp() with non-literal
.github/scripts/generate_serverless_changelog.js:69
· conf 1.00
[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).SEC085
JS: child_process.exec with non-literal
.buildkite/pipeline-utils/affected-packages/strategy_moon.ts:22
· conf 1.00
[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).SEC085
JS: child_process.exec with non-literal
.buildkite/pipeline-utils/test-failures/annotate.ts:140
· conf 1.00
[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).SEC085
JS: child_process.exec with non-literal
.buildkite/scripts/lifecycle/aggregate_ftr_timing.ts:26
· conf 1.00
[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).SEC114
path.join / Path() on user-controlled segment without containment check
.agents/skills/debug-oas/scripts/extract_structural_oas_issues.js:112
· conf 1.00
[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../e…AGT015
Remote install command pipes network code directly to a shell
packages/kbn-api-contracts/README.md:171
· conf 0.70
Remote install command pipes network code directly to a shellAIC001
Parallel implementation file sits beside a canonical file
x-pack/platform/plugins/shared/licensing/common/license_update.ts:1
· conf 0.82
Parallel implementation file sits beside a canonical fileAUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC002
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
.buildkite/scripts/serverless/create_deploy_tag/info_sections/commit_info.ts:33
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…CFG006
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.JRN003
Frontend API reference is not matched by discovered backend routes
.buildkite/scripts/steps/cloud/purge_projects.ts:22
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
.buildkite/scripts/steps/cloud/purge_projects.ts:23
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
.buildkite/scripts/steps/cloud/purge_projects.ts:24
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
.buildkite/scripts/steps/cloud/purge_projects.ts:61
· conf 0.74
Frontend API reference is not matched by discovered backend routesSEC041
Tabnabbing — target="_blank" without rel="noopener noreferrer"
examples/developer_examples/public/app.tsx:96
· conf 1.00
[SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blank"> without rel="noopener noreferrer" leaks window.opener to the opened page. The opened page can then run win…SEC045
eval()/exec() on stored or user-supplied data
.buildkite/pipeline-utils/buildkite/client.ts:427
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
.buildkite/pipeline-utils/test-failures/annotate.ts:154
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
.buildkite/scripts/lifecycle/aggregate_ftr_timing.ts:88
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtWEB015
Public web app has no Content Security Policy
index.html
· conf 0.70
Public web app has no Content Security PolicyAIC003
Duplicated implementation block across source files
src/platform/packages/shared/kbn-securitysolution-ecs/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/platform/plugins/private/painless_lab/server/services/license.ts:29
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/platform/plugins/private/rollup/server/services/license.ts:3
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/platform/plugins/private/rollup/server/services/license.ts:28
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/platform/plugins/private/snapshot_restore/server/services/license.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/platform/plugins/private/snapshot_restore/server/services/license.ts:29
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/platform/plugins/shared/alerting/server/lib/license_state.ts:67
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/platform/plugins/shared/maintenance_windows/server/lib/license_state.ts:18
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/platform/plugins/shared/maintenance_windows/server/lib/license_state.ts:48
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/packages/connectors/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/packages/ecs-data-quality-dashboard/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/packages/features/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/packages/navigation/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/packages/side-nav/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/packages/upselling/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/ecs_data_quality_dashboard/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/elastic_assistant/public/src/hooks/licence/license_service.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/security_solution/common/license/license.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/security_solution/common/license/license.ts:14
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/security_solution/public/cases/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/security_solution/public/dashboards/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/security_solution/public/explore/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/security_solution/public/onboarding/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/security_solution/public/overview/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
x-pack/solutions/security/plugins/security_solution/public/reports/.eslintrc.js:1
· conf 0.86
Duplicated implementation block across source filesWEB001
Public web app has no robots.txt
robots.txt
· conf 0.74
Public web app has no robots.txtWEB002
Public web app has no sitemap
sitemap.xml
· conf 0.72
Public web app has no sitemapWEB008
Public docs site has no llms.txt
llms.txt
· conf 0.64
Public docs site has no llms.txtWEB011
Public web app has no humans.txt
humans.txt
· conf 0.50
Public web app has no humans.txtReading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/c252ab1b-64c3-4343-8bef-2935415e0368/.