Add attack surface audit artifacts
Some checks failed
CI / Validate (pull_request) Has been cancelled
Some checks failed
CI / Validate (pull_request) Has been cancelled
- Add advisory, entrypoint, and candidate scan outputs - Capture dependency intelligence and cross-service attack surface notes
This commit is contained in:
parent
a35a757622
commit
47a5adca90
26 changed files with 2807 additions and 0 deletions
289
piolium/attack-surface/candidates.jsonl
Normal file
289
piolium/attack-surface/candidates.jsonl
Normal file
|
|
@ -0,0 +1,289 @@
|
|||
{"slug":"secret-literal","description":"Hardcoded secret-like literal.","noise":"precise","filePath":"apps/web/app/api/admin/synthetic/routes.test.ts","line":28,"snippet":"token: \"secret-token\"","matchedPattern":"secret assignment","score":114,"source":"builtin"}
|
||||
{"slug":"secret-literal","description":"Hardcoded secret-like literal.","noise":"precise","filePath":"packages/config/tests/alpaca.test.ts","line":60,"snippet":"secret: \"short-secret\",","matchedPattern":"secret assignment","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":118,"snippet":"exec(params: { query: string }): Promise<void>;","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":189,"snippet":"async exec({ query }) {","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":243,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":247,"snippet":"await client.exec({ query });","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":254,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":262,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":270,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":278,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":286,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":294,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":302,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":310,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":318,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":324,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":328,"snippet":"await client.exec({ query });","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":333,"snippet":"await client.exec({","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"services/candles/src/index.ts","line":156,"snippet":"await multi.exec();","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"services/compute/src/index.ts","line":351,"snippet":"const match = SYNTHETIC_EVENT_CONDITION_RE.exec(condition);","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"services/compute/src/rolling-stats.ts","line":163,"snippet":"await multi.exec();","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"dynamic-code-execution","description":"Dynamic code execution, expression evaluation, or runtime compilation.","noise":"precise","filePath":"services/ingest-news/src/symbols.ts","line":27,"snippet":"while ((match = regex.exec(value)) !== null) {","matchedPattern":"python eval","score":90,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"apps/web/scripts/dev.ts","line":16,"snippet":"const child = Bun.spawn([\"next\", \"dev\", \"-p\", String(port)], {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":118,"snippet":"exec(params: { query: string }): Promise<void>;","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":189,"snippet":"async exec({ query }) {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":243,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":247,"snippet":"await client.exec({ query });","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":254,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":262,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":270,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":278,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":286,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":294,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":302,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":310,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":318,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":324,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":328,"snippet":"await client.exec({ query });","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"packages/storage/src/clickhouse.ts","line":333,"snippet":"await client.exec({","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/deploy.ts","line":180,"snippet":"const result = spawnSync(command, args, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/deploy.ts","line":196,"snippet":"const result = spawnSync(command, args, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/deploy.ts","line":216,"snippet":"const result = spawnSync(command, args, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/deploy.ts","line":238,"snippet":"const result = spawnSync(\"bash\", localArgs, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/deploy.ts","line":253,"snippet":"const result = spawnSync(\"ssh\", sshArgs, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/deploy.ts","line":402,"snippet":"return spawnSync(\"git\", [\"remote\", \"get-url\", name], {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/deploy.ts","line":581,"snippet":"const result = spawnSync(\"bun\", [\"run\", \"check:docker-workspace\"], {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/deploy.ts","line":670,"snippet":"const upstreamResult = spawnSync(","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/dev-desktop.ts","line":137,"snippet":"const proc = Bun.spawn(cmd, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/dev-services.ts","line":136,"snippet":"const proc = Bun.spawn(cmd, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"scripts/dev.ts","line":189,"snippet":"const proc = Bun.spawn(cmd, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"services/candles/src/index.ts","line":156,"snippet":"await multi.exec();","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"services/compute/src/index.ts","line":351,"snippet":"const match = SYNTHETIC_EVENT_CONDITION_RE.exec(condition);","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"services/compute/src/rolling-stats.ts","line":163,"snippet":"await multi.exec();","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"services/ingest-news/src/symbols.ts","line":27,"snippet":"while ((match = regex.exec(value)) !== null) {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"services/ingest-options/src/adapters/databento.ts","line":305,"snippet":"const child = Bun.spawn(buildArgs(trimmed), {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"command-execution","description":"Potential command execution or shell invocation with variable input.","noise":"precise","filePath":"services/ingest-options/src/adapters/ibkr.ts","line":92,"snippet":"const child = Bun.spawn(args, {","matchedPattern":"node child_process","score":80,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/api/admin/synthetic/shared.ts","line":51,"snippet":"const response = await fetch(url.toString(), {","matchedPattern":"fetch/http client","score":71,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/api/admin/synthetic/shared.ts","line":60,"snippet":"\"content-type\": response.headers.get(\"content-type\") ?? \"application/json\"","matchedPattern":"request header read","score":71,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/check-public-api-routes.ts","line":20,"snippet":"return (response.headers.get(\"content-type\") ?? \"\").toLowerCase().includes(\"application/json\");","matchedPattern":"request header read","score":71,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"scripts/check-public-api-routes.ts","line":25,"snippet":"const response = await fetch(url);","matchedPattern":"fetch/http client","score":71,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/check-public-api-routes.ts","line":34,"snippet":"throw new Error(`${url.pathname} returned non-JSON content (${response.headers.get(\"content-type\") ?? \"none\"}): ${sample}`);","matchedPattern":"request header read","score":71,"source":"builtin"}
|
||||
{"slug":"open-redirect","description":"Redirect sink that may accept user-controlled URLs.","noise":"normal","filePath":"apps/web/app/charts/page.tsx","line":6,"snippet":"redirect(\"/\");","matchedPattern":"redirect call","score":65,"source":"builtin"}
|
||||
{"slug":"open-redirect","description":"Redirect sink that may accept user-controlled URLs.","noise":"normal","filePath":"apps/web/app/replay/page.tsx","line":6,"snippet":"redirect(\"/\");","matchedPattern":"redirect call","score":65,"source":"builtin"}
|
||||
{"slug":"open-redirect","description":"Redirect sink that may accept user-controlled URLs.","noise":"normal","filePath":"apps/web/app/signals/page.tsx","line":6,"snippet":"redirect(\"/\");","matchedPattern":"redirect call","score":65,"source":"builtin"}
|
||||
{"slug":"open-redirect","description":"Redirect sink that may accept user-controlled URLs.","noise":"normal","filePath":"apps/web/app/tape/page.tsx","line":6,"snippet":"redirect(\"/options\");","matchedPattern":"redirect call","score":65,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/api/src/index.ts","line":328,"snippet":"const authorization = req.headers.get(\"authorization\") ?? \"\";","matchedPattern":"request header read","score":63,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/api/src/index.ts","line":332,"snippet":"return req.headers.get(\"x-synthetic-admin-token\")?.trim() ?? \"\";","matchedPattern":"request header read","score":63,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/api/src/index.ts","line":2052,"snippet":"logger.info(\"api listening\", { host: env.API_HOST, port: server.port });","matchedPattern":"proxy or original request header","score":63,"source":"builtin"}
|
||||
{"slug":"unsafe-html-or-template","description":"HTML injection sink or template escape bypass.","noise":"normal","filePath":"services/api/src/live.ts","line":142,"snippet":"console.warn(`Invalid ${key}=\"${raw}\", using ${fallback}`);","matchedPattern":"template unescaped","score":63,"source":"builtin"}
|
||||
{"slug":"unsafe-html-or-template","description":"HTML injection sink or template escape bypass.","noise":"normal","filePath":"services/api/src/live.ts","line":161,"snippet":"console.warn(`Invalid LIVE_LIMIT_DEFAULT=\"${raw}\", using ${fallback}`);","matchedPattern":"template unescaped","score":63,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.test.ts","line":11,"snippet":"it(\"allows the hosted production origin on /options\", () => {","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.test.ts","line":15,"snippet":"it(\"keeps /tape trusted as a compatibility path on the same origin\", () => {","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.ts","line":5,"snippet":"new URL(DESKTOP_PRODUCTION_URL).origin,","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.ts","line":6,"snippet":"new URL(DESKTOP_LOCAL_DEV_URL).origin,","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.ts","line":26,"snippet":"return TRUSTED_ORIGINS.has(url.origin);","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.ts","line":35,"snippet":"return !TRUSTED_ORIGINS.has(url.origin);","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/frontend-cooker/page.tsx","line":43,"snippet":"<section className={styles.tableWrap}><table><thead><tr>{[\"Ticker\", \"Contract\", \"Expiry\", \"Notional\", \"Side\", \"Delta\", \"Condition\"].map(h => <th key={h}>{h}</th>)}</tr></thead><tbody>{flowRows.map((r) => <tr key={r.join(","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":516,"snippet":"const contentType = response.headers.get(\"content-type\")?.toLowerCase() ?? \"\";","matchedPattern":"request header read","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1024,"snippet":"const host = isLocal ? `${hostname}:4000` : window.location.host;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1024,"snippet":"const host = isLocal ? `${hostname}:4000` : window.location.host;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1026,"snippet":"return `${wsProtocol}://${host}${path}`;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1045,"snippet":"const host = isLocal ? `${hostname}:4000` : window.location.host;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1045,"snippet":"const host = isLocal ? `${hostname}:4000` : window.location.host;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1047,"snippet":"return `${httpProtocol}://${host}${path}`;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1301,"snippet":".join(\" \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1424,"snippet":"const remainder = parts.slice(2).join(\" -> \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":2300,"snippet":"const response = await fetch(url.toString());","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":2450,"snippet":"const response = await fetch(url.toString());","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":3018,"snippet":"params.set(\"side\", filters.nbboSides.join(\",\"));","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":3021,"snippet":"params.set(\"type\", filters.optionTypes.join(\",\"));","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":3033,"snippet":"params.set(\"underlying_ids\", optionScope.underlying_ids.join(\",\"));","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":3123,"snippet":"params.set(\"underlying_ids\", subscription.underlying_ids.join(\",\"));","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":3755,"snippet":"const response = await fetch(url.toString());","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":4381,"snippet":"const response = await fetch(url.toString());","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":4455,"snippet":"const response = await fetch(url.toString(), { signal: abort.signal });","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":4959,"snippet":"<p className=\"drawer-empty\">Missing refs: {missingRefs.slice(0, 4).join(\", \")}</p>","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"unsafe-html-or-template","description":"HTML injection sink or template escape bypass.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":5009,"snippet":"<div className=\"drawer-note news-drawer-body\" dangerouslySetInnerHTML={{ __html: body.html }} />","matchedPattern":"dangerous html","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":5191,"snippet":"<p className=\"drawer-empty\">Suppressed: {event.suppressed_reasons.join(\", \")}</p>","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":5934,"snippet":"void fetch(buildApiUrl(buildAlertContextPath(selectedAlert.trace_id)), { signal: abort.signal })","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":6000,"snippet":"void fetch(url.toString())","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":6222,"snippet":"void fetch(buildApiUrl(\"/lookup/options-support\"), {","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":6234,"snippet":"const contentType = response.headers.get(\"content-type\")?.toLowerCase() ?? \"\";","matchedPattern":"request header read","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":6318,"snippet":"void fetch(buildApiUrl(`/flow/packets/${encodeURIComponent(selectedClassifierPacketId)}`))","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":6398,"snippet":"const response = await fetch(buildApiUrl(`/flow/packets/${encodeURIComponent(packetId)}`));","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":6432,"snippet":"void fetch(url.toString())","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":6747,"snippet":"const response = await fetch(buildApiUrl(`/flow/packets/${encodeURIComponent(packetId)}`));","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":6785,"snippet":"void fetch(url.toString())","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":7440,"snippet":"const classes = [\"terminal-pane\", className].filter(Boolean).join(\" \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":7457,"snippet":"const focus = state.activeTickers.length > 0 ? state.activeTickers.join(\", \") : \"ALL\";","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":7902,"snippet":"].filter(Boolean).join(\" | \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":8522,"snippet":"const response = await fetch(SYNTHETIC_ADMIN_PROXY_PATHS.status, {","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":8579,"snippet":"void fetch(SYNTHETIC_ADMIN_PROXY_PATHS.control, {","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":8799,"snippet":"? derived.focus_symbols.join(\", \")","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/bus/src/jetstream.ts","line":382,"snippet":"return value.join(\",\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/bus/src/jetstream.ts","line":391,"snippet":".join(\"; \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/bus/src/jetstream.ts","line":434,"snippet":"const fields = report.retentionDrift.map((delta) => delta.field).join(\",\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/bus/src/jetstream.ts","line":458,"snippet":".join(\" \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/bus/src/jetstream.ts","line":464,"snippet":".join(\" \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/config/src/env.ts","line":16,"snippet":"const path = issue.path.length > 0 ? issue.path.join(\".\") : \"<root>\";","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/config/src/env.ts","line":19,"snippet":".join(\"; \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":120,"snippet":"query(params: { query: string; format: ClickHouseQueryFormat }): Promise<ClickHouseQueryResult>;","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":158,"snippet":"const response = await fetch(url, {","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":194,"snippet":"const rows = values.map((value) => JSON.stringify(value)).join(\"\\n\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":199,"snippet":"async query({ query, format }) {","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":214,"snippet":"const response = await fetch(url, {","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":683,"snippet":"return values.map((value) => quoteString(value)).join(\", \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1084,"snippet":"const whereClause = conditions.length > 0 ? ` WHERE ${conditions.join(\" AND \")}` : \"\";","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1085,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1102,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1118,"snippet":"const whereClause = conditions.length > 0 ? ` WHERE ${conditions.join(\" AND \")}` : \"\";","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1119,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1133,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1151,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1165,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1183,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1201,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1219,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1237,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1254,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1299,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1347,"snippet":"const alertResult = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1373,"snippet":".query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1384,"snippet":": Promise.resolve([]),","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1387,"snippet":": Promise.resolve([])","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1422,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1423,"snippet":"query: `SELECT * FROM ${OPTION_PRINTS_TABLE} WHERE ${conditions.join(\" AND \")} ORDER BY ts ASC, seq ASC LIMIT ${safeLimit}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1444,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1469,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1470,"snippet":"query: `SELECT * FROM ${EQUITY_PRINTS_TABLE} WHERE ${conditions.join(\" AND \")} ORDER BY ts ASC, seq ASC LIMIT ${safeLimit}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1492,"snippet":"const result = await client.query({","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1740,"snippet":"query: `SELECT * FROM ${OPTION_PRINTS_TABLE} WHERE ${conditions.join(\" AND \")} ORDER BY ts DESC, seq DESC LIMIT ${safeLimit}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1763,"snippet":"query: `SELECT * FROM ${OPTION_NBBO_TABLE} WHERE ${conditions.join(\" AND \")} ORDER BY ts DESC, seq DESC LIMIT ${safeLimit}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1784,"snippet":"query: `SELECT * FROM ${EQUITY_PRINTS_TABLE} WHERE ${conditions.join(\" AND \")} ORDER BY ts DESC, seq DESC LIMIT ${safeLimit}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":1987,"snippet":"query: `SELECT * FROM ${FLOW_PACKETS_TABLE} WHERE ${memberPredicates.join(\" OR \")} ORDER BY source_ts DESC, seq DESC LIMIT ${clampLookupLimit(ids.length * 4)}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":2009,"snippet":"query: `SELECT * FROM ${SMART_MONEY_EVENTS_TABLE} WHERE ${packetPredicates.join(\" OR \")} ORDER BY source_ts DESC, seq DESC LIMIT ${clampLookupLimit(ids.length * 4)}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":2031,"snippet":"query: `SELECT * FROM ${CLASSIFIER_HITS_TABLE} WHERE ${tracePredicates.join(\" OR \")} ORDER BY source_ts DESC, seq DESC LIMIT ${clampLookupLimit(ids.length * 4)}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/storage/src/clickhouse.ts","line":2128,"snippet":"query: `SELECT * FROM ${EQUITY_PRINT_JOINS_TABLE} WHERE ${whereParts.join(\" OR \")} ORDER BY source_ts DESC, seq DESC LIMIT ${lookupLimit}`,","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/types/src/live.ts","line":228,"snippet":"? `|underlyings:${[...subscription.underlying_ids].sort().join(\",\")}`","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/types/src/live.ts","line":239,"snippet":"? `|underlyings:${[...subscription.underlying_ids].sort().join(\",\")}`","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/types/src/options-flow.ts","line":88,"snippet":"const expiry = expiryParts.join(\"-\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"packages/types/src/options-flow.ts","line":89,"snippet":"const root = parts.slice(0, -5).join(\"-\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":25,"snippet":"const repoRoot = path.resolve(import.meta.dir, \"..\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":26,"snippet":"const deploymentRoot = path.join(repoRoot, \"deployment/docker/workspace-root\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":28,"snippet":"const rootPackagePath = path.join(repoRoot, \"package.json\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":29,"snippet":"const deploymentPackagePath = path.join(deploymentRoot, \"package.json\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":30,"snippet":"const rootTsconfigPath = path.join(repoRoot, \"tsconfig.base.json\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":31,"snippet":"const deploymentTsconfigPath = path.join(deploymentRoot, \"tsconfig.base.json\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":32,"snippet":"const rootLockPath = path.join(repoRoot, \"bun.lock\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":33,"snippet":"const deploymentLockPath = path.join(deploymentRoot, \"bun.lock\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":36,"snippet":"return readFile(filePath, \"utf8\");","matchedPattern":"file read/write","score":55,"source":"builtin"}
|
||||
{"slug":"unsafe-html-or-template","description":"HTML injection sink or template escape bypass.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":42,"snippet":"const parsed = Function(`\"use strict\"; return (${raw});`)() as T;","matchedPattern":"template unescaped","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/check-docker-workspace.ts","line":159,"snippet":"const packageJsonPath = path.join(repoRoot, workspacePath, \"package.json\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":31,"snippet":"path.join(process.env.HOME ?? \"\", \".ssh\", \"delta_ed25519\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":89,"snippet":"const repoRoot = path.resolve(path.dirname(scriptPath), \"..\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/deploy.ts","line":104,"snippet":"native Experimental host-native Bun services managed by systemd.","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/deploy.ts","line":125,"snippet":"DEPLOY_PUBLIC_API_HEALTH_URL Optional separate public API health URL for two-origin deployments.","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":171,"snippet":".join(\" \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/deploy.ts","line":438,"snippet":"candidates.push(\"forgejo\", \"origin\", \"github\", ...localGitRemotes());","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":448,"snippet":"`Unable to resolve a deploy git remote. Checked candidates: ${deduped.join(\", \")}`","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":691,"snippet":".join(\"|\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":751,"snippet":"const units = nativeUnitsForScope(scope).map((value) => shellEscape(value)).join(\" \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":824,"snippet":": `docker compose build ${buildServices.join(\" \")}`;","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":825,"snippet":"const upCommand = `docker compose ${[...upArgs, ...rolloutServices].join(\" \")}`;","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":847,"snippet":"const units = nativeUnitsForScope(scope).map((value) => shellEscape(value)).join(\" \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":857,"snippet":"buildSteps.push(`${NATIVE_SYSTEMCTL_PREFIX} restart ${nativeUnitsForScope(scope).map((value) => shellEscape(value)).join(\" \")}`);","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":871,"snippet":"${buildSteps.join(\"\\n\")}","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":903,"snippet":"? `docker compose ps ${psServices.join(\" \")}`","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":907,"snippet":": `docker compose logs --tail=100 ${logServices.join(\" \")}`;","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"scripts/deploy.ts","line":912,"snippet":"`docker compose exec -T api bun -e 'const r = await fetch(\"http://127.0.0.1:4000/health\"); if (!r.ok) throw new Error(\"api healthcheck failed: \" + r.status); console.log(await r.text())'`","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"scripts/deploy.ts","line":918,"snippet":"`docker compose exec -T web bun -e 'const r = await fetch(\"http://127.0.0.1:3000/\"); if (!r.ok) throw new Error(\"web healthcheck failed: \" + r.status); console.log(r.status)'`","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":930,"snippet":"${checks.join(\"\\n\")}","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":936,"snippet":"const units = nativeUnitsForScope(scope).map((value) => shellEscape(value)).join(\" \");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/deploy.ts","line":967,"snippet":"${checks.join(\"\\n\")}","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-desktop.ts","line":25,"snippet":"const stateDir = path.join(process.cwd(), \".tmp\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-desktop.ts","line":26,"snippet":"const pidFile = path.join(stateDir, \"dev-desktop-runner-pids.json\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-desktop.ts","line":102,"snippet":"await writeFile(pidFile, JSON.stringify(payload, null, 2));","matchedPattern":"file read/write","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-desktop.ts","line":111,"snippet":"const raw = await readFile(pidFile, \"utf8\");","matchedPattern":"file read/write","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-desktop.ts","line":122,"snippet":".join(\", \")}`","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev-desktop.ts","line":220,"snippet":"const checkTcp = (host: string, port: number, timeoutMs = 1000): Promise<boolean> => {","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev-desktop.ts","line":222,"snippet":"const socket = net.connect({ host, port });","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-desktop.ts","line":226,"snippet":"resolve(ok);","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-services.ts","line":19,"snippet":"const stateDir = path.join(process.cwd(), \".tmp\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-services.ts","line":20,"snippet":"const pidFile = path.join(stateDir, \"dev-services-runner-pids.json\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-services.ts","line":101,"snippet":"await writeFile(pidFile, JSON.stringify(payload, null, 2));","matchedPattern":"file read/write","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-services.ts","line":110,"snippet":"const raw = await readFile(pidFile, \"utf8\");","matchedPattern":"file read/write","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev-services.ts","line":121,"snippet":".join(\", \")}`","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev.ts","line":20,"snippet":"const stateDir = path.join(process.cwd(), \".tmp\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev.ts","line":21,"snippet":"const pidFile = path.join(stateDir, \"dev-runner-pids.json\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev.ts","line":102,"snippet":"await writeFile(pidFile, JSON.stringify(payload, null, 2));","matchedPattern":"file read/write","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev.ts","line":111,"snippet":"const raw = await readFile(pidFile, \"utf8\");","matchedPattern":"file read/write","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev.ts","line":122,"snippet":".join(\", \")}`","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev.ts","line":148,"snippet":"): { host: string; port: number } => {","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev.ts","line":151,"snippet":"return { host: fallbackHost, port: fallbackPort };","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev.ts","line":157,"snippet":"return { host: url.hostname || fallbackHost, port };","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev.ts","line":159,"snippet":"return { host: fallbackHost, port: fallbackPort };","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev.ts","line":163,"snippet":"const checkTcp = (host: string, port: number, timeoutMs = 1000): Promise<boolean> => {","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev.ts","line":165,"snippet":"const socket = net.connect({ host, port });","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/dev.ts","line":169,"snippet":"resolve(ok);","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"scripts/dev.ts","line":181,"snippet":"const response = await fetch(url);","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev.ts","line":296,"snippet":"checkTcp(natsTarget.host, natsTarget.port),","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"scripts/dev.ts","line":297,"snippet":"checkTcp(redisTarget.host, redisTarget.port),","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/sync-docker-workspace.ts","line":4,"snippet":"const repoRoot = path.resolve(import.meta.dir, \"..\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/sync-docker-workspace.ts","line":5,"snippet":"const deploymentRoot = path.join(repoRoot, \"deployment/docker/workspace-root\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/sync-docker-workspace.ts","line":14,"snippet":"const source = path.join(repoRoot, fileName);","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"scripts/sync-docker-workspace.ts","line":15,"snippet":"const destination = path.join(deploymentRoot, fileName);","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/src/contracts.ts","line":22,"snippet":"const expiry = expiryParts.join(\"-\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/src/contracts.ts","line":23,"snippet":"const root = parts.slice(0, -5).join(\"-\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/src/index.ts","line":904,"snippet":"features.conditions = Array.from(cluster.conditions).sort().join(\",\");","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/src/structure-packets.ts","line":221,"snippet":"const id = `flowpacket:${pseudoContractId}:${bucketStartTs}:${contractIds.join(\"|\")}`;","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/src/structure-packets.ts","line":222,"snippet":"const dedupeKey = `${pseudoContractId}:${bucketStartTs}:${contractIds.join(\"|\")}`;","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/src/structure-packets.ts","line":298,"snippet":"structure_contract_ids: summary.contractIds.join(\",\"),","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/src/structure-packets.ts","line":300,"snippet":"structure_expiries: plan.expiries.join(\",\"),","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/src/structure-packets.ts","line":301,"snippet":"structure_strikes_list: plan.strikes.join(\",\")","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/compute/tests/classifiers.test.ts","line":10,"snippet":"expect(hit.explanations.join(\" \")).toMatch(/Likely|Consistent with|Unusual/i);","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/ingest-equities/src/adapters/alpaca.ts","line":151,"snippet":"return `${parsed.origin}/v2/${feed}`;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"services/ingest-equities/src/adapters/alpaca.ts","line":158,"snippet":"const response = await fetch(url.toString(), {","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"services/ingest-news/src/index.ts","line":109,"snippet":"const response = await fetch(url.toString(), {","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/ingest-options/py/databento_replay.py","line":106,"snippet":"response = self._client.symbology.resolve(","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/ingest-options/py/databento_replay.py","line":119,"snippet":"return self._map.resolve(instrument_id, date)","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/ingest-options/py/ibkr_stream.py","line":13,"snippet":"parser.add_argument(\"--host\", required=True)","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/ingest-options/py/ibkr_stream.py","line":39,"snippet":"ib.connect(args.host, args.port, clientId=args.client_id)","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"ssrf-capable-request","description":"Outbound HTTP request site that may be attacker-controlled.","noise":"normal","filePath":"services/ingest-options/src/adapters/alpaca.ts","line":159,"snippet":"const response = await fetch(url.toString(), {","matchedPattern":"fetch/http client","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/ingest-options/src/adapters/ibkr.ts","line":4,"snippet":"host: string;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/ingest-options/src/adapters/ibkr.ts","line":72,"snippet":"\"--host\",","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/ingest-options/src/adapters/ibkr.ts","line":73,"snippet":"config.host,","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"services/ingest-options/src/index.ts","line":337,"snippet":"host: env.IBKR_HOST,","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/refdata/tests/event-calendar.test.ts","line":42,"snippet":"].join(\"\\n\"),","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"services/replay/src/index.ts","line":173,"snippet":"throw new Error(`Unknown replay stream(s): ${invalid.join(\", \")}`);","matchedPattern":"path join","score":55,"source":"builtin"}
|
||||
{"slug":"raw-sql-query","description":"Raw SQL construction or query execution that may need parameterization review.","noise":"normal","filePath":"services/replay/src/index.ts","line":306,"snippet":"await clickhouse.query({ query: \"SELECT 1\", format: \"JSONEachRow\" });","matchedPattern":"query call","score":55,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"apps/web/app/api/admin/synthetic/routes.test.ts","line":35,"snippet":"expect(new Headers(init?.headers).get(\"authorization\")).toBe(\"Bearer secret-token\");","matchedPattern":"http route","score":54,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"apps/web/app/api/admin/synthetic/shared.ts","line":60,"snippet":"\"content-type\": response.headers.get(\"content-type\") ?? \"application/json\"","matchedPattern":"http route","score":46,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"scripts/check-public-api-routes.ts","line":20,"snippet":"return (response.headers.get(\"content-type\") ?? \"\").toLowerCase().includes(\"application/json\");","matchedPattern":"http route","score":46,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"scripts/check-public-api-routes.ts","line":34,"snippet":"throw new Error(`${url.pathname} returned non-JSON content (${response.headers.get(\"content-type\") ?? \"none\"}): ${sample}`);","matchedPattern":"http route","score":46,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":328,"snippet":"const authorization = req.headers.get(\"authorization\") ?? \"\";","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":332,"snippet":"return req.headers.get(\"x-synthetic-admin-token\")?.trim() ?? \"\";","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":380,"snippet":"after_ts: url.searchParams.get(\"after_ts\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":381,"snippet":"after_seq: url.searchParams.get(\"after_seq\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":382,"snippet":"limit: url.searchParams.get(\"limit\") ?? undefined","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":394,"snippet":"before_ts: url.searchParams.get(\"before_ts\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":395,"snippet":"before_seq: url.searchParams.get(\"before_seq\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":396,"snippet":"limit: url.searchParams.get(\"limit\") ?? undefined","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":407,"snippet":"const raw = url.searchParams.get(\"source\");","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":432,"snippet":"underlying_id: url.searchParams.get(\"underlying_id\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":433,"snippet":"start_ts: url.searchParams.get(\"start_ts\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":434,"snippet":"end_ts: url.searchParams.get(\"end_ts\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":435,"snippet":"limit: url.searchParams.get(\"limit\") ?? undefined","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":457,"snippet":"underlying_id: url.searchParams.get(\"underlying_id\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":458,"snippet":"interval_ms: url.searchParams.get(\"interval_ms\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":459,"snippet":"start_ts: url.searchParams.get(\"start_ts\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":460,"snippet":"end_ts: url.searchParams.get(\"end_ts\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":461,"snippet":"limit: url.searchParams.get(\"limit\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":462,"snippet":"cache: url.searchParams.get(\"cache\") ?? undefined","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/index.ts","line":486,"snippet":"underlying_id: url.searchParams.get(\"underlying_id\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/live.ts","line":811,"snippet":"const cached = (this.genericItems.get(\"options\") ?? [])","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/live.ts","line":830,"snippet":"const items = (this.genericItems.get(\"options\") ?? [])","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/live.ts","line":844,"snippet":"const items = (this.genericItems.get(\"flow\") ?? [])","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/live.ts","line":858,"snippet":"const cached = (this.genericItems.get(\"equities\") ?? [])","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/live.ts","line":876,"snippet":"const items = (this.genericItems.get(\"equities\") ?? []).slice(0, limit);","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/option-queries.ts","line":63,"snippet":"view: url.searchParams.get(\"view\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/option-queries.ts","line":64,"snippet":"security: url.searchParams.get(\"security\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/option-queries.ts","line":65,"snippet":"side: url.searchParams.get(\"side\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/option-queries.ts","line":66,"snippet":"type: url.searchParams.get(\"type\") ?? undefined,","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/option-queries.ts","line":67,"snippet":"min_notional: url.searchParams.get(\"min_notional\") ?? undefined","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"services/api/src/option-queries.ts","line":71,"snippet":"optionContractId: url.searchParams.get(\"option_contract_id\") ?? undefined","matchedPattern":"http route","score":38,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"apps/web/app/terminal.test.ts","line":136,"snippet":"expect(evidence.packets.get(\"flowpacket:1\")).toBe(packet);","matchedPattern":"http route","score":30,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"apps/web/app/terminal.test.ts","line":137,"snippet":"expect(evidence.prints.get(\"print:1\")?.execution_nbbo_bid).toBe(1.2);","matchedPattern":"http route","score":30,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"apps/web/app/terminal.test.ts","line":138,"snippet":"expect(evidence.prints.get(\"print:1\")?.execution_underlying_spot).toBe(450.05);","matchedPattern":"http route","score":30,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"apps/web/app/terminal.tsx","line":516,"snippet":"const contentType = response.headers.get(\"content-type\")?.toLowerCase() ?? \"\";","matchedPattern":"http route","score":30,"source":"builtin"}
|
||||
{"slug":"public-entrypoint","description":"Public route, handler, controller, workflow, or operation entry point.","noise":"noisy","filePath":"apps/web/app/terminal.tsx","line":6234,"snippet":"const contentType = response.headers.get(\"content-type\")?.toLowerCase() ?? \"\";","matchedPattern":"http route","score":30,"source":"builtin"}
|
||||
Loading…
Add table
Add a link
Reference in a new issue