feat: initial project structure (Model Project) - Backend + Multi-Frontend + Docker
This commit is contained in:
@@ -0,0 +1,588 @@
|
||||
# Security Audit Report
|
||||
|
||||
- Framework detected: react-spa
|
||||
- Total findings: 70
|
||||
- Critical: 0, High: 68, Medium: 2, Low: 0
|
||||
|
||||
## Executive summary
|
||||
This report is evidence-oriented. Findings marked probable or manual-review should be validated in source context before remediation planning is finalized.
|
||||
|
||||
## Critical
|
||||
|
||||
_No findings._
|
||||
|
||||
## High
|
||||
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/App.tsx (Line: 413)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/AdminUsers.tsx (Line: 28)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/AdminUsers.tsx (Line: 40)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/AdminUsers.tsx (Line: 58)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/AdminUsers.tsx (Line: 91)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/AdminUsers.tsx (Line: 103)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Claims.tsx (Line: 127)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Claims.tsx (Line: 139)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Claims.tsx (Line: 183)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Login.tsx (Line: 19)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Orders.tsx (Line: 36)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Orders.tsx (Line: 52)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Orders.tsx (Line: 68)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Plugins.tsx (Line: 30)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Plugins.tsx (Line: 42)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Plugins.tsx (Line: 49)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Plugins.tsx (Line: 124)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Promotions.tsx (Line: 24)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Promotions.tsx (Line: 32)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Promotions.tsx (Line: 69)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Promotions.tsx (Line: 82)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Promotions.tsx (Line: 97)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Raffles.tsx (Line: 26)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Raffles.tsx (Line: 34)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Raffles.tsx (Line: 84)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Raffles.tsx (Line: 102)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Raffles.tsx (Line: 112)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/pages/Settings.tsx (Line: 56)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Users.tsx (Line: 22)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Users.tsx (Line: 30)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Users.tsx (Line: 85)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/Users.tsx (Line: 95)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppInbox.tsx (Line: 665)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppInbox.tsx (Line: 675)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppInbox.tsx (Line: 934)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 56)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 58)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 62)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 143)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 146)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 151)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 161)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 193)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 196)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 203)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/pages/WhatsAppLogs.tsx (Line: 242)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/pages/WhatsAppWebhooks.tsx (Line: 135)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/services/api.ts (Line: 3)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 19)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 23)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 32)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 39)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 45)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 54)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 59)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 68)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 73)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 79)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 81)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 86)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 90)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 100)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 107)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/services/api.ts (Line: 115)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Potential SSRF pattern
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Server-side outbound request
|
||||
- Impact: Attacker may force calls to internal or unintended hosts
|
||||
- Files: src/services/api.ts (Line: 126)
|
||||
- Recommended fix: Enforce host allowlists and validate URLs before outbound requests.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 140)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 143)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
#### Server boundary without obvious input validation
|
||||
- Severity: high
|
||||
- Confidence: low
|
||||
- Status: manual-review
|
||||
- Evidence: Request input usage
|
||||
- Impact: Malformed or hostile input may reach sensitive logic
|
||||
- Files: src/services/api.ts (Line: 153)
|
||||
- Recommended fix: Validate request data at the server boundary with a schema.
|
||||
## Medium
|
||||
|
||||
#### Vulnerable dependency: esbuild
|
||||
- Severity: medium
|
||||
- Confidence: high
|
||||
- Status: confirmed
|
||||
- Evidence: npm audit reported moderate vulnerability in esbuild
|
||||
- Impact: May expose application to known CVE exploits
|
||||
- Files: package.json (Line: 1)
|
||||
- Recommended fix: Run npm audit fix or manually update esbuild.
|
||||
#### Vulnerable dependency: vite
|
||||
- Severity: medium
|
||||
- Confidence: high
|
||||
- Status: confirmed
|
||||
- Evidence: npm audit reported moderate vulnerability in vite
|
||||
- Impact: May expose application to known CVE exploits
|
||||
- Files: package.json (Line: 1)
|
||||
- Recommended fix: Run npm audit fix or manually update vite.
|
||||
## Low
|
||||
|
||||
_No findings._
|
||||
|
||||
## Manual review checklist
|
||||
|
||||
- Verify authz on admin and privileged routes.
|
||||
- Verify whether raw queries are parameterized upstream.
|
||||
- Verify whether shared sanitization utilities are applied before dangerous HTML or LLM calls.
|
||||
- Verify token handling and public env variables in client bundles.
|
||||
|
||||
Reference in New Issue
Block a user