{ "framework": "react-spa", "root": "/home/deploy/projetos/alemaoconveniencias.local/admin-app", "summary": { "total": 70, "critical": 0, "high": 68, "medium": 2, "low": 0 }, "findings": [ { "title": "Vulnerable dependency: esbuild", "severity": "medium", "confidence": "high", "status": "confirmed", "evidence": "npm audit reported moderate vulnerability in esbuild", "impact": "May expose application to known CVE exploits", "affectedFiles": [ "package.json" ], "line": 1, "recommendedFix": "Run npm audit fix or manually update esbuild." }, { "title": "Vulnerable dependency: vite", "severity": "medium", "confidence": "high", "status": "confirmed", "evidence": "npm audit reported moderate vulnerability in vite", "impact": "May expose application to known CVE exploits", "affectedFiles": [ "package.json" ], "line": 1, "recommendedFix": "Run npm audit fix or manually update vite." }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/App.tsx" ], "line": 413 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/AdminUsers.tsx" ], "line": 28 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/AdminUsers.tsx" ], "line": 40 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/AdminUsers.tsx" ], "line": 58 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/AdminUsers.tsx" ], "line": 91 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/AdminUsers.tsx" ], "line": 103 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Claims.tsx" ], "line": 127 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Claims.tsx" ], "line": 139 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Claims.tsx" ], "line": 183 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Login.tsx" ], "line": 19 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Orders.tsx" ], "line": 36 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Orders.tsx" ], "line": 52 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Orders.tsx" ], "line": 68 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Plugins.tsx" ], "line": 30 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Plugins.tsx" ], "line": 42 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Plugins.tsx" ], "line": 49 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Plugins.tsx" ], "line": 124 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Promotions.tsx" ], "line": 24 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Promotions.tsx" ], "line": 32 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Promotions.tsx" ], "line": 69 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Promotions.tsx" ], "line": 82 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Promotions.tsx" ], "line": 97 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Raffles.tsx" ], "line": 26 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Raffles.tsx" ], "line": 34 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Raffles.tsx" ], "line": 84 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Raffles.tsx" ], "line": 102 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Raffles.tsx" ], "line": 112 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/pages/Settings.tsx" ], "line": 56 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Users.tsx" ], "line": 22 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Users.tsx" ], "line": 30 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Users.tsx" ], "line": 85 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/Users.tsx" ], "line": 95 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppInbox.tsx" ], "line": 665 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppInbox.tsx" ], "line": 675 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppInbox.tsx" ], "line": 934 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 56 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 58 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 62 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 143 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 146 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 151 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 161 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 193 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 196 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 203 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/pages/WhatsAppLogs.tsx" ], "line": 242 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/pages/WhatsAppWebhooks.tsx" ], "line": 135 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/services/api.ts" ], "line": 3 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 19 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 23 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 32 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 39 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 45 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 54 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 59 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 68 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 73 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 79 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 81 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 86 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 90 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 100 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 107 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/services/api.ts" ], "line": 115 }, { "title": "Potential SSRF pattern", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Server-side outbound request", "impact": "Attacker may force calls to internal or unintended hosts", "recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.", "affectedFiles": [ "src/services/api.ts" ], "line": 126 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 140 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 143 }, { "title": "Server boundary without obvious input validation", "severity": "high", "confidence": "low", "status": "manual-review", "evidence": "Request input usage", "impact": "Malformed or hostile input may reach sensitive logic", "recommendedFix": "Validate request data at the server boundary with a schema.", "affectedFiles": [ "src/services/api.ts" ], "line": 153 } ] }