Files

79 lines
2.5 KiB
JSON

{
"framework": "javascript-app",
"root": "/home/deploy/projetos/alemaoconveniencias.local/security-auditor-antigravity",
"summary": {
"total": 5,
"critical": 1,
"high": 4,
"medium": 0,
"low": 0
},
"findings": [
{
"title": "Unsafe HTML rendering pattern",
"severity": "high",
"confidence": "medium",
"status": "probable",
"evidence": "dangerouslySetInnerHTML found",
"impact": "Potential XSS if fed untrusted content",
"recommendedFix": "Sanitize content and restrict sources before rendering HTML.",
"affectedFiles": [
"scripts/security-audit.js"
],
"line": 126
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"scripts/security-audit.js"
],
"line": 144
},
{
"title": "LLM endpoint with prompt injection exposure",
"severity": "high",
"confidence": "medium",
"status": "probable",
"evidence": "LLM SDK call",
"impact": "Model behavior may be steered to reveal or misuse privileged instructions and tools",
"recommendedFix": "Separate system instructions, validate tool args, add allowlists, and sanitize user content.",
"affectedFiles": [
"scripts/security-audit.js"
],
"line": 149
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"scripts/security-audit.js"
],
"line": 154
},
{
"title": "Hardcoded credential material",
"severity": "critical",
"confidence": "high",
"status": "confirmed",
"evidence": "Secret-like token or private key marker detected",
"impact": "Credential compromise may permit direct unauthorized access",
"recommendedFix": "Remove from code, rotate credentials, and load via secure server-side environment management.",
"affectedFiles": [
"scripts/security-audit.js"
],
"line": 159
}
]
}