148 lines
3.7 KiB
JSON
148 lines
3.7 KiB
JSON
{
|
|
"version": "2.1.0",
|
|
"$schema": "http://json.schemastore.org/sarif-2.1.0-rtm.5",
|
|
"runs": [
|
|
{
|
|
"tool": {
|
|
"driver": {
|
|
"name": "Security Auditor Antigravity",
|
|
"version": "1.0.0",
|
|
"rules": [
|
|
{
|
|
"id": "Unsafe HTML rendering pattern"
|
|
},
|
|
{
|
|
"id": "Server boundary without obvious input validation"
|
|
},
|
|
{
|
|
"id": "LLM endpoint with prompt injection exposure"
|
|
},
|
|
{
|
|
"id": "Potential SSRF pattern"
|
|
},
|
|
{
|
|
"id": "Hardcoded credential material"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"results": [
|
|
{
|
|
"ruleId": "Unsafe HTML rendering pattern",
|
|
"level": "error",
|
|
"message": {
|
|
"text": "dangerouslySetInnerHTML found"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "scripts/security-audit.js"
|
|
},
|
|
"region": {
|
|
"startLine": 123
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"ruleId": "Unsafe HTML rendering pattern",
|
|
"level": "error",
|
|
"message": {
|
|
"text": "dangerouslySetInnerHTML found"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "scripts/security-audit.js"
|
|
},
|
|
"region": {
|
|
"startLine": 125
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"ruleId": "Server boundary without obvious input validation",
|
|
"level": "error",
|
|
"message": {
|
|
"text": "Request input usage"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "scripts/security-audit.js"
|
|
},
|
|
"region": {
|
|
"startLine": 143
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"ruleId": "LLM endpoint with prompt injection exposure",
|
|
"level": "error",
|
|
"message": {
|
|
"text": "LLM SDK call"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "scripts/security-audit.js"
|
|
},
|
|
"region": {
|
|
"startLine": 148
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"ruleId": "Potential SSRF pattern",
|
|
"level": "error",
|
|
"message": {
|
|
"text": "Server-side outbound request"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "scripts/security-audit.js"
|
|
},
|
|
"region": {
|
|
"startLine": 153
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"ruleId": "Hardcoded credential material",
|
|
"level": "error",
|
|
"message": {
|
|
"text": "Secret-like token or private key marker detected"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "scripts/security-audit.js"
|
|
},
|
|
"region": {
|
|
"startLine": 158
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|