924 lines
31 KiB
JSON
924 lines
31 KiB
JSON
{
|
|
"framework": "react-spa",
|
|
"root": "/home/deploy/projetos/alemaoconveniencias.local/admin-app",
|
|
"summary": {
|
|
"total": 70,
|
|
"critical": 0,
|
|
"high": 68,
|
|
"medium": 2,
|
|
"low": 0
|
|
},
|
|
"findings": [
|
|
{
|
|
"title": "Vulnerable dependency: esbuild",
|
|
"severity": "medium",
|
|
"confidence": "high",
|
|
"status": "confirmed",
|
|
"evidence": "npm audit reported moderate vulnerability in esbuild",
|
|
"impact": "May expose application to known CVE exploits",
|
|
"affectedFiles": [
|
|
"package.json"
|
|
],
|
|
"line": 1,
|
|
"recommendedFix": "Run npm audit fix or manually update esbuild."
|
|
},
|
|
{
|
|
"title": "Vulnerable dependency: vite",
|
|
"severity": "medium",
|
|
"confidence": "high",
|
|
"status": "confirmed",
|
|
"evidence": "npm audit reported moderate vulnerability in vite",
|
|
"impact": "May expose application to known CVE exploits",
|
|
"affectedFiles": [
|
|
"package.json"
|
|
],
|
|
"line": 1,
|
|
"recommendedFix": "Run npm audit fix or manually update vite."
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/App.tsx"
|
|
],
|
|
"line": 413
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/AdminUsers.tsx"
|
|
],
|
|
"line": 28
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/AdminUsers.tsx"
|
|
],
|
|
"line": 40
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/AdminUsers.tsx"
|
|
],
|
|
"line": 58
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/AdminUsers.tsx"
|
|
],
|
|
"line": 91
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/AdminUsers.tsx"
|
|
],
|
|
"line": 103
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Claims.tsx"
|
|
],
|
|
"line": 127
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Claims.tsx"
|
|
],
|
|
"line": 139
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Claims.tsx"
|
|
],
|
|
"line": 183
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Login.tsx"
|
|
],
|
|
"line": 19
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Orders.tsx"
|
|
],
|
|
"line": 36
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Orders.tsx"
|
|
],
|
|
"line": 52
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Orders.tsx"
|
|
],
|
|
"line": 68
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Plugins.tsx"
|
|
],
|
|
"line": 30
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Plugins.tsx"
|
|
],
|
|
"line": 42
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Plugins.tsx"
|
|
],
|
|
"line": 49
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Plugins.tsx"
|
|
],
|
|
"line": 124
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Promotions.tsx"
|
|
],
|
|
"line": 24
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Promotions.tsx"
|
|
],
|
|
"line": 32
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Promotions.tsx"
|
|
],
|
|
"line": 69
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Promotions.tsx"
|
|
],
|
|
"line": 82
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Promotions.tsx"
|
|
],
|
|
"line": 97
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Raffles.tsx"
|
|
],
|
|
"line": 26
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Raffles.tsx"
|
|
],
|
|
"line": 34
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Raffles.tsx"
|
|
],
|
|
"line": 84
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Raffles.tsx"
|
|
],
|
|
"line": 102
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Raffles.tsx"
|
|
],
|
|
"line": 112
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/pages/Settings.tsx"
|
|
],
|
|
"line": 56
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Users.tsx"
|
|
],
|
|
"line": 22
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Users.tsx"
|
|
],
|
|
"line": 30
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Users.tsx"
|
|
],
|
|
"line": 85
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/Users.tsx"
|
|
],
|
|
"line": 95
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppInbox.tsx"
|
|
],
|
|
"line": 665
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppInbox.tsx"
|
|
],
|
|
"line": 675
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppInbox.tsx"
|
|
],
|
|
"line": 934
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 56
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 58
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 62
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 143
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 146
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 151
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 161
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 193
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 196
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 203
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppLogs.tsx"
|
|
],
|
|
"line": 242
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/pages/WhatsAppWebhooks.tsx"
|
|
],
|
|
"line": 135
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 3
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 19
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 23
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 32
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 39
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 45
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 54
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 59
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 68
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 73
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 79
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 81
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 86
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 90
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 100
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 107
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 115
|
|
},
|
|
{
|
|
"title": "Potential SSRF pattern",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Server-side outbound request",
|
|
"impact": "Attacker may force calls to internal or unintended hosts",
|
|
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 126
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 140
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 143
|
|
},
|
|
{
|
|
"title": "Server boundary without obvious input validation",
|
|
"severity": "high",
|
|
"confidence": "low",
|
|
"status": "manual-review",
|
|
"evidence": "Request input usage",
|
|
"impact": "Malformed or hostile input may reach sensitive logic",
|
|
"recommendedFix": "Validate request data at the server boundary with a schema.",
|
|
"affectedFiles": [
|
|
"src/services/api.ts"
|
|
],
|
|
"line": 153
|
|
}
|
|
]
|
|
}
|