Files
mercado.clube67.com/tools/security-auditor/admin-audit.json
T

924 lines
31 KiB
JSON

{
"framework": "react-spa",
"root": "/home/deploy/projetos/alemaoconveniencias.local/admin-app",
"summary": {
"total": 70,
"critical": 0,
"high": 68,
"medium": 2,
"low": 0
},
"findings": [
{
"title": "Vulnerable dependency: esbuild",
"severity": "medium",
"confidence": "high",
"status": "confirmed",
"evidence": "npm audit reported moderate vulnerability in esbuild",
"impact": "May expose application to known CVE exploits",
"affectedFiles": [
"package.json"
],
"line": 1,
"recommendedFix": "Run npm audit fix or manually update esbuild."
},
{
"title": "Vulnerable dependency: vite",
"severity": "medium",
"confidence": "high",
"status": "confirmed",
"evidence": "npm audit reported moderate vulnerability in vite",
"impact": "May expose application to known CVE exploits",
"affectedFiles": [
"package.json"
],
"line": 1,
"recommendedFix": "Run npm audit fix or manually update vite."
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/App.tsx"
],
"line": 413
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/AdminUsers.tsx"
],
"line": 28
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/AdminUsers.tsx"
],
"line": 40
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/AdminUsers.tsx"
],
"line": 58
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/AdminUsers.tsx"
],
"line": 91
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/AdminUsers.tsx"
],
"line": 103
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Claims.tsx"
],
"line": 127
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Claims.tsx"
],
"line": 139
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Claims.tsx"
],
"line": 183
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Login.tsx"
],
"line": 19
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Orders.tsx"
],
"line": 36
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Orders.tsx"
],
"line": 52
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Orders.tsx"
],
"line": 68
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Plugins.tsx"
],
"line": 30
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Plugins.tsx"
],
"line": 42
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Plugins.tsx"
],
"line": 49
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Plugins.tsx"
],
"line": 124
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Promotions.tsx"
],
"line": 24
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Promotions.tsx"
],
"line": 32
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Promotions.tsx"
],
"line": 69
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Promotions.tsx"
],
"line": 82
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Promotions.tsx"
],
"line": 97
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Raffles.tsx"
],
"line": 26
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Raffles.tsx"
],
"line": 34
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Raffles.tsx"
],
"line": 84
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Raffles.tsx"
],
"line": 102
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Raffles.tsx"
],
"line": 112
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/pages/Settings.tsx"
],
"line": 56
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Users.tsx"
],
"line": 22
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Users.tsx"
],
"line": 30
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Users.tsx"
],
"line": 85
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/Users.tsx"
],
"line": 95
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppInbox.tsx"
],
"line": 665
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppInbox.tsx"
],
"line": 675
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppInbox.tsx"
],
"line": 934
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 56
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 58
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 62
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 143
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 146
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 151
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 161
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 193
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 196
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 203
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/pages/WhatsAppLogs.tsx"
],
"line": 242
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/pages/WhatsAppWebhooks.tsx"
],
"line": 135
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 3
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 19
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 23
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 32
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 39
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 45
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 54
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 59
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 68
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 73
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 79
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 81
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 86
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 90
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 100
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 107
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 115
},
{
"title": "Potential SSRF pattern",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Server-side outbound request",
"impact": "Attacker may force calls to internal or unintended hosts",
"recommendedFix": "Enforce host allowlists and validate URLs before outbound requests.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 126
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 140
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 143
},
{
"title": "Server boundary without obvious input validation",
"severity": "high",
"confidence": "low",
"status": "manual-review",
"evidence": "Request input usage",
"impact": "Malformed or hostile input may reach sensitive logic",
"recommendedFix": "Validate request data at the server boundary with a schema.",
"affectedFiles": [
"src/services/api.ts"
],
"line": 153
}
]
}