FlatFilers / flatfile-core-libraries

MIT License

0 stars 0 forks source link

Vulnerabilities Dashboard - Code #153

Open flatfile-nullify[bot] opened 2 months ago

flatfile-nullify[bot] commented 2 months ago

Severity Threshold: 🔵 MEDIUM

135 Potential vulnerability sources found within this repo

`🔴 CRITICAL`	`🟡 HIGH`	`🔵 MEDIUM`	`⚪ LOW`
0	60	75	0

ID: 01J2FGF1R4ME54V4CA12NDMQ89 Language: TypeScript Severity: 🟡 HIGH CWE-798

Node secret

A hardcoded secret is identified. Store it properly in an environment variable. https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/index.ts#L132-L137 # ID: 01J4N8QWS9P07V5JZ6BWZHDR70 Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/javascript/src/createModal.ts#L52 # ID: 01J3ZJQZFF0EQCF2B3FJJM1DTX Language: JavaScript Severity: 🟡 HIGH CWE-918

Server-side request forgery

User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF).

Read more: https://cwe.mitre.org/data/definitions/918.html https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/x/files/agent.js#L311-L323 # ID: 01J4N8QWS9P07V5JZ66FAW34MX Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/angular/projects/spaces/src/lib/space/space.service.ts#L12 # ID: 01J4N8QWS9P07V5JZ6E7436K1W Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/v2-shims/src/logic/validator.ts#L309-L312 # ID: 01J4N8QWS9P07V5JZ6D95M2EXG Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/react/src/utils/styleInject.ts#L15 # ID: 01J3ZJQZFF0EQCF2B3FHWWHAEV Language: JavaScript Severity: 🟡 HIGH CWE-918

Server-side request forgery

User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF).

Read more: https://cwe.mitre.org/data/definitions/918.html https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/x/files/agent.js#L294-L297 # ID: 01J4N8QWS9P07V5JZ66CEAJP78 Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/sandbox/src/xdk-simple-deploy.ts#L16 # ID: 01J4N8QWS9P07V5JZ6E4DPJCDR Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/v2-shims/src/logic/validator.ts#L290-L293 # ID: 01J4N8QWS9P07V5JZ6B8CMKZCS Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/javascript/src/createIframe.ts#L16 # ID: 01J4N8QWS9P07V5JZ6DB1MZ4TH Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/react/src/utils/styleInject.ts#L17 # ID: 01J4N8QWS9P07V5JZ6BKRD26R3 Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/javascript/src/createIframe.ts#L241 # ID: 01J4N8QWS9P07V5JZ66EGYSXXZ Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/sandbox/src/xdk-simple-deploy.ts#L18 # ID: 01J4N8QWS9P07V5JZ66EPTKF87 Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/sandbox/src/xdk-simple-deploy.ts#L19-L21 # ID: 01J4N8QWS9P07V5JZ6DEVTCCPW Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/react/src/utils/styleInject.ts#L20 # ID: 01J4N8QWS9P07V5JZ6CDWKBY4Y Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/javascript/src/startFlatfile.ts#L233 # ID: 01J4N8QWS9P07V5JZ67YTDGGSN Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/x/actions/deploy.action.ts#L171-L180 # ID: 01J4N8QWS9P07V5JZ65M8QWJD9 Language: JavaScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/vanilla/main.js#L22 # ID: 01J2FGF1R4ME54V4CA130XC6HY Language: TypeScript Severity: 🟡 HIGH CWE-798

Node api key

A hardcoded API Key is identified. Store it properly in an environment variable. https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/legacy/utilities/access.token.ts#L5-L6 # ID: 01J4N8QWS9P07V5JZ65P2WXR52 Language: JavaScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/vanilla/main.js#L23 #

ℹ️ Note: 135 vulnerabilities were detected. This dashboard prioritises and showcases the top 20 most critical findings.

Reply with /nullify to interact with me like another developer

flatfile-nullify[bot] commented 1 month ago

New code security updates for commit 42953476d9afc8ce2e8db8d84a286f43db6cfd1d

New	Fixed	Allowlisted	Unallowlisted
25	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J2W1TTWZF30EZTGN3X87583C | Node api key | packages/cli/src/legacy/utilities/access.token.ts | 5 | 798 | | 01J2W1TTWZF30EZTGN49V8J439 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/shared/get-entry-file.ts | 16 | 22 | | 01J2W1TTWZF30EZTGN4050FN07 | Javascript require rule non literal require | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 17 | 95 | | 01J2W1TTWZF30EZTGN4B51YRVF | Javascript pathtraversal rule non literal fs filename | packages/cli/src/shared/get-entry-file.ts | 22 | 22 | | 01J2W1TTWZF30EZTGN4KRE0JBG | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/develop.action.ts | 25 | 22 | | 01J2W1TTWZF30EZTGN4PDC0690 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/develop.action.ts | 26 | 22 | | 01J2W1TTWZF30EZTGN4428QQRK | Javascript pathtraversal rule non literal fs filename | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 30 | 22 | | 01J2W1TTWZF30EZTGN5BY5J8EB | Javascript dos rule non literal regexp | packages/v2-shims/src/logic/util.ts | 54 | 185 | | 01J2W1TTWZF30EZTGN47RX2EJ2 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 58 | 22 | | 01J2W1TTWZF30EZTGN58BVQ0VD | Generic error disclosure | packages/listener-driver-pubsub/src/index.ts | 70 | 209 | | 01J2W1TTWZF30EZTGN4SFXGG5J | Javascript require rule non literal require | packages/cli/src/x/actions/develop.action.ts | 99 | 95 | | 01J2W1TTWZF30EZTGN52CZJ0EC | Rules lgpl javascript xss rule express xss | packages/cli/src/x/actions/publish.pubsub.ts | 99 | 79 | | 01J2W1TTWZF30EZTGN4TQBV46T | Rules lgpl javascript xss rule express xss | packages/cli/src/x/actions/publish.action.ts | 102 | 79 | | 01J2W1TTWZF30EZTGN3QBFTB1W | Node secret | packages/cli/src/index.ts | 112 | 798 | | 01J2W1TTWZF30EZTGN4B55AT1B | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 118 | 22 | | 01J2W1TTWZF30EZTGN4CQWBYQM | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 119 | 22 | | 01J2W1TTWZF30EZTGN3TWNV8Y1 | Node secret | packages/cli/src/index.ts | 132 | 798 | | 01J2W1TTWZF30EZTGN567WE6BG | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/publish.pubsub.ts | 141 | 22 | | 01J2W1TTWZF30EZTGN56ZJT1CB | Javascript require rule non literal require | packages/cli/src/x/actions/publish.pubsub.ts | 143 | 95 | | 01J2W1TTWZF30EZTGN4VMNQ1M4 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/publish.action.ts | 144 | 22 | | 01J2W1TTWZF30EZTGN4YNPK36V | Javascript require rule non literal require | packages/cli/src/x/actions/publish.action.ts | 146 | 95 | | 01J2W1TTWZF30EZTGN4EPM0G78 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 153 | 22 | | 01J2W1TTWZF30EZTGN4H7CCHD7 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 169 | 22 | | 01J2W1TTWZF30EZTGN4KHG930N | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 217 | 22 | | 01J2W1TTWZF30EZTGN57G7B6TT | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/quickstart.action.ts | 220 | 22 |

flatfile-nullify[bot] commented 1 month ago

New code security updates for commit 8cf905a61916f7953b7d09c12fa27d4268f71a66

New	Fixed	Allowlisted	Unallowlisted
1	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J2WB7S8T5FF5TKAPRB2CDGSR | Javascript dos rule non literal regexp | packages/javascript/src/i18n.ts | 54 | 185 |

flatfile-nullify[bot] commented 1 month ago

New code security updates for commit 6c8292b653c82e3d2ee86bf29a424bf854cefc98

New	Fixed	Allowlisted	Unallowlisted
1	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J2WB9KHMM7DJDCYE8B89CH7S | Javascript dos rule non literal regexp | packages/javascript/src/i18n.ts | 54 | 185 |

flatfile-nullify[bot] commented 1 month ago

New code security updates for commit d565c705dd0b471783135e1af7f78037b983c46a

New	Fixed	Allowlisted	Unallowlisted
26	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J30P6X0Y0ZQG1FH7VQ7QSR92 | Node api key | packages/cli/src/legacy/utilities/access.token.ts | 5 | 798 | | 01J30P6X0Y0ZQG1FH7W05NFC56 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/shared/get-entry-file.ts | 16 | 22 | | 01J30P6X0Y0ZQG1FH7VSTETF2E | Javascript require rule non literal require | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 17 | 95 | | 01J30P6X0Y0ZQG1FH7W0R2SMY3 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/shared/get-entry-file.ts | 22 | 22 | | 01J30P6X0Y0ZQG1FH7WDGR4KND | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/develop.action.ts | 25 | 22 | | 01J30P6X0Y0ZQG1FH7WGA6ZY79 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/develop.action.ts | 26 | 22 | | 01J30P6X0Y0ZQG1FH7VT37TKT7 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 30 | 22 | | 01J30P6X0Y0ZQG1FH7XEWPGZ84 | Javascript dos rule non literal regexp | packages/v2-shims/src/logic/util.ts | 54 | 185 | | 01J30P6X0Y0ZQG1FH7X7YMXGWX | Javascript dos rule non literal regexp | packages/javascript/src/i18n.ts | 54 | 185 | | 01J30P6X0Y0ZQG1FH7VWM90GRD | Javascript pathtraversal rule non literal fs filename | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 58 | 22 | | 01J30P6X0Y0ZQG1FH7XBF7KC9Z | Generic error disclosure | packages/listener-driver-pubsub/src/index.ts | 70 | 209 | | 01J30P6X0Y0ZQG1FH7WJZEJJC3 | Javascript require rule non literal require | packages/cli/src/x/actions/develop.action.ts | 99 | 95 | | 01J30P6X0Y0ZQG1FH7X11WEQ95 | Rules lgpl javascript xss rule express xss | packages/cli/src/x/actions/publish.pubsub.ts | 99 | 79 | | 01J30P6X0Y0ZQG1FH7WPVA4GAN | Rules lgpl javascript xss rule express xss | packages/cli/src/x/actions/publish.action.ts | 102 | 79 | | 01J30P6X0Y0ZQG1FH7VJ6T34EM | Node secret | packages/cli/src/index.ts | 112 | 798 | | 01J30P6X0Y0ZQG1FH7W2GYQ1HQ | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 118 | 22 | | 01J30P6X0Y0ZQG1FH7W3BC1RPB | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 119 | 22 | | 01J30P6X0Y0ZQG1FH7VNBTW8K1 | Node secret | packages/cli/src/index.ts | 132 | 798 | | 01J30P6X0Y0ZQG1FH7X29WB7A2 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/publish.pubsub.ts | 141 | 22 | | 01J30P6X0Y0ZQG1FH7X3CK8H58 | Javascript require rule non literal require | packages/cli/src/x/actions/publish.pubsub.ts | 143 | 95 | | 01J30P6X0Y0ZQG1FH7WTGXKA4H | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/publish.action.ts | 144 | 22 | | 01J30P6X0Y0ZQG1FH7WXG0XRFV | Javascript require rule non literal require | packages/cli/src/x/actions/publish.action.ts | 146 | 95 | | 01J30P6X0Y0ZQG1FH7W6T0G3QA | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 153 | 22 | | 01J30P6X0Y0ZQG1FH7W9D9GC7N | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 169 | 22 | | 01J30P6X0Y0ZQG1FH7WC5ZWSH5 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 217 | 22 | | 01J30P6X0Y0ZQG1FH7X4CZ90FZ | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/quickstart.action.ts | 220 | 22 |

flatfile-nullify[bot] commented 1 month ago

New code security updates for commit 2093c4deb755e1874053450265f59f5cd39761f4

New	Fixed	Allowlisted	Unallowlisted
1	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J31P208K6V63MGKNCZEMH4RZ | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 240 | 22 |

flatfile-nullify[bot] commented 1 month ago

New code security updates for commit 5496e45d023fdef804e39d4e54ad5b92f3cc4e32

New	Fixed	Allowlisted	Unallowlisted
1	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J31P3ST2A5T9HYJV9QMRDWW1 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 240 | 22 |

flatfile-nullify[bot] commented 1 month ago

New code security updates for commit 3ffcee725213c615bf07bd828dd021d108f6d3e7

New	Fixed	Allowlisted	Unallowlisted
27	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J31PBXS9FF3QT876VJHGTVKP | Node api key | packages/cli/src/legacy/utilities/access.token.ts | 5 | 798 | | 01J31PBXS9FF3QT876VSPE8YDQ | Javascript pathtraversal rule non literal fs filename | packages/cli/src/shared/get-entry-file.ts | 16 | 22 | | 01J31PBXS9FF3QT876VK2JX3H0 | Javascript require rule non literal require | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 17 | 95 | | 01J31PBXS9FF3QT876VVS6BVGJ | Javascript pathtraversal rule non literal fs filename | packages/cli/src/shared/get-entry-file.ts | 22 | 22 | | 01J31PBXS9FF3QT876W7Z9DNEC | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/develop.action.ts | 25 | 22 | | 01J31PBXS9FF3QT876WAGQVWYT | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/develop.action.ts | 26 | 22 | | 01J31PBXS9FF3QT876VPMJZ98F | Javascript pathtraversal rule non literal fs filename | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 30 | 22 | | 01J31PBXS9FF3QT876WZ7QX79T | Javascript dos rule non literal regexp | packages/v2-shims/src/logic/util.ts | 54 | 185 | | 01J31PBXS9FF3QT876WS71NSN5 | Javascript dos rule non literal regexp | packages/javascript/src/i18n.ts | 54 | 185 | | 01J31PBXS9FF3QT876VPRQQ0GX | Javascript pathtraversal rule non literal fs filename | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 58 | 22 | | 01J31PBXS9FF3QT876WW4203GB | Generic error disclosure | packages/listener-driver-pubsub/src/index.ts | 70 | 209 | | 01J31PBXS9FF3QT876WJ67BXVW | Rules lgpl javascript xss rule express xss | packages/cli/src/x/actions/publish.pubsub.ts | 99 | 79 | | 01J31PBXS9FF3QT876WE4YEMWV | Javascript require rule non literal require | packages/cli/src/x/actions/develop.action.ts | 99 | 95 | | 01J31PBXS9FF3QT876WF8JKMR8 | Rules lgpl javascript xss rule express xss | packages/cli/src/x/actions/publish.action.ts | 102 | 79 | | 01J31PBXS9FF3QT876VF5M2314 | Node secret | packages/cli/src/index.ts | 112 | 798 | | 01J31PBXS9FF3QT876VXXHTBAE | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 132 | 22 | | 01J31PBXS9FF3QT876VHWXD9HR | Node secret | packages/cli/src/index.ts | 132 | 798 | | 01J31PBXS9FF3QT876VZ7S7KPN | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 133 | 22 | | 01J31PBXS9FF3QT876WMMSWNYE | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/publish.pubsub.ts | 141 | 22 | | 01J31PBXS9FF3QT876WP8M63BP | Javascript require rule non literal require | packages/cli/src/x/actions/publish.pubsub.ts | 143 | 95 | | 01J31PBXS9FF3QT876WFS65WA0 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/publish.action.ts | 144 | 22 | | 01J31PBXS9FF3QT876WJ3DR9CS | Javascript require rule non literal require | packages/cli/src/x/actions/publish.action.ts | 146 | 95 | | 01J31PBXS9FF3QT876W1B5BWN5 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 167 | 22 | | 01J31PBXS9FF3QT876W34X1YRV | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 184 | 22 | | 01J31PBXS9FF3QT876WRE3TSQP | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/quickstart.action.ts | 220 | 22 | | 01J31PBXS9FF3QT876W5NHXESC | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 238 | 22 | | 01J31PBXS9FF3QT876W5YA8AM5 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 240 | 22 |

flatfile-nullify[bot] commented 1 month ago

New code security updates for commit e98cdf496bf94b4457b9794d8746cc75dc1e1ae9

New	Fixed	Allowlisted	Unallowlisted
27	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J3NGD3PR2RFYWAFDSTJ02TM3 | Node api key | packages/cli/src/legacy/utilities/access.token.ts | 5 | 798 | | 01J3NGD3PR2RFYWAFDT1NSA0CY | Javascript pathtraversal rule non literal fs filename | packages/cli/src/shared/get-entry-file.ts | 16 | 22 | | 01J3NGD3PR2RFYWAFDSXN59MZS | Javascript require rule non literal require | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 17 | 95 | | 01J3NGD3PR2RFYWAFDT1RQ4FTH | Javascript pathtraversal rule non literal fs filename | packages/cli/src/shared/get-entry-file.ts | 22 | 22 | | 01J3NGD3PR2RFYWAFDTDVCR5RF | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/develop.action.ts | 25 | 22 | | 01J3NGD3PR2RFYWAFDTHH182HE | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/develop.action.ts | 26 | 22 | | 01J3NGD3PR2RFYWAFDSZGDQV8C | Javascript pathtraversal rule non literal fs filename | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 30 | 22 | | 01J3NGD3PR2RFYWAFDV7NFVJXT | Javascript dos rule non literal regexp | packages/v2-shims/src/logic/util.ts | 54 | 185 | | 01J3NGD3PR2RFYWAFDV34AESC7 | Javascript dos rule non literal regexp | packages/javascript/src/i18n.ts | 54 | 185 | | 01J3NGD3PR2RFYWAFDT1CTA460 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/legacy/utilities/send.schemas.to.server.ts | 58 | 22 | | 01J3NGD3PR2RFYWAFDV5YX2803 | Generic error disclosure | packages/listener-driver-pubsub/src/index.ts | 70 | 209 | | 01J3NGD3PR2RFYWAFDTW7D5WJH | Rules lgpl javascript xss rule express xss | packages/cli/src/x/actions/publish.pubsub.ts | 99 | 79 | | 01J3NGD3PR2RFYWAFDTKR1MCJD | Javascript require rule non literal require | packages/cli/src/x/actions/develop.action.ts | 99 | 95 | | 01J3NGD3PR2RFYWAFDTPE6FQ6T | Rules lgpl javascript xss rule express xss | packages/cli/src/x/actions/publish.action.ts | 102 | 79 | | 01J3NGD3PR2RFYWAFDSPJGD7WD | Node secret | packages/cli/src/index.ts | 112 | 798 | | 01J3NGD3PR2RFYWAFDT3TWZ4RN | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 132 | 22 | | 01J3NGD3PR2RFYWAFDSPMFYJ9H | Node secret | packages/cli/src/index.ts | 132 | 798 | | 01J3NGD3PR2RFYWAFDT79SHJ3B | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 133 | 22 | | 01J3NGD3PR2RFYWAFDTYJCRF46 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/publish.pubsub.ts | 141 | 22 | | 01J3NGD3PR2RFYWAFDV1P6RC5C | Javascript require rule non literal require | packages/cli/src/x/actions/publish.pubsub.ts | 143 | 95 | | 01J3NGD3PR2RFYWAFDTS0PXC9G | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/publish.action.ts | 144 | 22 | | 01J3NGD3PR2RFYWAFDTT23M8YM | Javascript require rule non literal require | packages/cli/src/x/actions/publish.action.ts | 146 | 95 | | 01J3NGD3PR2RFYWAFDT9XKXR8T | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 167 | 22 | | 01J3NGD3PR2RFYWAFDTBD89V6F | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 184 | 22 | | 01J3NGD3PR2RFYWAFDV1W6C8SC | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/quickstart.action.ts | 220 | 22 | | 01J3NGD3PR2RFYWAFDTC61A7AP | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 238 | 22 | | 01J3NGD3PR2RFYWAFDTCFHXYN3 | Javascript pathtraversal rule non literal fs filename | packages/cli/src/x/actions/deploy.action.ts | 240 | 22 |