birm
commented
4 years ago In interest of clarity, I've copied the report output
/Users/ryanbirmingham/Desktop/git/caracal/caracal.js
99:16 warning Variable Assigned to Object Injection Sink security/detect-object-injection
113:25 warning Variable Assigned to Object Injection Sink security/detect-object-injection
/Users/ryanbirmingham/Desktop/git/caracal/handlers/authHandlers.js
8:20 warning Found require("child_process") security/detect-child-process
33:7 warning Found fs.existsSync with non literal argument at index 0 security/detect-non-literal-fs-filename
34:14 warning Found fs.readFileSync with non literal argument at index 0 security/detect-non-literal-fs-filename
49:7 warning Found fs.existsSync with non literal argument at index 0 security/detect-non-literal-fs-filename
50:18 warning Found fs.readFileSync with non literal argument at index 0 security/detect-non-literal-fs-filename
214:5 warning Generic Object Injection Sink security/detect-object-injection
214:37 warning Function Call Object Injection Sink security/detect-object-injection
214:55 warning Function Call Object Injection Sink security/detect-object-injection
223:7 warning Generic Object Injection Sink security/detect-object-injection
223:39 warning Function Call Object Injection Sink security/detect-object-injection
223:57 warning Function Call Object Injection Sink security/detect-object-injection
225:24 warning Function Call Object Injection Sink security/detect-object-injection
226:7 warning Generic Object Injection Sink security/detect-object-injection
226:25 warning Generic Object Injection Sink security/detect-object-injection
229:9 warning Generic Object Injection Sink security/detect-object-injection
233:18 warning Generic Object Injection Sink security/detect-object-injection
236:25 warning Generic Object Injection Sink security/detect-object-injection
238:16 warning Generic Object Injection Sink security/detect-object-injection
/Users/ryanbirmingham/Desktop/git/caracal/handlers/dataHandlers.js
387:9 warning Generic Object Injection Sink security/detect-object-injection
389:11 warning Generic Object Injection Sink security/detect-object-injection
/Users/ryanbirmingham/Desktop/git/caracal/handlers/datasetHandler.js
36:21 warning Found fs.readFileSync with non literal argument at index 0 security/detect-non-literal-fs-filename
45:25 warning Found fs.readFileSync with non literal argument at index 0 security/detect-non-literal-fs-filename
134:5 warning Found fs.mkdirSync with non literal argument at index 0 security/detect-non-literal-fs-filename
135:5 warning Found fs.writeFile with non literal argument at index 0 security/detect-non-literal-fs-filename
142:11 warning Found fs.unlink with non literal argument at index 0 security/detect-non-literal-fs-filename
154:5 warning Found fs.rmdir with non literal argument at index 0 security/detect-non-literal-fs-filename
/Users/ryanbirmingham/Desktop/git/caracal/handlers/filterFunction.js
15:14 warning Generic Object Injection Sink security/detect-object-injection
19:27 warning Generic Object Injection Sink security/detect-object-injection
22:16 warning Generic Object Injection Sink security/detect-object-injection
23:33 warning Function Call Object Injection Sink security/detect-object-injection
27:12 warning Generic Object Injection Sink security/detect-object-injection
32:27 warning Generic Object Injection Sink security/detect-object-injection
39:30 warning Function Call Object Injection Sink security/detect-object-injection
/Users/ryanbirmingham/Desktop/git/caracal/handlers/modelTrainer.js
122:11 warning Generic Object Injection Sink security/detect-object-injection
123:16 warning Generic Object Injection Sink security/detect-object-injection
124:61 warning Function Call Object Injection Sink security/detect-object-injection
125:18 warning Generic Object Injection Sink security/detect-object-injection
126:16 warning Generic Object Injection Sink security/detect-object-injection
127:62 warning Function Call Object Injection Sink security/detect-object-injection
128:18 warning Generic Object Injection Sink security/detect-object-injection
129:16 warning Generic Object Injection Sink security/detect-object-injection
130:63 warning Function Call Object Injection Sink security/detect-object-injection
131:18 warning Generic Object Injection Sink security/detect-object-injection
132:16 warning Generic Object Injection Sink security/detect-object-injection
133:74 warning Function Call Object Injection Sink security/detect-object-injection
134:18 warning Generic Object Injection Sink security/detect-object-injection
135:16 warning Generic Object Injection Sink security/detect-object-injection
136:63 warning Function Call Object Injection Sink security/detect-object-injection
137:18 warning Generic Object Injection Sink security/detect-object-injection
138:16 warning Generic Object Injection Sink security/detect-object-injection
139:68 warning Function Call Object Injection Sink security/detect-object-injection
140:18 warning Generic Object Injection Sink security/detect-object-injection
141:16 warning Generic Object Injection Sink security/detect-object-injection
142:66 warning Function Call Object Injection Sink security/detect-object-injection
143:18 warning Generic Object Injection Sink security/detect-object-injection
144:16 warning Generic Object Injection Sink security/detect-object-injection
145:71 warning Function Call Object Injection Sink security/detect-object-injection
146:18 warning Generic Object Injection Sink security/detect-object-injection
147:16 warning Generic Object Injection Sink security/detect-object-injection
148:72 warning Function Call Object Injection Sink security/detect-object-injection
149:18 warning Generic Object Injection Sink security/detect-object-injection
150:16 warning Generic Object Injection Sink security/detect-object-injection
151:78 warning Function Call Object Injection Sink security/detect-object-injection
152:18 warning Generic Object Injection Sink security/detect-object-injection
153:16 warning Generic Object Injection Sink security/detect-object-injection
154:74 warning Function Call Object Injection Sink security/detect-object-injection
✖ 68 problems (0 errors, 68 warnings)
Maybe we should run sca on this repo?