Files
fuzzforge_ai/test_projects/vulnerable_app/findings-e34d6450.sarif
T
Tanguy Duhamel 323a434c73 Initial commit
2025-09-29 21:26:41 +02:00

2548 lines
78 KiB
JSON

{
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "FuzzForge Security Assessment",
"version": "1.0.0",
"informationUri": "https://fuzzforge.io",
"rules": [
{
"id": "sensitive_file_medium",
"name": "Sensitive File",
"shortDescription": {
"text": "sensitive_file vulnerability"
},
"fullDescription": {
"text": "Detection rule for sensitive_file vulnerabilities with medium severity"
},
"defaultConfiguration": {
"level": "warning"
},
"properties": {
"category": "sensitive_file",
"severity": "medium",
"tags": [
"security",
"sensitive_file",
"medium"
]
}
},
{
"id": "sql_injection_high",
"name": "Sql Injection",
"shortDescription": {
"text": "sql_injection vulnerability"
},
"fullDescription": {
"text": "Detection rule for sql_injection vulnerabilities with high severity"
},
"defaultConfiguration": {
"level": "error"
},
"properties": {
"category": "sql_injection",
"severity": "high",
"tags": [
"security",
"sql_injection",
"high"
]
}
},
{
"id": "hardcoded_secret_high",
"name": "Hardcoded Secret",
"shortDescription": {
"text": "hardcoded_secret vulnerability"
},
"fullDescription": {
"text": "Detection rule for hardcoded_secret vulnerabilities with high severity"
},
"defaultConfiguration": {
"level": "error"
},
"properties": {
"category": "hardcoded_secret",
"severity": "high",
"tags": [
"security",
"hardcoded_secret",
"high"
]
}
},
{
"id": "hardcoded_secret_medium",
"name": "Hardcoded Secret",
"shortDescription": {
"text": "hardcoded_secret vulnerability"
},
"fullDescription": {
"text": "Detection rule for hardcoded_secret vulnerabilities with medium severity"
},
"defaultConfiguration": {
"level": "warning"
},
"properties": {
"category": "hardcoded_secret",
"severity": "medium",
"tags": [
"security",
"hardcoded_secret",
"medium"
]
}
},
{
"id": "dangerous_function_medium",
"name": "Dangerous Function",
"shortDescription": {
"text": "dangerous_function vulnerability"
},
"fullDescription": {
"text": "Detection rule for dangerous_function vulnerabilities with medium severity"
},
"defaultConfiguration": {
"level": "warning"
},
"properties": {
"category": "dangerous_function",
"severity": "medium",
"tags": [
"security",
"dangerous_function",
"medium"
]
}
}
]
}
},
"results": [
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at private_key.pem"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "private_key.pem",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "cc37aa8f-0bc5-4e54-a5aa-d473b9385321",
"title": "Potentially sensitive file: private_key.pem",
"metadata": {
"file_size": 381,
"file_type": "application/octet-stream"
}
}
},
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at wallet.json"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "wallet.json",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "c914cc7a-cb03-4643-a359-4fcc41bf7646",
"title": "Potentially sensitive file: wallet.json",
"metadata": {
"file_size": 1206,
"file_type": "application/json"
}
}
},
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at .npmrc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": ".npmrc",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "ace6ea93-a835-4ca7-b91b-f788ad8209da",
"title": "Potentially sensitive file: .npmrc",
"metadata": {
"file_size": 238,
"file_type": "application/octet-stream"
}
}
},
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at .env"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": ".env",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "611cf2f2-e55d-4973-9f0b-90b1b4e906d6",
"title": "Potentially sensitive file: .env",
"metadata": {
"file_size": 1546,
"file_type": "application/octet-stream"
}
}
},
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at .git-credentials"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": ".git-credentials",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "1f952530-9468-442a-93c9-2facefd4720b",
"title": "Potentially sensitive file: .git-credentials",
"metadata": {
"file_size": 168,
"file_type": "application/octet-stream"
}
}
},
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at data/api_keys.txt"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "data/api_keys.txt",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "e8a4277b-1025-43df-a319-c56d4c9e766e",
"title": "Potentially sensitive file: api_keys.txt",
"metadata": {
"file_size": 1138,
"file_type": "text/plain"
}
}
},
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at data/credentials.json"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "data/credentials.json",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "060a0d9d-b73a-443c-ae35-09d0a0842695",
"title": "Potentially sensitive file: credentials.json",
"metadata": {
"file_size": 1057,
"file_type": "application/json"
}
}
},
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at .fuzzforge/.env.template"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": ".fuzzforge/.env.template",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "a5398b83-d5a6-4787-b2cb-b2f1858d0a96",
"title": "Potentially sensitive file: .env.template",
"metadata": {
"file_size": 569,
"file_type": "application/octet-stream"
}
}
},
{
"ruleId": "sensitive_file_medium",
"level": "warning",
"message": {
"text": "Found potentially sensitive file at .fuzzforge/.env"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": ".fuzzforge/.env",
"uriBaseId": "WORKSPACE"
}
}
}
],
"properties": {
"findingId": "dd923388-7faf-4dba-8d0e-cd1f08dc0ca5",
"title": "Potentially sensitive file: .env",
"metadata": {
"file_size": 569,
"file_type": "application/octet-stream"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via F-string in SQL query"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 21,
"snippet": {
"text": "query = f\"SELECT * FROM users WHERE id = {user_id}\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "99a1553f-1536-484a-8dcb-62051fac73d2",
"title": "Potential SQL Injection: F-string in SQL query",
"metadata": {
"vulnerability_type": "F-string in SQL query"
}
}
},
{
"ruleId": "hardcoded_secret_high",
"level": "error",
"message": {
"text": "Found potential hardcoded API Key in src/api_handler.py"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/api_handler.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 13,
"snippet": {
"text": "STRIPE_API_KEY = \"sk_live_4eC39HqLyjWDarjtT1zdp7dc\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded API Key and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "570809d3-fe4f-4d22-bf0c-e249449ed6d9",
"title": "Hardcoded API Key detected",
"metadata": {
"secret_type": "API Key"
}
}
},
{
"ruleId": "hardcoded_secret_medium",
"level": "warning",
"message": {
"text": "Found potential hardcoded Authentication Token in src/api_handler.py"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/api_handler.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 9,
"snippet": {
"text": "SECRET_TOKEN = \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Authentication Token and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "568cccd7-5fa3-416b-8378-b07395a6bba5",
"title": "Hardcoded Authentication Token detected",
"metadata": {
"secret_type": "Authentication Token"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function eval(): Arbitrary code execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/api_handler.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 22,
"snippet": {
"text": "result = eval(user_data) # Code injection vulnerability"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to eval()"
}
}
],
"properties": {
"findingId": "97fca15d-5d39-408a-aa8a-4539f9acd70d",
"title": "Dangerous function: eval()",
"metadata": {
"function": "eval()",
"risk": "Arbitrary code execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function eval(): Arbitrary code execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/api_handler.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 42,
"snippet": {
"text": "func = eval(f\"lambda x: {code}\") # Dangerous eval"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to eval()"
}
}
],
"properties": {
"findingId": "b3ba0382-afa9-4a59-a4a5-35ca481b4b36",
"title": "Dangerous function: eval()",
"metadata": {
"function": "eval()",
"risk": "Arbitrary code execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function exec(): Arbitrary code execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/api_handler.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 37,
"snippet": {
"text": "exec(compiled, data) # Code execution vulnerability"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to exec()"
}
}
],
"properties": {
"findingId": "7aa84df3-6cd6-4a2f-a378-2d3b64020303",
"title": "Dangerous function: exec()",
"metadata": {
"function": "exec()",
"risk": "Arbitrary code execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function os.system(): Command injection risk"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/api_handler.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 32,
"snippet": {
"text": "os.system(\"cat \" + filename) # Command injection"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to os.system()"
}
}
],
"properties": {
"findingId": "634a0fbb-d1f1-49a7-9489-1a2ee7dab592",
"title": "Dangerous function: os.system()",
"metadata": {
"function": "os.system()",
"risk": "Command injection risk"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function os.system(): Command injection risk"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/api_handler.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 59,
"snippet": {
"text": "os.system(f\"echo '{log_message}' >> /var/log/app.log\") # Command injection via logs"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to os.system()"
}
}
],
"properties": {
"findingId": "020e2824-7809-44b8-bc96-8faf794d1cd4",
"title": "Dangerous function: os.system()",
"metadata": {
"function": "os.system()",
"risk": "Command injection risk"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function subprocess with shell=True: Command injection risk"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/api_handler.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 27,
"snippet": {
"text": "result = subprocess.call(command, shell=True) # Command injection risk"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to subprocess with shell=True"
}
}
],
"properties": {
"findingId": "44bc73a1-87c9-4bcf-924f-c28cf16ae10b",
"title": "Dangerous function: subprocess with shell=True",
"metadata": {
"function": "subprocess with shell=True",
"risk": "Command injection risk"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via String concatenation in SQL"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/database.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 31,
"snippet": {
"text": "query = \"SELECT * FROM users WHERE username = '\" + user_input + \"'\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "8ad4537c-70d9-4091-a1a1-3c707aa23c43",
"title": "Potential SQL Injection: String concatenation in SQL",
"metadata": {
"vulnerability_type": "String concatenation in SQL"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via String formatting in SQL"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/database.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 38,
"snippet": {
"text": "query = f\"SELECT * FROM products WHERE name LIKE '%{search_term}%' AND category = '{category}'\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "b9de1e8c-3e7a-4e80-a941-8f3e7d19193d",
"title": "Potential SQL Injection: String formatting in SQL",
"metadata": {
"vulnerability_type": "String formatting in SQL"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via String formatting in SQL"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/database.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 45,
"snippet": {
"text": "query = \"UPDATE users SET profile = '%s' WHERE id = %s\" % (data, user_id)"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "a0a1b161-4c9d-40e6-9425-fa2a837e392c",
"title": "Potential SQL Injection: String formatting in SQL",
"metadata": {
"vulnerability_type": "String formatting in SQL"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via F-string in SQL query"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/database.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 38,
"snippet": {
"text": "query = f\"SELECT * FROM products WHERE name LIKE '%{search_term}%' AND category = '{category}'\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "b163cf4a-4096-4d6e-bf1e-7fdd9c2c5e0d",
"title": "Potential SQL Injection: F-string in SQL query",
"metadata": {
"vulnerability_type": "F-string in SQL query"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via Dynamic query building"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/database.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 31,
"snippet": {
"text": "query = \"SELECT * FROM users WHERE username = '\" + user_input + \"'\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "1dfc700e-8d0a-4aea-8274-581eb3d22558",
"title": "Potential SQL Injection: Dynamic query building",
"metadata": {
"vulnerability_type": "Dynamic query building"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via Dynamic query building"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/database.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 63,
"snippet": {
"text": "final_query = base_query + where_clause"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "db3e1ebf-9de7-4ccb-ab64-05d44ec0423b",
"title": "Potential SQL Injection: Dynamic query building",
"metadata": {
"vulnerability_type": "Dynamic query building"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function os.system(): Command injection risk"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/database.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 57,
"snippet": {
"text": "os.system(f\"mysqldump -u {DB_USER} -p{DB_PASSWORD} production > {backup_name}\")"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to os.system()"
}
}
],
"properties": {
"findingId": "f005e534-82bc-4028-b2a1-60f81b7271ce",
"title": "Dangerous function: os.system()",
"metadata": {
"function": "os.system()",
"risk": "Command injection risk"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function pickle.load(): Deserialization vulnerability"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/database.py",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 52,
"snippet": {
"text": "user_prefs = pickle.loads(data) # Dangerous pickle deserialization"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to pickle.load()"
}
}
],
"properties": {
"findingId": "46cbf0c4-795d-4c59-95b2-625524dd7b72",
"title": "Dangerous function: pickle.load()",
"metadata": {
"function": "pickle.load()",
"risk": "Deserialization vulnerability"
}
}
},
{
"ruleId": "hardcoded_secret_high",
"level": "error",
"message": {
"text": "Found potential hardcoded Private Key in scripts/backup.js"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/backup.js",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 81,
"snippet": {
"text": "const BITCOIN_PRIVATE_KEY = \"5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS\";"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Private Key and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "cdda30d1-8584-4cf8-a0f2-42dfd9ceef72",
"title": "Hardcoded Private Key detected",
"metadata": {
"secret_type": "Private Key"
}
}
},
{
"ruleId": "hardcoded_secret_medium",
"level": "warning",
"message": {
"text": "Found potential hardcoded Potential Secret Hash in scripts/backup.js"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/backup.js",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 81,
"snippet": {
"text": "const BITCOIN_PRIVATE_KEY = \"5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS\";"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Potential Secret Hash and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "4810636e-ccdc-4e5b-bf63-82201270d5db",
"title": "Hardcoded Potential Secret Hash detected",
"metadata": {
"secret_type": "Potential Secret Hash"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function eval(): Arbitrary code execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/backup.js",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 23,
"snippet": {
"text": "eval(userInput); // Code injection vulnerability"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to eval()"
}
}
],
"properties": {
"findingId": "57e40967-e9e7-49f6-bcdb-ceb284cf46ca",
"title": "Dangerous function: eval()",
"metadata": {
"function": "eval()",
"risk": "Arbitrary code execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function new Function(): Arbitrary code execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/backup.js",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 28,
"snippet": {
"text": "return new Function(code); // Code injection vulnerability"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to new Function()"
}
}
],
"properties": {
"findingId": "5102c299-045b-4e63-9aa8-68df218b1128",
"title": "Dangerous function: new Function()",
"metadata": {
"function": "new Function()",
"risk": "Arbitrary code execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function innerHTML: XSS vulnerability"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/backup.js",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 33,
"snippet": {
"text": "document.body.innerHTML = message; // XSS vulnerability"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to innerHTML"
}
}
],
"properties": {
"findingId": "a780bebf-6f9c-4972-9402-0549c4c71ea5",
"title": "Dangerous function: innerHTML",
"metadata": {
"function": "innerHTML",
"risk": "XSS vulnerability"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function innerHTML: XSS vulnerability"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/backup.js",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 37,
"snippet": {
"text": "document.getElementById('content').innerHTML = html; // XSS vulnerability"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to innerHTML"
}
}
],
"properties": {
"findingId": "b1bd47ed-ca65-41f4-b61a-f6f723adbb6b",
"title": "Dangerous function: innerHTML",
"metadata": {
"function": "innerHTML",
"risk": "XSS vulnerability"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function document.write(): XSS vulnerability"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/backup.js",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 42,
"snippet": {
"text": "document.write(data); // XSS vulnerability"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to document.write()"
}
}
],
"properties": {
"findingId": "ed5c43b7-cf63-4525-82dd-c879ba3ec410",
"title": "Dangerous function: document.write()",
"metadata": {
"function": "document.write()",
"risk": "XSS vulnerability"
}
}
},
{
"ruleId": "hardcoded_secret_high",
"level": "error",
"message": {
"text": "Found potential hardcoded Private Key in src/Main.java"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/Main.java",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 77,
"snippet": {
"text": "private static final String PRIVATE_KEY = \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQ...\";"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Private Key and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "7680578c-31dc-4796-9a7a-0889d2a376c2",
"title": "Hardcoded Private Key detected",
"metadata": {
"secret_type": "Private Key"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via String concatenation in SQL"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/Main.java",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 23,
"snippet": {
"text": "String query = \"SELECT * FROM users WHERE id = \" + userId; // SQL injection"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "800bbc55-79b0-4813-aa77-d835ebd532fd",
"title": "Potential SQL Injection: String concatenation in SQL",
"metadata": {
"vulnerability_type": "String concatenation in SQL"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via String concatenation in SQL"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/Main.java",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 29,
"snippet": {
"text": "String query = \"SELECT * FROM products WHERE name LIKE '%\" + searchTerm + \"%'\";"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "96d65d69-eeec-4f19-ba41-3eda3d0b6376",
"title": "Potential SQL Injection: String concatenation in SQL",
"metadata": {
"vulnerability_type": "String concatenation in SQL"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via Dynamic query building"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/Main.java",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 23,
"snippet": {
"text": "String query = \"SELECT * FROM users WHERE id = \" + userId; // SQL injection"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "6144ffe8-501e-472e-ad04-c1c04b17951b",
"title": "Potential SQL Injection: Dynamic query building",
"metadata": {
"vulnerability_type": "Dynamic query building"
}
}
},
{
"ruleId": "sql_injection_high",
"level": "error",
"message": {
"text": "Detected potential SQL injection vulnerability via Dynamic query building"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/Main.java",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 29,
"snippet": {
"text": "String query = \"SELECT * FROM products WHERE name LIKE '%\" + searchTerm + \"%'\";"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use parameterized queries or prepared statements instead"
}
}
],
"properties": {
"findingId": "08ae0f60-def0-43fc-81bd-ff37aea0c497",
"title": "Potential SQL Injection: Dynamic query building",
"metadata": {
"vulnerability_type": "Dynamic query building"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function eval(): Arbitrary code execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 28,
"snippet": {
"text": "eval($code); // Code execution vulnerability"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to eval()"
}
}
],
"properties": {
"findingId": "f766d6e6-caa1-4606-a2aa-1bce25883135",
"title": "Dangerous function: eval()",
"metadata": {
"function": "eval()",
"risk": "Arbitrary code execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function exec(): Command execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 22,
"snippet": {
"text": "exec(\"cat \" . $_POST['file']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to exec()"
}
}
],
"properties": {
"findingId": "1a1b644e-b646-420e-b21b-a2f523dddc2c",
"title": "Dangerous function: exec()",
"metadata": {
"function": "exec()",
"risk": "Command execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function exec(): Command execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 23,
"snippet": {
"text": "shell_exec(\"ping \" . $_GET['host']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to exec()"
}
}
],
"properties": {
"findingId": "ab3cbe14-db2e-4ca8-a151-88b05276ef15",
"title": "Dangerous function: exec()",
"metadata": {
"function": "exec()",
"risk": "Command execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function system(): Command execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 21,
"snippet": {
"text": "system(\"ls -la \" . $_GET['directory']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to system()"
}
}
],
"properties": {
"findingId": "b6d73950-c538-46bb-9b75-cc80a9ea9188",
"title": "Dangerous function: system()",
"metadata": {
"function": "system()",
"risk": "Command execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function shell_exec(): Command execution"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 23,
"snippet": {
"text": "shell_exec(\"ping \" . $_GET['host']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to shell_exec()"
}
}
],
"properties": {
"findingId": "fb42a045-ca72-4d40-838f-b78e6a1cd606",
"title": "Dangerous function: shell_exec()",
"metadata": {
"function": "shell_exec()",
"risk": "Command execution"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_GET usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 12,
"snippet": {
"text": "$user_id = $_GET['id'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_GET usage"
}
}
],
"properties": {
"findingId": "176fad7b-eae2-4f67-b571-9d05dd55afe2",
"title": "Dangerous function: Direct $_GET usage",
"metadata": {
"function": "Direct $_GET usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_GET usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 21,
"snippet": {
"text": "system(\"ls -la \" . $_GET['directory']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_GET usage"
}
}
],
"properties": {
"findingId": "f22f694f-a90b-4db3-9963-15c1cde45b9e",
"title": "Dangerous function: Direct $_GET usage",
"metadata": {
"function": "Direct $_GET usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_GET usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 23,
"snippet": {
"text": "shell_exec(\"ping \" . $_GET['host']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_GET usage"
}
}
],
"properties": {
"findingId": "0faaf644-0344-4a72-99f0-db753b9ce9fa",
"title": "Dangerous function: Direct $_GET usage",
"metadata": {
"function": "Direct $_GET usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_GET usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 24,
"snippet": {
"text": "passthru(\"ps aux | grep \" . $_GET['process']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_GET usage"
}
}
],
"properties": {
"findingId": "f3d955a5-c4e4-41bf-92dd-8dfc192d05d0",
"title": "Dangerous function: Direct $_GET usage",
"metadata": {
"function": "Direct $_GET usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_GET usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 31,
"snippet": {
"text": "include($_GET['page'] . '.php');"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_GET usage"
}
}
],
"properties": {
"findingId": "3bd995ce-e253-4f6d-bbd5-3313c88ad46f",
"title": "Dangerous function: Direct $_GET usage",
"metadata": {
"function": "Direct $_GET usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_GET usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 45,
"snippet": {
"text": "echo \"Welcome, \" . $_GET['name'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_GET usage"
}
}
],
"properties": {
"findingId": "fd3c11cd-28cb-4b54-a735-9a5bdc332a5b",
"title": "Dangerous function: Direct $_GET usage",
"metadata": {
"function": "Direct $_GET usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_GET usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 50,
"snippet": {
"text": "$_SESSION['user'] = $_GET['user'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_GET usage"
}
}
],
"properties": {
"findingId": "a03cac8a-b32d-4ef7-8cf1-079cb49990f4",
"title": "Dangerous function: Direct $_GET usage",
"metadata": {
"function": "Direct $_GET usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_GET usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 57,
"snippet": {
"text": "$file = $_GET['file'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_GET usage"
}
}
],
"properties": {
"findingId": "33e1a9cc-f9f9-48b4-bdfb-c69f53070628",
"title": "Dangerous function: Direct $_GET usage",
"metadata": {
"function": "Direct $_GET usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 13,
"snippet": {
"text": "$username = $_POST['username'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "53eeb91a-fbff-4751-a564-f6f0051fb7fc",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 22,
"snippet": {
"text": "exec(\"cat \" . $_POST['file']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "23b4011b-f3c9-4830-b4a5-d0a841ec6919",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 27,
"snippet": {
"text": "$code = $_POST['code'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "21de169a-6bc5-4bba-8f80-cfdd7eb48e46",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 32,
"snippet": {
"text": "require_once($_POST['template']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "07f75eb2-6177-47d3-872e-5816e6792cd4",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 40,
"snippet": {
"text": "$search = $_POST['search'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "e2eea3e9-291e-4f8b-8812-bb0b1420faa5",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 46,
"snippet": {
"text": "print(\"Your search: \" . $_POST['query']);"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "ce099095-26d9-43f9-b109-96694ae1a58a",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 53,
"snippet": {
"text": "$password = md5($_POST['password']); // Weak hashing"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "c8459eff-68a8-4bf2-ae7d-783cd42baf9b",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 54,
"snippet": {
"text": "$encrypted = base64_encode($_POST['sensitive_data']); // Not encryption"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "6109490b-7d05-4a15-8fb0-a654732ecbe4",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 61,
"snippet": {
"text": "$username = $_POST['username'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "a52a06bc-da7a-414d-b9c4-f00735a32d4d",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "dangerous_function_medium",
"level": "warning",
"message": {
"text": "Use of potentially dangerous function Direct $_POST usage: Input validation missing"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "scripts/deploy.php",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 62,
"snippet": {
"text": "$password = $_POST['password'];"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Consider safer alternatives to Direct $_POST usage"
}
}
],
"properties": {
"findingId": "d7205d13-889e-40b8-978f-a718b46a849d",
"title": "Dangerous function: Direct $_POST usage",
"metadata": {
"function": "Direct $_POST usage",
"risk": "Input validation missing"
}
}
},
{
"ruleId": "hardcoded_secret_high",
"level": "error",
"message": {
"text": "Found potential hardcoded API Key in src/utils.rb"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/utils.rb",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 64,
"snippet": {
"text": "ELASTICSEARCH_API_KEY = \"elastic_api_key_789xyz\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded API Key and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "47b6f3dd-4f4f-4255-a225-6147ed9f22ca",
"title": "Hardcoded API Key detected",
"metadata": {
"secret_type": "API Key"
}
}
},
{
"ruleId": "hardcoded_secret_medium",
"level": "warning",
"message": {
"text": "Found potential hardcoded Hardcoded Password in src/utils.rb"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/utils.rb",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 63,
"snippet": {
"text": "REDIS_PASSWORD = \"redis_cache_password_456\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Hardcoded Password and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "bb13af1d-c9e3-43b7-b51a-1f47a1b91c64",
"title": "Hardcoded Hardcoded Password detected",
"metadata": {
"secret_type": "Hardcoded Password"
}
}
},
{
"ruleId": "hardcoded_secret_high",
"level": "error",
"message": {
"text": "Found potential hardcoded Private Key in src/app.go"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/app.go",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 59,
"snippet": {
"text": "const BitcoinPrivateKey = \"5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Private Key and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "bb039e28-0b62-4ace-9dee-9015643918f5",
"title": "Hardcoded Private Key detected",
"metadata": {
"secret_type": "Private Key"
}
}
},
{
"ruleId": "hardcoded_secret_high",
"level": "error",
"message": {
"text": "Found potential hardcoded Private Key in src/app.go"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/app.go",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 62,
"snippet": {
"text": "const EthereumPrivateKey = \"0x4c0883a69102937d6231471b5dbb6204fe512961708279f3e2e1a2e4567890abc\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Private Key and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "6642fe40-7de1-483b-a026-595c07c781be",
"title": "Hardcoded Private Key detected",
"metadata": {
"secret_type": "Private Key"
}
}
},
{
"ruleId": "hardcoded_secret_medium",
"level": "warning",
"message": {
"text": "Found potential hardcoded Potential Secret Hash in src/app.go"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/app.go",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 59,
"snippet": {
"text": "const BitcoinPrivateKey = \"5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Potential Secret Hash and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "2ddc264a-8dd8-4187-9002-1332294da03e",
"title": "Hardcoded Potential Secret Hash detected",
"metadata": {
"secret_type": "Potential Secret Hash"
}
}
},
{
"ruleId": "hardcoded_secret_medium",
"level": "warning",
"message": {
"text": "Found potential hardcoded Potential Secret Hash in src/app.go"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/app.go",
"uriBaseId": "WORKSPACE"
},
"region": {
"startLine": 62,
"snippet": {
"text": "const EthereumPrivateKey = \"0x4c0883a69102937d6231471b5dbb6204fe512961708279f3e2e1a2e4567890abc\""
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Remove hardcoded Potential Secret Hash and use environment variables or secure vault"
}
}
],
"properties": {
"findingId": "7969e0e3-78c5-47c3-89be-8cd761e2853f",
"title": "Hardcoded Potential Secret Hash detected",
"metadata": {
"secret_type": "Potential Secret Hash"
}
}
}
],
"invocations": [
{
"executionSuccessful": true,
"endTimeUtc": "2025-09-29T09:02:26.097014Z"
}
],
"originalUriBaseIds": {
"WORKSPACE": {
"uri": "file:///workspace/",
"description": "The workspace root directory"
}
}
}
]
}