CodeReview/semgrep_results.json


			
				
				
					
						
						
						
							
							
							{"version":"1.145.0","results":[{"check_id":"dockerfile.security.missing-user.missing-user","path":"/Users/lintsinghua/XCodeReviewer/backend/Dockerfile","start":{"line":57,"col":1,"offset":1424},"end":{"line":57,"col":71,"offset":1494},"extra":{"message":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.","fix":"USER non-root\nCMD [\"uvicorn\", \"app.main:app\", \"--host\", \"0.0.0.0\", \"--port\", \"8000\"]","metadata":{"cwe":["CWE-250: Execution with Unnecessary Privileges"],"category":"security","technology":["dockerfile"],"confidence":"MEDIUM","owasp":["A04:2021 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authorization"],"source":"https://semgrep.dev/r/dockerfile.security.missing-user.missing-user","shortlink":"https://sg.run/Gbvn"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.sqlalchemy.performance.performance-improvements.len-all-count","path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":624,"col":34,"offset":23582},"end":{"line":626,"col":36,"offset":23719},"extra":{"message":"Using QUERY.count() instead of len(QUERY.all()) sends less data to the client since the SQLAlchemy method is performed server-side.","metadata":{"category":"performance","technology":["sqlalchemy"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","source":"https://semgrep.dev/r/python.sqlalchemy.performance.performance-improvements.len-all-count","shortlink":"https://sg.run/4y8g"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.sqlalchemy.performance.performance-improvements.len-all-count","path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":628,"col":31,"offset":23767},"end":{"line":630,"col":36,"offset":23910},"extra":{"message":"Using QUERY.count() instead of len(QUERY.all()) sends less data to the client since the SQLAlchemy method is performed server-side.","metadata":{"category":"performance","technology":["sqlalchemy"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","source":"https://semgrep.dev/r/python.sqlalchemy.performance.performance-improvements.len-all-count","shortlink":"https://sg.run/4y8g"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.sqlalchemy.performance.performance-improvements.len-all-count","path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":632,"col":34,"offset":23961},"end":{"line":634,"col":36,"offset":24113},"extra":{"message":"Using QUERY.count() instead of len(QUERY.all()) sends less data to the client since the SQLAlchemy method is performed server-side.","metadata":{"category":"performance","technology":["sqlalchemy"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","source":"https://semgrep.dev/r/python.sqlalchemy.performance.performance-improvements.len-all-count","shortlink":"https://sg.run/4y8g"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.fastapi.security.wildcard-cors.wildcard-cors","path":"/Users/lintsinghua/XCodeReviewer/backend/app/main.py","start":{"line":59,"col":19,"offset":1793},"end":{"line":59,"col":24,"offset":1798},"extra":{"message":"CORS policy allows any origin (using wildcard '*'). This is insecure and should be avoided.","metadata":{"cwe":["CWE-942: Permissive Cross-domain Policy with Untrusted Domains"],"owasp":["A05:2021 - Security Misconfiguration"],"category":"security","technology":["python","fastapi"],"references":["https://owasp.org/Top10/A05_2021-Security_Misconfiguration","https://cwe.mitre.org/data/definitions/942.html"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","vulnerability_class":["Configuration"],"subcategory":["vuln"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","source":"https://semgrep.dev/r/python.fastapi.security.wildcard-cors.wildcard-cors","shortlink":"https://sg.run/KxApY"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2","path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/report_generator.py","start":{"line":432,"col":24,"offset":14717},"end":{"line":432,"col":50,"offset":14743},"extra":{"message":"Detected direct use of jinja2. If not done properly, this may bypass HTML escaping which opens up the application to cross-site scripting (XSS) vulnerabilities. Prefer using the Flask method 'render_template()' and templates with a '.html' extension in order to prevent XSS.","metadata":{"cwe":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"owasp":["A07:2017 - Cross-Site Scripting (XSS)","A03:2021 - Injection"],"references":["https://jinja.palletsprojects.com/en/2.11.x/api/#basics"],"category":"security","technology":["flask"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cross-Site-Scripting (XSS)"],"source":"https://semgrep.dev/r/python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2","shortlink":"https://sg.run/RoKe"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}}],"errors":[],"paths":{"scanned":["/Users/lintsinghua/XCodeReviewer/backend/.dockerignore","/Users/lintsinghua/XCodeReviewer/backend/.gitignore","/Users/lintsinghua/XCodeReviewer/backend/.python-version","/Users/lintsinghua/XCodeReviewer/backend/Dockerfile","/Users/lintsinghua/XCodeReviewer/backend/README_UV.md","/Users/lintsinghua/XCodeReviewer/backend/UV_MIGRATION.md","/Users/lintsinghua/XCodeReviewer/backend/alembic/env.py","/Users/lintsinghua/XCodeReviewer/backend/alembic/script.py.mako","/Users/lintsinghua/XCodeReviewer/backend/alembic/versions/001_initial.py","/Users/lintsinghua/XCodeReviewer/backend/alembic/versions/004_add_prompts_and_rules.py","/Users/lintsinghua/XCodeReviewer/backend/alembic/versions/006_add_agent_tables.py","/Users/lintsinghua/XCodeReviewer/backend/alembic/versions/5fc1cc05d5d0_add_missing_user_fields.py","/Users/lintsinghua/XCodeReviewer/backend/alembic/versions/73889a94a455_add_is_active_to_projects.py","/Users/lintsinghua/XCodeReviewer/backend/alembic/versions/add_source_type_to_projects.py","/Users/lintsinghua/XCodeReviewer/backend/alembic.ini","/Users/lintsinghua/XCodeReviewer/backend/app/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/deps.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/api.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/agent_tasks.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/auth.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/config.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/embedding_config.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/members.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/projects.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/prompts.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/rules.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/scan.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/tasks.py","/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/users.py","/Users/lintsinghua/XCodeReviewer/backend/app/core/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/core/config.py","/Users/lintsinghua/XCodeReviewer/backend/app/core/encryption.py","/Users/lintsinghua/XCodeReviewer/backend/app/core/security.py","/Users/lintsinghua/XCodeReviewer/backend/app/db/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/db/base.py","/Users/lintsinghua/XCodeReviewer/backend/app/db/init_db.py","/Users/lintsinghua/XCodeReviewer/backend/app/db/session.py","/Users/lintsinghua/XCodeReviewer/backend/app/main.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/agent_task.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/analysis.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/audit.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/audit_rule.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/project.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/prompt_template.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/user.py","/Users/lintsinghua/XCodeReviewer/backend/app/models/user_config.py","/Users/lintsinghua/XCodeReviewer/backend/app/schemas/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/schemas/audit_rule.py","/Users/lintsinghua/XCodeReviewer/backend/app/schemas/prompt_template.py","/Users/lintsinghua/XCodeReviewer/backend/app/schemas/token.py","/Users/lintsinghua/XCodeReviewer/backend/app/schemas/user.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/analysis.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/analysis_v2.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/base.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/orchestrator.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/react_agent.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/recon.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/verification.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/event_manager.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/audit_graph.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/nodes.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/runner.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/json_parser.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/prompts/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/prompts/system_prompts.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/streaming/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/streaming/stream_handler.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/streaming/token_streamer.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/streaming/tool_stream.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/base.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/code_analysis_tool.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/file_tool.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/pattern_tool.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/rag_tool.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/sandbox_tool.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/init_templates.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/adapters/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/adapters/baidu_adapter.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/adapters/doubao_adapter.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/adapters/litellm_adapter.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/adapters/minimax_adapter.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/base_adapter.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/factory.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/service.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/llm/types.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/rag/__init__.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/rag/embeddings.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/rag/indexer.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/rag/retriever.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/rag/splitter.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/report_generator.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/scanner.py","/Users/lintsinghua/XCodeReviewer/backend/app/services/zip_storage.py","/Users/lintsinghua/XCodeReviewer/backend/data/vector_db/ef6dc788-cc23-4a4d-b1a9-5ce4b32248b8/data_level0.bin","/Users/lintsinghua/XCodeReviewer/backend/data/vector_db/ef6dc788-cc23-4a4d-b1a9-5ce4b32248b8/header.bin","/Users/lintsinghua/XCodeReviewer/backend/data/vector_db/ef6dc788-cc23-4a4d-b1a9-5ce4b32248b8/length.bin","/Users/lintsinghua/XCodeReviewer/backend/data/vector_db/ef6dc788-cc23-4a4d-b1a9-5ce4b32248b8/link_lists.bin","/Users/lintsinghua/XCodeReviewer/backend/env.example","/Users/lintsinghua/XCodeReviewer/backend/main.py","/Users/lintsinghua/XCodeReviewer/backend/pyproject.toml","/Users/lintsinghua/XCodeReviewer/backend/requirements-lock.txt","/Users/lintsinghua/XCodeReviewer/backend/requirements.txt","/Users/lintsinghua/XCodeReviewer/backend/start.sh","/Users/lintsinghua/XCodeReviewer/backend/static/images/logo_nobg.png","/Users/lintsinghua/XCodeReviewer/backend/test_logo.py","/Users/lintsinghua/XCodeReviewer/backend/uploads/.gitkeep","/Users/lintsinghua/XCodeReviewer/backend/uv.lock"]},"time":{"rules":[],"rules_parse_time":1.2000598907470703,"profiling_times":{"config_time":3.0274291038513184,"core_time":37.23275899887085,"ignores_time":0.0010230541229248047,"total_time":40.26207113265991},"parsing_time":{"total_time":0.0,"per_file_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"scanning_time":{"total_time":234.07624554634094,"per_file_time":{"mean":0.6966554926974439,"std_dev":4.675806630950063},"very_slow_stats":{"time_ratio":0.8731978438340042,"count_ratio":0.10416666666666667},"very_slow_files":[{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/scan.py","ftime":7.5774359703063965},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py","ftime":8.510899066925049},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/analysis.py","ftime":9.324252128601074},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/agent_tasks.py","ftime":10.199949026107788},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/pattern_tool.py","ftime":10.646106958389282},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/services/init_templates.py","ftime":11.258774042129517},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/prompts.py","ftime":11.770168781280518},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/services/rag/splitter.py","ftime":11.997308015823364},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/react_agent.py","ftime":12.751168012619019},{"fpath":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/projects.py","ftime":16.807862043380737}]},"matching_time":{"total_time":0.0,"per_file_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_files":[]},"tainting_time":{"total_time":0.0,"per_def_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_defs":[]},"fixpoint_timeouts":[{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/alembic/versions/006_add_agent_tables.py:19:4 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/alembic/versions/006_add_agent_tables.py","start":{"line":19,"col":5,"offset":370},"end":{"line":19,"col":12,"offset":377}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/agent_tasks.py:203:10 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/agent_tasks.py","start":{"line":203,"col":11,"offset":5475},"end":{"line":203,"col":30,"offset":5494}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py:202:10 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":202,"col":11,"offset":7486},"end":{"line":202,"col":26,"offset":7501}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py:37:10 [rules: 1, first: python.flask.security.injection.tainted-url-host.tainted-url-host]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":37,"col":11,"offset":975},"end":{"line":37,"col":26,"offset":990}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py:488:10 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":488,"col":11,"offset":18788},"end":{"line":488,"col":29,"offset":18806}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/scan.py:47:10 [rules: 2, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/scan.py","start":{"line":47,"col":11,"offset":1499},"end":{"line":47,"col":27,"offset":1515}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/db/init_db.py:51:10 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/db/init_db.py","start":{"line":51,"col":11,"offset":1548},"end":{"line":51,"col":27,"offset":1564}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/analysis.py:236:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/analysis.py","start":{"line":236,"col":15,"offset":7437},"end":{"line":236,"col":18,"offset":7440}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/orchestrator.py:144:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/orchestrator.py","start":{"line":144,"col":15,"offset":4111},"end":{"line":144,"col":18,"offset":4114}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/react_agent.py:253:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/react_agent.py","start":{"line":253,"col":15,"offset":8497},"end":{"line":253,"col":18,"offset":8500}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/recon.py:207:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/recon.py","start":{"line":207,"col":15,"offset":6233},"end":{"line":207,"col":18,"offset":6236}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/verification.py:216:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/agents/verification.py","start":{"line":216,"col":15,"offset":6905},"end":{"line":216,"col":18,"offset":6908}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/audit_graph.py:580:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/audit_graph.py","start":{"line":580,"col":15,"offset":18800},"end":{"line":580,"col":18,"offset":18803}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/nodes.py:139:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/nodes.py","start":{"line":139,"col":15,"offset":5316},"end":{"line":139,"col":23,"offset":5324}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/nodes.py:277:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/graph/nodes.py","start":{"line":277,"col":15,"offset":11241},"end":{"line":277,"col":23,"offset":11249}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/json_parser.py:150:8 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/json_parser.py","start":{"line":150,"col":9,"offset":4774},"end":{"line":150,"col":14,"offset":4779}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/code_analysis_tool.py:342:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/code_analysis_tool.py","start":{"line":342,"col":15,"offset":11823},"end":{"line":342,"col":23,"offset":11831}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/code_analysis_tool.py:72:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/code_analysis_tool.py","start":{"line":72,"col":15,"offset":1932},"end":{"line":72,"col":23,"offset":1940}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py:101:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py","start":{"line":101,"col":15,"offset":2731},"end":{"line":101,"col":23,"offset":2739}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py:300:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py","start":{"line":300,"col":15,"offset":10031},"end":{"line":300,"col":23,"offset":10039}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py:585:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py","start":{"line":585,"col":15,"offset":20431},"end":{"line":585,"col":23,"offset":20439}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py:803:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/external_tools.py","start":{"line":803,"col":15,"offset":28487},"end":{"line":803,"col":23,"offset":28495}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/file_tool.py:217:14 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/file_tool.py","start":{"line":217,"col":15,"offset":6991},"end":{"line":217,"col":23,"offset":6999}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/pattern_tool.py:38:6 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/agent/tools/pattern_tool.py","start":{"line":38,"col":7,"offset":963},"end":{"line":38,"col":23,"offset":979}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/rag/splitter.py:482:8 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/rag/splitter.py","start":{"line":482,"col":9,"offset":16235},"end":{"line":482,"col":33,"offset":16259}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at /Users/lintsinghua/XCodeReviewer/backend/app/services/scanner.py:238:10 [rules: 2, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"/Users/lintsinghua/XCodeReviewer/backend/app/services/scanner.py","start":{"line":238,"col":11,"offset":8735},"end":{"line":238,"col":25,"offset":8749}}}],"prefiltering":{"project_level_time":0.0,"file_level_time":0.0,"rules_with_project_prefilters_ratio":0.0,"rules_with_file_prefilters_ratio":0.9899620184481823,"rules_selected_ratio":0.0529028757460662,"rules_matched_ratio":0.0529028757460662},"targets":[],"total_bytes":0,"max_memory_bytes":1613084800},"engine_requested":"OSS","skipped_rules":[],"profiling_results":[]}

						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink