Files
arnes/work/artifacts/F-001/security.json

53 lines
1.8 KiB
JSON

{
"feature_id": "F-001",
"agent": "security",
"verdict": "CHANGES_REQUESTED",
"summary": "Legacy code still contains hard-coded API credentials, database credentials, and production-coupled endpoints inside versioned files. Feature cannot pass security gate until secrets are removed or externalized.",
"checks": [
"secret scan",
"input and config review",
"repo path review"
],
"findings": [
{
"severity": "high",
"title": "Hard-coded API credential in legacy PHP files",
"status": "open",
"paths": [
"project/web/index/new/describe.php",
"project/web/index/new/worker_bulk.php",
"project/web/index/new/productos_bulk_update.php"
]
},
{
"severity": "high",
"title": "Hard-coded database credentials in versioned PHP files",
"status": "open",
"paths": [
"project/web/index/new/worker_bulk.php",
"project/web/index/new/productos_modificados.php",
"project/web/index/new/productos_bulk_update.php",
"project/web/index/new/db/conn.php"
]
},
{
"severity": "medium",
"title": "Code is coupled to production URLs and external auth/success endpoints",
"status": "open",
"paths": [
"project/web/index/new/index.php",
"project/web/index/new/inc/header.php",
"project/web/index/new/productos_modificados.php",
"project/web/index/new/productos_bulk_update.php"
]
}
],
"evidence": [
"Ran secret scan on project/web/index/new excluding logs",
"Found hard-coded API and DB credentials in PHP source files",
"Found production URL coupling and external endpoint references",
"Reviewed ADR risk note that secrets remain in repo"
],
"timestamp": "2026-05-25T05:45:00Z"
}