53 lines
1.8 KiB
JSON
53 lines
1.8 KiB
JSON
{
|
|
"feature_id": "F-001",
|
|
"agent": "security",
|
|
"verdict": "CHANGES_REQUESTED",
|
|
"summary": "Legacy code still contains hard-coded API credentials, database credentials, and production-coupled endpoints inside versioned files. Feature cannot pass security gate until secrets are removed or externalized.",
|
|
"checks": [
|
|
"secret scan",
|
|
"input and config review",
|
|
"repo path review"
|
|
],
|
|
"findings": [
|
|
{
|
|
"severity": "high",
|
|
"title": "Hard-coded API credential in legacy PHP files",
|
|
"status": "open",
|
|
"paths": [
|
|
"project/web/index/new/describe.php",
|
|
"project/web/index/new/worker_bulk.php",
|
|
"project/web/index/new/productos_bulk_update.php"
|
|
]
|
|
},
|
|
{
|
|
"severity": "high",
|
|
"title": "Hard-coded database credentials in versioned PHP files",
|
|
"status": "open",
|
|
"paths": [
|
|
"project/web/index/new/worker_bulk.php",
|
|
"project/web/index/new/productos_modificados.php",
|
|
"project/web/index/new/productos_bulk_update.php",
|
|
"project/web/index/new/db/conn.php"
|
|
]
|
|
},
|
|
{
|
|
"severity": "medium",
|
|
"title": "Code is coupled to production URLs and external auth/success endpoints",
|
|
"status": "open",
|
|
"paths": [
|
|
"project/web/index/new/index.php",
|
|
"project/web/index/new/inc/header.php",
|
|
"project/web/index/new/productos_modificados.php",
|
|
"project/web/index/new/productos_bulk_update.php"
|
|
]
|
|
}
|
|
],
|
|
"evidence": [
|
|
"Ran secret scan on project/web/index/new excluding logs",
|
|
"Found hard-coded API and DB credentials in PHP source files",
|
|
"Found production URL coupling and external endpoint references",
|
|
"Reviewed ADR risk note that secrets remain in repo"
|
|
],
|
|
"timestamp": "2026-05-25T05:45:00Z"
|
|
}
|