test: multi-pass pipeline with linter-rule-judge · gricha/perry@ce2dfae

Triggered via pull request February 13, 2026 21:39

gricha

synchronize #162

test/multi-pass-pipeline

Status Success

Total duration 2m 40s

Artifacts –

warden.yml

on: pull_request

review

2m 37s

Annotations

3 errors

Command Injection via execSync Template Literal: src/config/loader.ts#L126

execSync executes shell command with unsanitized path concatenation. If scriptName contains shell metacharacters (e.g., `; rm -rf /`), arbitrary commands execute.

Arbitrary Code Execution via eval(): src/config/loader.ts#L134

eval() executes arbitrary JavaScript code. If expr parameter receives user input, attackers gain full code execution with application privileges.

Arbitrary Code Execution via Function Constructor: src/config/loader.ts#L138

new Function() creates executable code from strings. If code parameter receives untrusted input, attackers execute arbitrary JavaScript with full application privileges.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test: multi-pass pipeline with linter-rule-judge #41

Summary

test: multi-pass pipeline with linter-rule-judge #41

Uh oh!

warden.yml

Annotations