Warden

test: multi-pass pipeline with linter-rule-judge #51

Sign in to view logs

Triggered via pull request February 14, 2026 00:04

gricha

synchronize #162

test/multi-pass-pipeline

Status Success

Total duration 2m 35s

Artifacts –

warden.yml

on: pull_request

Annotations

3 errors

Arbitrary code execution via eval(): src/config/loader.ts#L133

The evaluateConfigExpression function uses eval() on user-supplied input, allowing arbitrary JavaScript code execution.

Arbitrary code execution via new Function(): src/config/loader.ts#L137

The createDynamicHandler function uses new Function() constructor with user-supplied code, allowing arbitrary JavaScript execution.

Command injection via execSync with path interpolation: src/config/loader.ts#L123

The runConfigScript function uses execSync with template literal interpolation for scriptName, allowing command injection via path traversal or shell metacharacters.