test: multi-pass pipeline with linter-rule-judge · gricha/perry@1ccc829

Triggered via pull request February 14, 2026 01:04

gricha

synchronize #162

test/multi-pass-pipeline

Status Success

Total duration 1m 57s

Artifacts –

warden.yml

on: pull_request

review

1m 54s

Annotations

3 errors

Arbitrary Code Execution via eval(): src/config/loader.ts#L133

The evaluateConfigExpression function uses eval() which allows arbitrary JavaScript code execution. If expr comes from user input, attackers can execute any code.

Arbitrary Code Execution via Function Constructor: src/config/loader.ts#L137

The createDynamicHandler function uses new Function() which allows arbitrary code execution. If code parameter contains user input, attackers can execute any code.

Command Injection via Template Literal: src/config/loader.ts#L123

The runConfigScript function uses execSync with template literal interpolation. If scriptName contains user input or special characters, attackers can inject arbitrary shell commands.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test: multi-pass pipeline with linter-rule-judge #57

Summary

test: multi-pass pipeline with linter-rule-judge #57

Uh oh!

warden.yml

Annotations