DEMO

j/k naviguer • Ctrl+Home début

💚 Score de Sécurité du Code
📊 Visualisation
📋 Paramètres
📋 Résumé
📁 Top Fichiers
📊 Comparaison avec baseline
🔍 Problèmes Détectés
📜 Règles personnalisées
🔬 Fixtures
📦 Dépendances
⏱️ SLA par sévérité
👤 Findings par auteur
📋 Matrice de conformité ISO 27001
🔰 Conformité OWASP ASVS v5.0.0
🛡️ Conformité NIST CSF 2.0
✅ Bonnes Pratiques Vérifiées
📖 Lexique

StaticCodeAudit — Rapport d'Audit - MyApp

Généré le 16/05/2026 à 11:43 • v3.0 [0b0a68a8] 🇫🇷 Français

📂 10 fichiers analysés • 📝 1 538 lignes de code • ⏱️ 1.2s

Chatbot RAG avec FastAPI

Score de Sécurité du Code : 71%

Score de conformité : 20.0%

Ce score mesure la sécurité du code source uniquement. Formule : 100 ÷ (1 + P ÷ (20 × F)), où P = somme des pénalités et F = facteur LOC (lignes de code ÷ 1 000, minimum 1). Chaque finding Sécurité coûte : CRITICAL (10), HIGH (5), MEDIUM (2), LOW (1). La pondération par LOC normalise le score selon la taille du projet. Les catégories non-sécuritaires (Architecture, UI, UX, Maintenance) ne sont pas comptabilisées.

📊 Visualisation ↑ Sommaire

Répartition par Sévérité

Problèmes par Catégorie

📊 Findings par langage et sévérité

Code Métier vs Dépendances

🧪 Tests Unitaires

🔬 Validation Fixtures

⏱️ Temps d'analyse

📦 Dépendances

🔬 Chemin de la donnée

📊 Findings par source

📈 Évolution des Problèmes

HIGH / MEDIUM / LOW sur 10 audits

🧪 Évolution des Tests

Taux de succès et nombre de tests

⏱️ Évolution des temps

Temps total sur les 10 derniers audits

Score de Sécurité du Code

71%

Résumé

2 Importants (HIGH)

25 Modérés (MEDIUM)

38 Mineurs (LOW)

Tendance

🔴48 nouveaux problèmes

🟢3380 résolus

⚪0 persistants

Recommandations prioritaires

P1 Corriger en priorité les vulnérabilités critiques — risque d'exploitation immédiat

P2 Planifier la correction des risques modérés dans le prochain sprint

P2 Score de santé à améliorer — maintenir l'effort de correction

📋 Résumé ↑ Sommaire

Critiques (CRITICAL)

Importants (HIGH)

Mineurs (LOW)

171

Bonnes Pratiques Vérifiées

📦 Code métier

🔗 Dépendances

🧪 Tests (0)

🔬 Fixtures (0)

1.2s

⏱️ Durée de l'audit

Contexte securitaire (critical)
2 HIGH — Time-to-Exploit (TTE): 4h (2024). Fenetre d'exposition: 74 days (median MTTR). 28% of vulnerabilities exploited within 24h of disclosure.
Source: Zero Day Clock (zerodayclock.com) — 83,000+ CVE tracked

🔧 Détails techniques

📋 Paramètres ▶

📋 Projet

Nom MyApp v3.0

Description Chatbot RAG avec FastAPI

Identifiant 0b0a68a8-b60e-4d24-b5bd-2df45d868bb2

Chemin DEMO - MyApp

📋 Périmètre de l'audit

Langages html, javascript, python

Extensions scannées python: .py
javascript: .js, .jsx, .ts, .tsx, .mjs
html: .html, .htm, .xhtml, .shtml, .vue, .svelte, .ejs, .hbs, .njk, .jinja, .jinja2, .twig, .liquid, .mustache, .phtml, .erb, .jsp, .asp, .aspx, .cshtml

Dossiers analysés app/ UI-FRONT/ UI-BACK/ UI-SHARED/

Patterns exclus node_modules/ vendor/ .venv/ __pycache__/ alembic/ *.min.js *.bundle.js alembic/ audit-reports/ audit-datas/

Mode Complet

Catégorie filtrée tous

Règles désactivées aucun

Catégories ✓ Sécurité (×3) ✓ Architecture (×2) ✓ Interface (×1) ✓ Expérience utilisateur (×1) ✓ Maintenance (×1)

⚙️ Options CLI

⬜ --quick Mode rapide — sécurité uniquement

⬜ --fail-on-high Exit code 1 si vulnérabilités HIGH détectées

⬜ --sarif Export SARIF 2.1.0 (GitHub Code Scanning, GitLab SAST)

⬜ --sbom Génération SBOM CycloneDX (inventaire des dépendances)

✅ --lang Langue du rapport

⬜ --debug Journalisation debug (niveaux : info, detail, trace)

⬜ --with-tests Auto-détection et exécution des tests unitaires du projet

⬜ --with-deps Scan de vulnérabilités des dépendances (pip-audit, npm audit)

⬜ --severity Scan limité aux sévérités : {levels}

Top 10 Fichiers Problématiques

Classés par score de sévérité (CRITICAL×10, HIGH×5, MEDIUM×2, LOW×1)

path_to/file_

N MediumN Low

path_to/file_

N High

path_to/file_

N High

path_to/file_

N Low

path_to/file_

N Low

path_to/file_

N Low

path_to/file_

N Low

path_to/file_

N Low

path_to/file_

N Low

📊

Comparaison avec baseline

2026-05-05-17-17 ↑ Sommaire ▶

HIGH -332

Référence 334

→

Actuel 2

MEDIUM -2038

Référence 2063

→

Actuel 25

LOW -946

Référence 984

→

Actuel 38

➕ Nouveaux problèmes 48

HIGH Dockerfile exécuté en root docker/n8n-mcp-api/Dockerfile:1

HIGH Dockerfile exécuté en root docker/n8n-mcp-docs/Dockerfile:1

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:68

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:264

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:353

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:146

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:91

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:105

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:408

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:340

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:410

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:499

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:73

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:500

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:81

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:433

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:139

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:269

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:494

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:59

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:40

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:420

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:393

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:162

MEDIUM Bouton HTML sans attribut type UI-FRONT/index.html:133

LOW SVG inline HTML UI-FRONT/index.html:521

LOW SVG inline HTML UI-FRONT/index.html:185

LOW SVG inline HTML UI-FRONT/index.html:197

LOW Intégrité des sous-ressources manquante UI-FRONT/index.html:574

LOW SVG inline HTML UI-FRONT/index.html:176

LOW SVG inline HTML UI-FRONT/index.html:439

LOW SVG inline HTML UI-FRONT/index.html:275

LOW Style CSS en ligne (HTML) UI-FRONT/index.html:362

LOW SVG inline HTML UI-FRONT/index.html:227

LOW SVG inline HTML UI-FRONT/index.html:182

LOW Niveau de titre sauté UI-FRONT/index.html:238

LOW SVG inline HTML UI-FRONT/index.html:270

LOW Repère principal <main> absent app/common/email/templates/new_registration.html:124

LOW Repère principal <main> absent app/common/email/templates/password_reset.html:103

LOW SVG inline HTML app/common/email/templates/pending_approval.html:105

LOW Niveau de titre sauté app/common/email/templates/pending_approval.html:120

LOW Repère principal <main> absent app/common/email/templates/pending_approval.html:93

LOW SVG inline HTML app/common/email/templates/rejected.html:103

LOW Repère principal <main> absent app/common/email/templates/rejected.html:91

LOW Niveau de titre sauté app/common/email/templates/rejected.html:117

LOW Repère principal <main> absent app/common/email/templates/verification.html:93

LOW Repère principal <main> absent app/common/email/templates/welcome.html:105

LOW Niveau de titre sauté app/common/email/templates/welcome.html:121

✅ Problèmes résolus 3380

✓ HIGH XSS via innerHTML UI-BACK/js/app.js:283

✓ HIGH XSS via innerHTML UI-BACK/js/app.js:86

✓ HIGH XSS via innerHTML UI-BACK/js/app.js:485

✓ HIGH XSS via innerHTML UI-BACK/js/app.js:474

✓ HIGH XSS via innerHTML UI-BACK/js/app.js:300

✓ HIGH XSS via innerHTML UI-BACK/js/app.js:165

✓ HIGH xss_unsafe_html_construction UI-BACK/js/app.js:165

✓ HIGH Open Redirect — tainted data used in redirect without URL validation UI-BACK/js/app.js:212

✓ HIGH XSS via innerHTML UI-BACK/js/modules/audit.js:551

✓ HIGH XSS via innerHTML UI-BACK/js/modules/audit.js:78

✓ HIGH XSS via innerHTML UI-BACK/js/modules/audit.js:15

✓ HIGH XSS via innerHTML UI-BACK/js/modules/audit.js:752

✓ HIGH XSS via innerHTML UI-BACK/js/modules/audit.js:166

✓ HIGH XSS via innerHTML UI-BACK/js/modules/audit.js:658

✓ HIGH XSS via innerHTML UI-BACK/js/modules/audit.js:226

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:818

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:38

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:904

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:136

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:358

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:391

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:469

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:132

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-collections.js:634

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-conversations.js:39

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-conversations.js:481

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-conversations.js:267

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-conversations.js:271

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:35

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:132

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:253

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:570

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:603

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:1121

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:298

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:521

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:136

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-corpus.js:217

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-documents.js:146

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-documents.js:39

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-documents.js:673

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-documents.js:465

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-documents.js:623

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-documents.js:150

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:301

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:391

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:254

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:79

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:566

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:250

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:628

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:18

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:423

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:698

✓ HIGH Potential dependency confusion — internal package name could be squatted on npm UI-BACK/js/modules/content-logs.js:348

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content-logs.js:720

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content.js:84

✓ HIGH XSS via innerHTML UI-BACK/js/modules/content.js:24

✓ HIGH XSS via innerHTML UI-BACK/js/modules/dashboard.js:74

✓ HIGH XSS via innerHTML UI-BACK/js/modules/dashboard.js:124

✓ HIGH XSS via innerHTML UI-BACK/js/modules/dashboard.js:90

✓ HIGH XSS via innerHTML UI-BACK/js/modules/dashboard.js:107

✓ HIGH XSS via innerHTML UI-BACK/js/modules/dashboard.js:71

✓ HIGH XSS via innerHTML UI-BACK/js/modules/dashboard.js:202

✓ HIGH XSS via innerHTML UI-BACK/js/modules/dashboard.js:211

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:1021

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:1202

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:76

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:883

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:1552

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:225

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:69

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:1256

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:165

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:1162

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:1592

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:805

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:744

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:188

✓ HIGH XSS via innerHTML UI-BACK/js/modules/sources.js:244

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system.js:32

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/appearance.js:24

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/appearance.js:31

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/appearance.js:63

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/appearance.js:181

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/chat.js:118

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/chat.js:19

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/chat.js:14

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/debug.js:24

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/debug.js:14

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/debug.js:65

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/geo.js:14

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/geo.js:89

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/geo.js:145

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/indexation.js:14

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/indexation.js:34

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/indexation.js:121

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:865

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:135

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:244

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1030

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1701

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:975

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1917

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:997

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1689

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:213

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:871

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:933

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1930

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1942

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:883

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1986

✓ HIGH xss_unsafe_html_construction UI-BACK/js/modules/system/llm.js:997

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1717

✓ HIGH xss_unsafe_html_construction UI-BACK/js/modules/system/llm.js:975

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1457

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/llm.js:1681

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/logging.js:27

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/logging.js:13

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/logging.js:153

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/modes.js:162

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/modes.js:38

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/modes.js:67

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/modes.js:16

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/notifications.js:219

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/notifications.js:210

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/notifications.js:18

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/notifications.js:13

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/notifications.js:162

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/password.js:14

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/password.js:21

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/password.js:41

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/perf.js:229

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/perf.js:24

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/perf.js:19

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/smtp.js:191

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/smtp.js:248

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/smtp.js:36

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/smtp.js:265

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/smtp.js:239

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/smtp.js:261

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/smtp.js:13

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/speech.js:14

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/speech.js:175

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/speech.js:62

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/storage.js:68

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/storage.js:14

✓ HIGH XSS via innerHTML UI-BACK/js/modules/system/storage.js:198

✓ HIGH XSS via innerHTML UI-BACK/js/modules/users.js:366

✓ HIGH XSS via innerHTML UI-BACK/js/modules/users.js:50

✓ HIGH XSS via innerHTML UI-BACK/js/modules/users.js:174

✓ HIGH XSS via innerHTML UI-BACK/js/modules/users.js:178

✓ HIGH XSS via innerHTML UI-BACK/js/modules/users.js:137

✓ HIGH XSS via innerHTML UI-BACK/js/modules/validation.js:116

✓ HIGH XSS via innerHTML UI-BACK/js/modules/validation.js:142

✓ HIGH XSS via innerHTML UI-BACK/js/modules/validation.js:185

✓ HIGH XSS via innerHTML UI-BACK/js/modules/validation.js:37

✓ HIGH XSS via innerHTML UI-BACK/js/utils/table-sort.js:43

✓ HIGH XSS via innerHTML UI-FRONT/js/app.js:733

✓ HIGH XSS via innerHTML UI-FRONT/js/app.js:527

✓ HIGH XSS via innerHTML UI-FRONT/js/app.js:116

✓ HIGH XSS via innerHTML UI-FRONT/js/app.js:354

✓ HIGH XSS via innerHTML UI-FRONT/js/app.js:379

✓ HIGH XSS via innerHTML UI-FRONT/js/app.js:410

✓ HIGH XSS via innerHTML UI-FRONT/js/app.js:329

✓ HIGH Open Redirect — tainted data used in redirect without URL validation UI-FRONT/js/app.js:128

✓ HIGH insecure_dependency_http UI-FRONT/js/config.js:8

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/documents.js:798

✓ HIGH Potential dependency confusion — internal package name could be squatted on npm UI-FRONT/js/modules/documents.js:608

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/documents.js:175

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/documents.js:544

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/documents.js:126

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/documents.js:665

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/documents.js:333

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/documents.js:275

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/settings.js:251

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/settings.js:53

✓ HIGH XSS via innerHTML UI-FRONT/js/modules/settings.js:220

✓ HIGH XSS via innerHTML UI-SHARED/js/components/confirm.js:215

✓ HIGH XSS via innerHTML UI-SHARED/js/components/debug-banner.js:119

✓ HIGH XSS via innerHTML UI-SHARED/js/components/draggable.js:27

✓ HIGH XSS via innerHTML UI-SHARED/js/components/message-modal.js:99

✓ HIGH XSS via innerHTML UI-SHARED/js/components/message-modal.js:105

✓ HIGH XSS via innerHTML UI-SHARED/js/components/message-modal.js:112

✓ HIGH JSX label without associated control (missing htmlFor) UI-SHARED/js/components/password-reset.js:91

✓ HIGH JSX label without associated control (missing htmlFor) UI-SHARED/js/components/password-reset.js:51

✓ HIGH JSX label without associated control (missing htmlFor) UI-SHARED/js/components/password-reset.js:86

✓ HIGH XSS via innerHTML UI-SHARED/js/components/progress.js:57

✓ HIGH XSS via innerHTML UI-SHARED/js/components/table-pagination.js:63

✓ HIGH XSS via innerHTML UI-SHARED/js/components/table-pagination.js:46

✓ HIGH XSS via innerHTML UI-SHARED/js/components/toast.js:59

✓ HIGH Potential dependency confusion — internal package name could be squatted on npm UI-SHARED/js/components/upload.js:719

✓ HIGH XSS via innerHTML UI-SHARED/js/components/upload.js:780

✓ HIGH XSS via innerHTML UI-SHARED/js/components/upload.js:318

✓ HIGH XSS via innerHTML UI-SHARED/js/components/upload.js:806

✓ HIGH XSS via innerHTML UI-SHARED/js/components/upload.js:427

✓ HIGH XSS via innerHTML UI-SHARED/js/components/upload.js:906

✓ HIGH XSS via innerHTML UI-SHARED/js/components/upload.js:420

✓ HIGH XSS via innerHTML UI-SHARED/js/components/upload.js:337

✓ HIGH XSS via innerHTML UI-SHARED/js/components/upload.js:120

✓ HIGH XSS via innerHTML UI-SHARED/js/components/user-form.js:593

✓ HIGH XSS via innerHTML UI-SHARED/js/components/user-form.js:206

✓ HIGH XSS via innerHTML UI-SHARED/js/components/user-form.js:728

✓ HIGH XSS via innerHTML UI-SHARED/js/components/user-form.js:733

✓ HIGH JSX label without associated control (missing htmlFor) UI-SHARED/js/config/icons.js:142

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:166

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:571

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:447

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:110

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:106

✓ HIGH xss_unsafe_html_construction UI-SHARED/js/modules/conversations.js:552

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:276

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:308

✓ HIGH xss_unsafe_html_construction UI-SHARED/js/modules/conversations.js:110

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:552

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:232

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:1127

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:612

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:218

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:1032

✓ HIGH xss_unsafe_html_construction UI-SHARED/js/modules/conversations.js:218

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/conversations.js:886

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/messages.js:248

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/messages.js:79

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/messages.js:395

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/messages.js:141

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/messages.js:145

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/messages.js:304

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/sources-selector.js:120

✓ HIGH JSX label without associated control (missing htmlFor) UI-SHARED/js/modules/sources-selector.js:111

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/sources-selector.js:102

✓ HIGH xss_unsafe_html_construction UI-SHARED/js/modules/sources-selector.js:102

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/streaming.js:275

✓ HIGH xss_unsafe_html_construction UI-SHARED/js/modules/streaming.js:237

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/streaming.js:320

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/streaming.js:237

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/streaming.js:97

✓ HIGH XSS via innerHTML UI-SHARED/js/modules/streaming.js:288

✓ HIGH XSS via innerHTML UI-SHARED/js/services/config.js:134

✓ HIGH XSS via innerHTML UI-SHARED/js/services/icon-registry.js:213

✓ HIGH XSS via innerHTML UI-SHARED/js/services/reindex-banner.js:127

✓ HIGH XSS via innerHTML UI-SHARED/js/services/reindex-banner.js:91

✓ HIGH JSX label without associated control (missing htmlFor) UI-SHARED/js/services/templates.js:757

✓ HIGH JSX label without associated control (missing htmlFor) UI-SHARED/js/services/templates.js:742

✓ HIGH javascript: URI — XSS UI-SHARED/js/utils/dom.js:66

✓ HIGH incomplete_url_scheme_check UI-SHARED/js/utils/dom.js:66

✓ HIGH XSS via innerHTML UI-SHARED/js/utils/i18n.js:170

✓ HIGH Prototype pollution UI-SHARED/js/utils/i18n.js:102

✓ HIGH Select without accessible label UI-SHARED/templates/components/pagination.html:16

✓ HIGH Path traversal (Python) app/common/i18n/__init__.py:59

✓ HIGH Path traversal (Python) app/common/i18n/__init__.py:43

✓ HIGH header_injection app/common/middleware/debug_timing.py:40

✓ HIGH header_injection app/common/middleware/debug_timing.py:39

✓ HIGH header_injection app/common/middleware/debug_timing.py:38

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/collections/service.py:1692

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/collections/service.py:1657

✓ HIGH User-controlled input is used in an HTTP response header without sanitization — HTTP Response Splitting / Header Injection risk. app/features/admin/config/router.py:1444

✓ HIGH Insecure deserialization call app/features/admin/config/router.py:1703

✓ HIGH Path traversal (Python) app/features/admin/config/service.py:1252

✓ HIGH Path traversal (Python) app/features/admin/config/service.py:951

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/config/service.py:284

✓ HIGH Insecure deserialization call app/features/admin/config/service.py:1125

✓ HIGH Path traversal (Python) app/features/admin/config/service.py:2012

✓ HIGH Path traversal (Python) app/features/admin/config/service.py:1449

✓ HIGH Vulnerable Dependency app/features/admin/config/service.py:822

✓ HIGH Vulnerable Dependency app/features/admin/config/service.py:821

✓ HIGH HTTP request smuggling app/features/admin/config/service.py:945

✓ HIGH User-controlled input is used in an HTTP response header without sanitization — HTTP Response Splitting / Header Injection risk. app/features/admin/conversations/router.py:587

✓ HIGH User-controlled input is used in an HTTP response header without sanitization — HTTP Response Splitting / Header Injection risk. app/features/admin/documents/router.py:179

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/repository.py:372

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/repository.py:367

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/repository.py:298

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/repository.py:358

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/repository.py:104

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/admin/users/router.py:506

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/audit/repository.py:191

✓ HIGH User-controlled input is used in an HTTP response header without sanitization — HTTP Response Splitting / Header Injection risk. app/features/chat/router.py:133

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/conversations/service.py:493

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/documents/repository.py:32

✓ HIGH User-controlled input is used in an HTTP response header without sanitization — HTTP Response Splitting / Header Injection risk. app/features/logs/router.py:183

✓ HIGH DB error exposed in response (Python) app/features/sources/connectors/api.py:140

✓ HIGH DB error exposed in response (Python) app/features/sources/connectors/database.py:136

✓ HIGH Base64 encoded credentials app/features/sources/connectors/mcp.py:79

✓ HIGH Reversible password storage (Python) app/features/sources/connectors/mcp.py:79

✓ HIGH DB error exposed in response (Python) app/features/sources/connectors/mcp.py:355

✓ HIGH DB error exposed in response (Python) app/features/sources/connectors/web.py:699

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/sources/history.py:186

✓ HIGH DB error exposed in response (Python) app/features/sources/indexer.py:510

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/user/profile/service.py:121

✓ HIGH SQL Injection — tainted data flows into a SQL query without parameterization app/features/user/profile/service.py:107

✓ HIGH Dockerfile runs as root docker/n8n-mcp-api/Dockerfile:1

✓ HIGH Dockerfile runs as root docker/n8n-mcp-docs/Dockerfile:1

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:94

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:81

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:90

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:58

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:77

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:120

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:86

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:99

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:64

✓ MEDIUM HTML button without type attribute UI-BACK/index.html:73

✓ MEDIUM Log Injection — tainted data written to logs without sanitization UI-BACK/js/app.js:476

✓ MEDIUM Log Injection — tainted data written to logs without sanitization UI-BACK/js/app.js:483

✓ MEDIUM N+1 query (JavaScript) UI-BACK/js/modules/audit.js:579

✓ MEDIUM N+1 query (JavaScript) UI-BACK/js/modules/content-collections.js:466

✓ MEDIUM N+1 query (JavaScript) UI-BACK/js/modules/content-conversations.js:438

✓ MEDIUM N+1 query (JavaScript) UI-BACK/js/modules/content-corpus.js:295

✓ MEDIUM N+1 query (JavaScript) UI-BACK/js/modules/content-documents.js:435

✓ MEDIUM N+1 query (JavaScript) UI-BACK/js/modules/sources.js:606

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/sources.js:910

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/system/llm.js:695

✓ MEDIUM Inline event handler UI-BACK/js/modules/system/llm.js:837

✓ MEDIUM Inline event handler UI-BACK/js/modules/system/llm.js:838

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/system/llm.js:839

✓ MEDIUM Inline event handler UI-BACK/js/modules/system/llm.js:781

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/system/llm.js:696

✓ MEDIUM Inline event handler UI-BACK/js/modules/system/llm.js:1292

✓ MEDIUM Inline event handler UI-BACK/js/modules/system/llm.js:782

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/system/llm.js:843

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/users.js:415

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/users.js:430

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/users.js:397

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/users.js:408

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/users.js:425

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/users.js:420

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-BACK/js/modules/users.js:435

✓ MEDIUM incomplete_hostname_regexp UI-BACK/js/services/adminApi.js:373

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:393

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:499

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:73

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:133

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:269

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:340

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:146

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:494

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:139

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:59

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:81

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:410

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:420

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:500

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:40

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:68

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:264

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:105

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:408

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:91

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:353

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:433

✓ MEDIUM HTML button without type attribute UI-FRONT/index.html:162

✓ MEDIUM Inline event handler UI-FRONT/js/modules/documents.js:856

✓ MEDIUM cleartext_logging UI-FRONT/js/modules/profile.js:242

✓ MEDIUM Inline event handler UI-FRONT/js/modules/settings.js:77

✓ MEDIUM Inline event handler UI-FRONT/js/modules/settings.js:102

✓ MEDIUM Inline event handler UI-FRONT/js/modules/settings.js:68

✓ MEDIUM JSX link with invalid href (href="#" or javascript:) UI-SHARED/js/components/password-reset.js:62

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/components/progress.js:384

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/components/progress.js:357

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/components/progress.js:361

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/components/progress.js:379

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/components/progress.js:374

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/components/progress.js:365

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/components/user-form.js:649

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/components/user-form.js:633

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/mixins/reindex-polling.js:154

✓ MEDIUM Inline event handler UI-SHARED/js/modules/conversations.js:454

✓ MEDIUM Too many JavaScript function parameters (6+) UI-SHARED/js/modules/messages.js:16

✓ MEDIUM N+1 query (JavaScript) UI-SHARED/js/modules/speech.js:69

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/speech.js:325

✓ MEDIUM Inline event handler UI-SHARED/js/modules/speech.js:141

✓ MEDIUM N+1 query (JavaScript) UI-SHARED/js/modules/speech.js:59

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:283

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:342

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:282

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:284

✓ MEDIUM bad_tag_filter UI-SHARED/js/modules/streaming.js:99

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:344

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:222

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:330

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:317

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:194

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:338

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:340

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:226

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/modules/streaming.js:274

✓ MEDIUM bad_tag_filter UI-SHARED/js/modules/tts.js:192

✓ MEDIUM bad_tag_filter UI-SHARED/js/modules/tts.js:207

✓ MEDIUM Inline event handler UI-SHARED/js/modules/tts.js:113

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/services/api.js:742

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/services/api.js:756

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/services/api.js:746

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/services/api.js:743

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/services/api.js:751

✓ MEDIUM Inline event handler UI-SHARED/js/services/config.js:139

✓ MEDIUM bad_tag_filter UI-SHARED/js/services/icon-registry.js:17

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/services/icon-registry.js:137

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/services/reindex-banner.js:346

✓ MEDIUM Inline event handler UI-SHARED/js/services/templates.js:816

✓ MEDIUM Inline event handler UI-SHARED/js/services/templates.js:635

✓ MEDIUM bad_tag_filter UI-SHARED/js/services/templates.js:228

✓ MEDIUM Inline event handler UI-SHARED/js/services/templates.js:963

✓ MEDIUM Excessive nesting depth (JavaScript, 6+ levels) UI-SHARED/js/services/templates.js:70

✓ MEDIUM bad_tag_filter UI-SHARED/js/services/templates.js:102

✓ MEDIUM Inline event handler UI-SHARED/js/services/templates.js:511

✓ MEDIUM Inline event handler UI-SHARED/js/services/templates.js:404

✓ MEDIUM bad_tag_filter UI-SHARED/js/services/templates.js:13

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/audit.html:62

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/audit.html:63

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/audit.html:69

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/audit.html:120

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/audit.html:68

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/audit.html:15

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/audit.html:45

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/audit.html:66

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/audit.html:67

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/audit.html:65

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/audit.html:51

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/audit.html:64

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/audit.html:14

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/collections.html:31

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/collections.html:152

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/collections.html:22

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/collections.html:224

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:44

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:42

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:50

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:48

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/collections.html:223

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:43

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:45

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:47

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:49

✓ MEDIUM Input without label UI-SHARED/templates/admin/collections.html:103

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/collections.html:21

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/collections.html:239

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:52

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:46

✓ MEDIUM Input without label UI-SHARED/templates/admin/collections.html:169

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/collections.html:28

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/collections.html:51

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/common.html:133

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/common.html:32

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/common.html:133

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/common.html:27

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/conversations.html:60

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/conversations.html:87

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/conversations.html:59

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/conversations.html:61

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/conversations.html:57

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/conversations.html:56

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/conversations.html:62

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/conversations.html:44

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/conversations.html:55

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/conversations.html:58

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/conversations.html:35

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/conversations.html:41

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/conversations.html:38

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:488

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:31

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:485

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:396

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/corpus.html:46

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/corpus.html:51

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/corpus.html:48

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/corpus.html:49

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:90

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:314

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/corpus.html:50

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:96

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:423

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:545

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:295

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:355

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:99

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/corpus.html:52

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:575

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:338

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:27

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/corpus.html:45

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:103

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:34

✓ MEDIUM Input without label UI-SHARED/templates/admin/corpus.html:379

✓ MEDIUM Input without label UI-SHARED/templates/admin/corpus.html:196

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:87

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:93

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/corpus.html:47

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/corpus.html:298

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:80

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:81

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:79

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:62

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:66

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:64

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/dashboard.html:21

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:61

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:78

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:63

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/dashboard.html:65

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/documents.html:97

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/documents.html:30

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:65

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/documents.html:42

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:57

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:62

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:60

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/documents.html:36

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:64

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:58

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/documents.html:45

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/documents.html:39

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:56

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:59

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:66

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:61

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/documents.html:63

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:301

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:221

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:323

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:203

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:287

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:142

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:222

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:339

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:185

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:257

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:308

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:190

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:225

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:355

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:193

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:226

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:241

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:144

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:141

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:224

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:183

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:200

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:223

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:264

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/logs.html:227

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/logs.html:143

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/modals.html:55

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/modals.html:119

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/modals.html:109

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/modals.html:9

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/modals.html:89

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/modals.html:118

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:148

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/sources.html:55

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:149

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/sources.html:46

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:71

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:72

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:151

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:76

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:150

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/sources.html:13

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:69

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/sources.html:49

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:75

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/sources.html:52

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:67

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:152

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:74

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:153

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:77

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:70

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:73

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/sources.html:68

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1447

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:24

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:1360

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:15

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:39

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:606

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:339

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:29

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:32

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:33

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:553

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:1362

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1740

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:1026

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:25

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:65

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1749

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:1361

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:1444

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1426

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:38

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:1358

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:63

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:1357

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:1356

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:31

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1039

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:455

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:1426

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:37

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:23

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1901

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:664

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:22

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:339

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1813

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:62

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:1447

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:55

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:43

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:44

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1026

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:1359

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:66

✓ MEDIUM Input without label UI-SHARED/templates/admin/system.html:1040

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:14

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:17

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:92

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1450

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/system.html:64

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1998

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:650

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:16

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:89

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/system.html:1444

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:30

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/system.html:1450

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:672

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:587

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:641

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:661

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:101

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:591

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/admin/tables.html:367

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:673

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:606

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:431

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:590

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:329

✓ MEDIUM Input without label UI-SHARED/templates/admin/tables.html:405

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:678

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:547

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:662

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:258

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:627

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:589

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:124

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:8

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:432

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:695

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:694

✓ MEDIUM target="_blank" without rel="noopener noreferrer" UI-SHARED/templates/admin/tables.html:516

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:659

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:605

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:588

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:629

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:133

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:658

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:628

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/tables.html:395

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:74

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:75

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/users.html:53

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:70

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:71

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:73

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:79

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/users.html:50

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:72

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:78

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/users.html:59

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/users.html:56

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:69

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/users.html:44

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:77

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/users.html:76

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/validation.html:51

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:84

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/validation.html:55

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:14

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/validation.html:56

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:17

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:85

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:106

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:95

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/validation.html:54

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/validation.html:50

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/validation.html:57

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/validation.html:52

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:105

✓ MEDIUM Table header without scope attribute UI-SHARED/templates/admin/validation.html:53

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:74

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/admin/validation.html:21

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/auth/login-form.html:34

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/auth/login-form.html:45

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/common.html:38

✓ MEDIUM Inline event handler in HTML UI-SHARED/templates/common.html:163

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/common.html:13

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/common.html:163

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/common.html:99

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/common.html:100

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/common.html:101

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/common.html:97

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/common.html:98

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/components/pagination.html:30

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/front/documents.html:164

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/front/documents.html:161

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/front/documents.html:13

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/front/documents.html:189

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/front/documents.html:93

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/upload-modal.html:6

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/upload-modal.html:78

✓ MEDIUM HTML button without type attribute UI-SHARED/templates/upload-modal.html:79

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crud_router.py:195

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crud_router.py:136

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crud_router.py:326

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crud_router.py:261

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crypto/encryption.py:130

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crypto/encryption.py:87

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crypto/search.py:295

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crypto/search.py:299

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/crypto/search.py:303

✓ MEDIUM PII Logged app/common/crypto/search.py:303

✓ MEDIUM PII Logged app/common/crypto/search.py:299

✓ MEDIUM Unencrypted Data Transfer app/common/email/__init__.py:4

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/email/service.py:76

✓ MEDIUM API key in URL query string — visible in logs and browser history app/common/email/service.py:272

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/email/service.py:146

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/email/service.py:150

✓ MEDIUM PII Logged app/common/email/service.py:73

✓ MEDIUM PII Logged app/common/email/service.py:146

✓ MEDIUM PII Logged app/common/email/service.py:150

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/email/service.py:165

✓ MEDIUM API key in URL query string — visible in logs and browser history app/common/email/service.py:240

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/email/service.py:186

✓ MEDIUM PII in Test Code app/common/email/service.py:434

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/email/service.py:166

✓ MEDIUM PII Logged app/common/email/service.py:165

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/email/service.py:73

✓ MEDIUM PII Logged app/common/email/service.py:164

✓ MEDIUM PII Logged app/common/email/service.py:444

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/email/service.py:80

✓ MEDIUM PII Logged app/common/email/service.py:80

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/i18n/__init__.py:49

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/i18n/__init__.py:61

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/i18n/__init__.py:66

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/i18n/__init__.py:63

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/i18n/__init__.py:111

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/i18n/__init__.py:55

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/i18n/__init__.py:119

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/factory.py:104

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/factory.py:40

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/factory.py:54

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/factory.py:138

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/factory.py:157

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/factory.py:152

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/llamacpp.py:342

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/llm/llamacpp.py:322

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/llamacpp.py:296

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/llm/llamacpp.py:325

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/llamacpp.py:97

✓ MEDIUM Parser without error handling app/common/llm/llamacpp.py:320

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/llamacpp.py:410

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/llamacpp.py:372

✓ MEDIUM HTTP without TLS app/common/llm/llamacpp.py:168

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/llamacpp.py:101

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:411

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:82

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:492

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:78

✓ MEDIUM HTTP without TLS app/common/llm/ollama.py:127

✓ MEDIUM Parser without error handling app/common/llm/ollama.py:360

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:532

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:524

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:379

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:443

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:341

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/llm/ollama.py:523

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:250

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/llm/ollama.py:328

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:499

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/llm/ollama.py:306

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/llm/ollama.py:326

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/rag/compactor.py:87

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/rag/compactor.py:93

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/rag/compactor.py:267

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/storage/backends/local.py:262

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:125

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:149

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:155

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:222

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:167

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/storage/backends/local.py:295

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:63

✓ MEDIUM Unpinned Dependency app/common/storage/backends/local.py:2

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:173

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:243

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:300

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:122

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/storage/backends/local.py:261

✓ MEDIUM Excessive nesting depth (6+ levels) app/common/storage/backends/local.py:296

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/storage/backends/local.py:275

✓ MEDIUM Unpinned Dependency app/common/storage/service.py:2

✓ MEDIUM Potential N+1 Query app/common/utils/alert_checker.py:264

✓ MEDIUM Potential N+1 Query app/common/utils/alert_checker.py:280

✓ MEDIUM Potential N+1 Query app/common/utils/alert_checker.py:185

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:134

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:537

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:374

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:294

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:485

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:546

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:280

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:158

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:234

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:500

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:372

✓ MEDIUM Potential N+1 Query app/common/utils/chroma.py:419

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:427

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:393

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma.py:236

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma_helpers.py:35

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma_helpers.py:117

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma_helpers.py:69

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma_helpers.py:74

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma_helpers.py:76

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma_helpers.py:41

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma_helpers.py:112

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/chroma_helpers.py:119

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/crypto.py:46

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/crypto.py:117

✓ MEDIUM Log Injection app/common/utils/crypto.py:44

✓ MEDIUM Log Injection app/common/utils/crypto.py:46

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/crypto.py:91

✓ MEDIUM Log Injection — tainted data written to logs without sanitization app/common/utils/notifier.py:288

✓ MEDIUM PII Logged app/common/utils/notifier.py:101

✓ MEDIUM PII Logged app/common/utils/notifier.py:98

✓ MEDIUM PII Logged app/common/utils/notifier.py:75

✓ MEDIUM PII in Test Code app/common/utils/notifier.py:83

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/query_cache.py:59

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/query_cache.py:157

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/query_cache.py:57

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/query_cache.py:103

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/query_cache.py:133

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/query_cache.py:130

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/query_cache.py:149

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/rag_config.py:290

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/rag_config.py:259

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/rag_config.py:268

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/rag_config.py:297

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/rag_config.py:134

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/rag_config.py:264

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/rag_config.py:138

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/reindex.py:178

✓ MEDIUM f-string in logging — use lazy % formatting instead app/common/utils/rerank.py:67

✓ MEDIUM Hardcoded Internal IP Address app/common/utils/security_logger.py:10

✓ MEDIUM Hardcoded Internal IP Address app/common/utils/security_logger.py:11

✓ MEDIUM PII Logged app/common/utils/security_logger.py:161

✓ MEDIUM PII Logged app/common/utils/security_logger.py:49

✓ MEDIUM Potential N+1 Query app/common/utils/sources.py:48

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap.py:473

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap.py:439

✓ MEDIUM Potential N+1 Query app/core/bootstrap.py:425

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap.py:331

✓ MEDIUM PII in Test Code app/core/bootstrap.py:140

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap.py:410

✓ MEDIUM Parser without error handling app/core/bootstrap.py:368

✓ MEDIUM Potential N+1 Query app/core/bootstrap.py:325

✓ MEDIUM Potential N+1 Query app/core/bootstrap.py:431

✓ MEDIUM Log Injection app/core/bootstrap.py:511

✓ MEDIUM Parser without error handling app/core/bootstrap_sync.py:200

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap_sync.py:248

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap_sync.py:262

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap_sync.py:229

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap_sync.py:256

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/bootstrap_sync.py:264

✓ MEDIUM Potential N+1 Query app/core/bootstrap_sync.py:184

✓ MEDIUM Potential N+1 Query app/core/bootstrap_sync.py:173

✓ MEDIUM Log Injection app/core/bootstrap_sync.py:248

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/config.py:236

✓ MEDIUM Log Injection app/core/config.py:237

✓ MEDIUM HTTP without TLS app/core/config.py:204

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/config.py:234

✓ MEDIUM HTTP without TLS app/core/config.py:199

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/config.py:231

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/deps.py:50

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/deps.py:293

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/deps.py:74

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/deps.py:128

✓ MEDIUM f-string in logging — use lazy % formatting instead app/core/deps.py:52

✓ MEDIUM PII Logged app/core/logging.py:196

✓ MEDIUM Excessive nesting depth (6+ levels) app/core/logging.py:419

✓ MEDIUM Excessive nesting depth (6+ levels) app/core/logging.py:421

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:264

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:140

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:203

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:532

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:384

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:639

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:444

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:82

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:584

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:689

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/router.py:324

✓ MEDIUM Weak Password Policy app/features/admin/bulk/schemas.py:52

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/service.py:381

✓ MEDIUM Potential N+1 Query app/features/admin/bulk/service.py:230

✓ MEDIUM Potential N+1 Query app/features/admin/bulk/service.py:433

✓ MEDIUM Potential N+1 Query app/features/admin/bulk/service.py:367

✓ MEDIUM Potential N+1 Query app/features/admin/bulk/service.py:770

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/service.py:363

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/bulk/service.py:794

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:401

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:856

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:909

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:194

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:876

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:282

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:897

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:961

✓ MEDIUM Weak Password Policy app/features/admin/collections/router.py:97

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:925

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:936

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:244

✓ MEDIUM Potential N+1 Query app/features/admin/collections/router.py:930

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/router.py:951

✓ MEDIUM Weak Password Policy app/features/admin/collections/schemas.py:122

✓ MEDIUM Weak Password Policy app/features/admin/collections/schemas.py:128

✓ MEDIUM Weak Password Policy app/features/admin/collections/schemas.py:34

✓ MEDIUM Weak Password Policy app/features/admin/collections/schemas.py:41

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:252

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/collections/service.py:786

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:855

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:376

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1700

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:483

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1710

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:322

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:779

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:174

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/collections/service.py:1607

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:961

✓ MEDIUM Log Injection — tainted data written to logs without sanitization app/features/admin/collections/service.py:1735

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:588

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1103

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:939

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:290

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:613

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:358

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1400

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:516

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:328

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:556

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:1010

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1358

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:768

✓ MEDIUM PII Logged app/features/admin/collections/service.py:647

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:256

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:899

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:261

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:810

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:631

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:300

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:992

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1408

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:681

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:1484

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:156

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:897

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:158

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:826

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/collections/service.py:369

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:491

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:615

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:828

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:1183

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:495

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:868

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1657

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1692

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:1416

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:455

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:892

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:814

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/collections/service.py:208

✓ MEDIUM Potential N+1 Query app/features/admin/collections/service.py:564

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/collections/service.py:1603

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/collections/service.py:809

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2872

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3429

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3225

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2662

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1772

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1339

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1768

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2708

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1891

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:488

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:312

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1851

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2074

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1981

✓ MEDIUM Unencrypted Data Transfer app/features/admin/config/router.py:2451

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:426

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1186

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2929

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1480

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2781

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1411

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1605

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:871

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/router.py:1744

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/router.py:1699

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:93

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:234

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2741

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1438

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3357

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2595

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/router.py:1710

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1765

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2215

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3189

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1857

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1775

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2811

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:688

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:366

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2967

✓ MEDIUM Exposed Test/Debug Endpoint app/features/admin/config/router.py:2129

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:545

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1576

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3477

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1761

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2039

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3097

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1947

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2480

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3275

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1382

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:653

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1286

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3309

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/router.py:1702

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:157

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2543

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2121

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2157

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3508

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2249

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:753

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:942

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2446

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2338

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/router.py:1736

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:339

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:1123

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3002

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2305

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:122

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:2398

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:263

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:597

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:821

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/router.py:1723

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3040

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:3150

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/router.py:194

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:485

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:484

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:486

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:452

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:488

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:971

✓ MEDIUM Unencrypted Data Transfer app/features/admin/config/schemas.py:846

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:549

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:487

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:322

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:482

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:323

✓ MEDIUM Weak Password Policy app/features/admin/config/schemas.py:923

✓ MEDIUM HTTP without TLS app/features/admin/config/service.py:617

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2487

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1508

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2443

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3441

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2617

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2566

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:638

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3016

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:575

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2506

✓ MEDIUM HTTP without TLS app/features/admin/config/service.py:1778

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1378

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1115

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:821

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3584

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:584

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2108

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:435

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2015

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1158

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:985

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3763

✓ MEDIUM Race condition (TOCTOU) app/features/admin/config/service.py:1989

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2543

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:857

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:87

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1191

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2779

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1603

✓ MEDIUM Potential N+1 Query app/features/admin/config/service.py:396

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1167

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1432

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1619

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:317

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:582

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2504

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2563

✓ MEDIUM HTTP without TLS app/features/admin/config/service.py:1932

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2065

✓ MEDIUM Potential N+1 Query app/features/admin/config/service.py:404

✓ MEDIUM HTTP without TLS app/features/admin/config/service.py:2593

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3660

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1121

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2050

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2348

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1135

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2811

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1527

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3089

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3718

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1132

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:431

✓ MEDIUM Potential N+1 Query app/features/admin/config/service.py:400

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1187

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1413

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2434

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2545

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2630

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:954

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2613

✓ MEDIUM HTTP without TLS app/features/admin/config/service.py:2466

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1735

✓ MEDIUM HTTP without TLS app/features/admin/config/service.py:2318

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:444

✓ MEDIUM Unencrypted Data Transfer app/features/admin/config/service.py:3352

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:849

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1614

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:259

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2369

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:573

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1175

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1218

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:687

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2425

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1181

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1173

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1770

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2540

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3150

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2710

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:432

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1404

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1177

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2569

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1622

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1195

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1162

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3265

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1139

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:330

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2417

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1118

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3596

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:957

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3165

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1183

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:338

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:999

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3572

✓ MEDIUM HTTP without TLS app/features/admin/config/service.py:1879

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3342

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1140

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1269

✓ MEDIUM HTTP without TLS app/features/admin/config/service.py:1764

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:2621

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:682

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:1179

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2525

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/config/service.py:312

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3169

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:551

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:3029

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2144

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:636

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:1021

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/config/service.py:2940

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:186

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:129

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:543

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:601

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:300

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:97

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:243

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:657

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:709

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:493

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:373

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/router.py:433

✓ MEDIUM Weak Password Policy app/features/admin/conversations/schemas.py:103

✓ MEDIUM Weak Password Policy app/features/admin/conversations/schemas.py:98

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/conversations/service.py:657

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:484

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:437

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:390

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:499

✓ MEDIUM Potential N+1 Query app/features/admin/conversations/service.py:287

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:298

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:587

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:665

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:604

✓ MEDIUM Potential N+1 Query app/features/admin/conversations/service.py:207

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:670

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:630

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:260

✓ MEDIUM Potential N+1 Query app/features/admin/conversations/service.py:282

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:473

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:550

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:527

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:501

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:212

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:576

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:548

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:538

✓ MEDIUM Potential N+1 Query app/features/admin/conversations/service.py:580

✓ MEDIUM Potential N+1 Query app/features/admin/conversations/service.py:132

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:668

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/conversations/service.py:602

✓ MEDIUM Potential N+1 Query app/features/admin/conversations/service.py:293

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/router.py:1348

✓ MEDIUM Weak Password Policy app/features/admin/corpus/router.py:107

✓ MEDIUM Potential N+1 Query app/features/admin/corpus/router.py:1330

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/router.py:415

✓ MEDIUM PII Logged app/features/admin/corpus/router.py:439

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/router.py:1322

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/router.py:1280

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/router.py:1351

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/router.py:1138

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/router.py:1336

✓ MEDIUM Weak Password Policy app/features/admin/corpus/schemas.py:201

✓ MEDIUM Weak Password Policy app/features/admin/corpus/schemas.py:25

✓ MEDIUM Weak Password Policy app/features/admin/corpus/schemas.py:263

✓ MEDIUM Weak Password Policy app/features/admin/corpus/schemas.py:189

✓ MEDIUM Weak Password Policy app/features/admin/corpus/schemas.py:32

✓ MEDIUM Weak Password Policy app/features/admin/corpus/schemas.py:281

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:680

✓ MEDIUM Potential N+1 Query app/features/admin/corpus/service.py:1185

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:327

✓ MEDIUM Potential N+1 Query app/features/admin/corpus/service.py:1160

✓ MEDIUM Potential N+1 Query app/features/admin/corpus/service.py:797

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:780

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:1118

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:706

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:335

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:1141

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:729

✓ MEDIUM Potential N+1 Query app/features/admin/corpus/service.py:1059

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:634

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:207

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:339

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:345

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:501

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:757

✓ MEDIUM Potential N+1 Query app/features/admin/corpus/service.py:807

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:277

✓ MEDIUM Potential N+1 Query app/features/admin/corpus/service.py:987

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:155

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:1079

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:363

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:1099

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/corpus/service.py:459

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/dashboard/router.py:275

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/dashboard/router.py:146

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/dashboard/router.py:119

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/dashboard/router.py:92

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/dashboard/router.py:249

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/dashboard/router.py:61

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/dashboard/router.py:182

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/dashboard/router.py:215

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:270

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:324

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:350

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:237

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:134

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:67

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:314

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:98

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:171

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:259

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:93

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:167

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:248

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:194

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:155

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:85

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:330

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:340

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:319

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:130

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:159

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:74

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:200

✓ MEDIUM Potential N+1 Query app/features/admin/dashboard/service.py:189

✓ MEDIUM Potential N+1 Query app/features/admin/documents/router.py:498

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/router.py:566

✓ MEDIUM Weak Password Policy app/features/admin/documents/router.py:92

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/router.py:436

✓ MEDIUM Weak Password Policy app/features/admin/documents/schemas.py:20

✓ MEDIUM Weak Password Policy app/features/admin/documents/schemas.py:46

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:925

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:865

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:984

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/documents/service.py:581

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:256

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:517

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:467

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/documents/service.py:640

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:1005

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:430

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:525

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:1011

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:978

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:601

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:522

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:957

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/documents/service.py:645

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:435

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:298

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:458

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:880

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/admin/documents/service.py:642

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:395

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:313

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:305

✓ MEDIUM Potential N+1 Query app/features/admin/documents/service.py:192

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/documents/service.py:951

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/export/router.py:258

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/export/router.py:187

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/export/router.py:116

✓ MEDIUM CSV Formula Injection app/features/admin/export/router.py:298

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/export/router.py:329

✓ MEDIUM CSV Formula Injection app/features/admin/export/service.py:253

✓ MEDIUM Potential N+1 Query app/features/admin/export/service.py:228

✓ MEDIUM CSV Formula Injection app/features/admin/export/service.py:271

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:190

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:410

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:265

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:610

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:315

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:339

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:375

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:197

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:501

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:559

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:570

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:250

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:455

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:332

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:325

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:449

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:443

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:604

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/importer.py:616

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/router.py:273

✓ MEDIUM Weak Password Policy app/features/admin/geo/schemas.py:48

✓ MEDIUM Weak Password Policy app/features/admin/geo/schemas.py:56

✓ MEDIUM Weak Password Policy app/features/admin/geo/schemas.py:47

✓ MEDIUM Weak Password Policy app/features/admin/geo/schemas.py:145

✓ MEDIUM Weak Password Policy app/features/admin/geo/schemas.py:46

✓ MEDIUM Weak Password Policy app/features/admin/geo/schemas.py:57

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/service.py:384

✓ MEDIUM Potential N+1 Query app/features/admin/geo/service.py:54

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/service.py:292

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/service.py:256

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/geo/service.py:382

✓ MEDIUM Potential N+1 Query app/features/admin/password_policy/repository.py:220

✓ MEDIUM Potential N+1 Query app/features/admin/password_policy/repository.py:39

✓ MEDIUM Potential N+1 Query app/features/admin/password_policy/repository.py:213

✓ MEDIUM Potential N+1 Query app/features/admin/password_policy/repository.py:173

✓ MEDIUM Potential N+1 Query app/features/admin/password_policy/repository.py:88

✓ MEDIUM Potential N+1 Query app/features/admin/password_policy/repository.py:180

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/router.py:96

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/router.py:328

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/router.py:379

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/router.py:65

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/router.py:204

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/router.py:129

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/router.py:271

✓ MEDIUM Weak Password Policy app/features/admin/password_policy/schemas.py:47

✓ MEDIUM Weak Password Policy app/features/admin/password_policy/schemas.py:93

✓ MEDIUM Weak Password Policy app/features/admin/password_policy/schemas.py:13

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/service.py:221

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/service.py:190

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/service.py:320

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/service.py:147

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/password_policy/service.py:339

✓ MEDIUM Potential N+1 Query app/features/admin/permissions/service.py:538

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/repository.py:162

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/router.py:480

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/router.py:439

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/router.py:335

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/router.py:102

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/router.py:292

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/router.py:534

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/router.py:125

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/service.py:335

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/service.py:290

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/service.py:400

✓ MEDIUM Potential N+1 Query app/features/admin/service.py:154

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/service.py:288

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/service.py:402

✓ MEDIUM Potential N+1 Query app/features/admin/service.py:110

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/service.py:316

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:180

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:256

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:262

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:163

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:204

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:169

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:197

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:156

✓ MEDIUM Potential N+1 Query app/features/admin/users/repository.py:189

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:211

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:357

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:607

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:541

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:482

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:132

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:99

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:279

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/router.py:423

✓ MEDIUM Weak Password Policy app/features/admin/users/schemas.py:20

✓ MEDIUM Weak Password Policy app/features/admin/users/schemas.py:49

✓ MEDIUM Weak Password Policy app/features/admin/users/schemas.py:42

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:576

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:230

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:227

✓ MEDIUM Potential N+1 Query app/features/admin/users/service.py:498

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:513

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:199

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:439

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:470

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:582

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:332

✓ MEDIUM PII Logged app/features/admin/users/service.py:395

✓ MEDIUM Potential N+1 Query app/features/admin/users/service.py:364

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:567

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/users/service.py:574

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/router.py:126

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/router.py:162

✓ MEDIUM Potential N+1 Query app/features/admin/validation/service.py:404

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:419

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:442

✓ MEDIUM PII Logged app/features/admin/validation/service.py:366

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:295

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:320

✓ MEDIUM PII Logged app/features/admin/validation/service.py:147

✓ MEDIUM PII Logged app/features/admin/validation/service.py:446

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:251

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:400

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:344

✓ MEDIUM PII Logged app/features/admin/validation/service.py:295

✓ MEDIUM PII Logged app/features/admin/validation/service.py:254

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:135

✓ MEDIUM PII Logged app/features/admin/validation/service.py:100

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:254

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:100

✓ MEDIUM PII Logged app/features/admin/validation/service.py:442

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:269

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:414

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:334

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:424

✓ MEDIUM Potential N+1 Query app/features/admin/validation/service.py:219

✓ MEDIUM PII Logged app/features/admin/validation/service.py:229

✓ MEDIUM PII Logged app/features/admin/validation/service.py:269

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:147

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:366

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:362

✓ MEDIUM PII Logged app/features/admin/validation/service.py:362

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:446

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/admin/validation/service.py:339

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:66

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:54

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:48

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:61

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:219

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:189

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:332

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:99

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:114

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:37

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:109

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:71

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:240

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:135

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:104

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:76

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:42

✓ MEDIUM Potential N+1 Query app/features/analytics/repository.py:204

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/audit/repository.py:97

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:317

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/audit/repository.py:406

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:233

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:241

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:409

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:237

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:293

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/audit/repository.py:414

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:403

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:229

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:257

✓ MEDIUM Potential N+1 Query app/features/audit/repository.py:279

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/audit/router.py:319

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/audit/service.py:510

✓ MEDIUM Log Injection — tainted data written to logs without sanitization app/features/audit/service.py:126

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/audit/service.py:491

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/audit/service.py:134

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/audit/service.py:74

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/audit/service.py:493

✓ MEDIUM Exposed Test/Debug Endpoint app/features/auth/router.py:187

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/auth/router.py:125

✓ MEDIUM PII Logged app/features/auth/router.py:125

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/contextualizer.py:172

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/contextualizer.py:117

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/contextualizer.py:178

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/router.py:220

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/router.py:126

✓ MEDIUM Log Injection app/features/chat/router.py:126

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/router.py:84

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/router.py:155

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/router.py:253

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/router.py:123

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:214

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:587

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:358

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:186

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1100

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1091

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:320

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1305

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1327

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:348

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:811

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:513

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:311

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:725

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:767

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:912

✓ MEDIUM Potential N+1 Query app/features/chat/service.py:346

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1229

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1130

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1225

✓ MEDIUM Potential N+1 Query app/features/chat/service.py:176

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:955

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1011

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:354

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:722

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1227

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:362

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/service.py:1071

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/summarizer.py:118

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/chat/topic_detector.py:131

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/chroma.py:35

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/chroma.py:75

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/chroma.py:37

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/chroma.py:109

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/chroma.py:78

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/chroma.py:114

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/service.py:107

✓ MEDIUM Potential N+1 Query app/features/collections/service.py:62

✓ MEDIUM Potential N+1 Query app/features/collections/service.py:214

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/service.py:357

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/service.py:451

✓ MEDIUM Potential N+1 Query app/features/collections/service.py:344

✓ MEDIUM Potential N+1 Query app/features/collections/service.py:291

✓ MEDIUM Potential N+1 Query app/features/collections/service.py:382

✓ MEDIUM Potential N+1 Query app/features/collections/service.py:316

✓ MEDIUM Potential N+1 Query app/features/collections/service.py:53

✓ MEDIUM Potential N+1 Query app/features/collections/service.py:229

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/collections/service.py:368

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/config/public_router.py:59

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/router.py:408

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/router.py:270

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/router.py:450

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/router.py:72

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/router.py:179

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/router.py:320

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/router.py:365

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/router.py:220

✓ MEDIUM Weak Password Policy app/features/conversations/schemas.py:109

✓ MEDIUM Weak Password Policy app/features/conversations/schemas.py:19

✓ MEDIUM Weak Password Policy app/features/conversations/schemas.py:88

✓ MEDIUM Weak Password Policy app/features/conversations/schemas.py:131

✓ MEDIUM Weak Password Policy app/features/conversations/schemas.py:27

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/service.py:215

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/service.py:394

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/service.py:249

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/service.py:435

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/service.py:365

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/service.py:532

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/service.py:169

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/conversations/service.py:157

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:261

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:340

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:448

✓ MEDIUM Weak Password Policy app/features/documents/router.py:108

✓ MEDIUM Potential N+1 Query app/features/documents/router.py:403

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:657

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:503

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:576

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:621

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:493

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/router.py:500

✓ MEDIUM Weak Password Policy app/features/documents/schemas.py:28

✓ MEDIUM Weak Password Policy app/features/documents/schemas.py:149

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1301

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:569

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1015

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1142

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1270

✓ MEDIUM Potential N+1 Query app/features/documents/service.py:1132

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:364

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:113

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:921

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:744

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1042

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1290

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:618

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1297

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1074

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:558

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:769

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:762

✓ MEDIUM Potential N+1 Query app/features/documents/service.py:1312

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:960

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1127

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:705

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:689

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:996

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:871

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:1017

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:348

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:970

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:966

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/documents/service.py:918

✓ MEDIUM Potential N+1 Query app/features/geo/repository.py:176

✓ MEDIUM Potential N+1 Query app/features/geo/repository.py:79

✓ MEDIUM Potential N+1 Query app/features/geo/repository.py:182

✓ MEDIUM Weak Password Policy app/features/geo/router.py:62

✓ MEDIUM Weak Password Policy app/features/geo/router.py:100

✓ MEDIUM Weak Password Policy app/features/geo/schemas.py:13

✓ MEDIUM Weak Password Policy app/features/geo/schemas.py:44

✓ MEDIUM Weak Password Policy app/features/geo/schemas.py:14

✓ MEDIUM Weak Password Policy app/features/geo/schemas.py:12

✓ MEDIUM Weak Password Policy app/features/geo/schemas.py:45

✓ MEDIUM Weak Password Policy app/features/geo/schemas.py:91

✓ MEDIUM Weak Password Policy app/features/geo/schemas.py:90

✓ MEDIUM Weak Password Policy app/features/geo/schemas.py:46

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/health/service.py:54

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/health/service.py:34

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/health/service.py:95

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/health/service.py:70

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/router.py:219

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/router.py:337

✓ MEDIUM Race condition (TOCTOU) app/features/ingestion/router.py:344

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/router.py:328

✓ MEDIUM Bare except clause (no exception type) app/features/ingestion/router.py:347

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/router.py:139

✓ MEDIUM Potential N+1 Query app/features/ingestion/router.py:250

✓ MEDIUM Catch-all exception app/features/ingestion/router.py:347

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/router.py:68

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/ingestion/service.py:450

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:381

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:67

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/ingestion/service.py:437

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/ingestion/service.py:427

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:456

✓ MEDIUM Potential N+1 Query app/features/ingestion/service.py:272

✓ MEDIUM Race condition (TOCTOU) app/features/ingestion/service.py:480

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:449

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/ingestion/service.py:332

✓ MEDIUM Potential N+1 Query app/features/ingestion/service.py:326

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:299

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:454

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:142

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:268

✓ MEDIUM Bare except clause (no exception type) app/features/ingestion/service.py:483

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:477

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/ingestion/service.py:419

✓ MEDIUM Potential N+1 Query app/features/ingestion/service.py:126

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:451

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/ingestion/service.py:438

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:379

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/ingestion/service.py:185

✓ MEDIUM Catch-all exception app/features/ingestion/service.py:483

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/ingestion/service.py:330

✓ MEDIUM Potential N+1 Query app/features/logs/repository.py:250

✓ MEDIUM Potential N+1 Query app/features/logs/repository.py:207

✓ MEDIUM Potential N+1 Query app/features/logs/repository.py:143

✓ MEDIUM Potential N+1 Query app/features/logs/repository.py:166

✓ MEDIUM Potential N+1 Query app/features/logs/repository.py:131

✓ MEDIUM Potential N+1 Query app/features/logs/repository.py:155

✓ MEDIUM Potential N+1 Query app/features/logs/repository.py:200

✓ MEDIUM Log Injection — tainted data written to logs without sanitization app/features/logs/router.py:279

✓ MEDIUM Weak Password Policy app/features/logs/schemas.py:100

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/preferences/router.py:89

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/preferences/service.py:43

✓ MEDIUM Potential N+1 Query app/features/preferences/service.py:131

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/preferences/service.py:101

✓ MEDIUM Parser without error handling app/features/sources/connectors/api.py:70

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/api.py:114

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/api.py:117

✓ MEDIUM Potential N+1 Query app/features/sources/connectors/database.py:91

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/database.py:112

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/database.py:115

✓ MEDIUM Potential N+1 Query app/features/sources/connectors/database.py:130

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/mcp.py:180

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/mcp.py:133

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/mcp.py:174

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/connectors/mcp.py:337

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/connectors/mcp.py:199

✓ MEDIUM Parser without error handling app/features/sources/connectors/mcp.py:197

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/mcp.py:177

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/mcp.py:170

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/mcp.py:390

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/mcp.py:384

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/web.py:567

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/connectors/web.py:650

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/web.py:511

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/web.py:127

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/web.py:124

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/web.py:655

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/web.py:514

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/connectors/web.py:121

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/connectors/web.py:651

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/context.py:399

✓ MEDIUM Potential N+1 Query app/features/sources/context.py:236

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/context.py:376

✓ MEDIUM Potential N+1 Query app/features/sources/context.py:94

✓ MEDIUM Potential N+1 Query app/features/sources/context.py:471

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/context.py:573

✓ MEDIUM Potential N+1 Query app/features/sources/context.py:100

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/context.py:552

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/context.py:192

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/context.py:164

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/context.py:554

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/context.py:373

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/history.py:305

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/history.py:411

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/history.py:136

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/history.py:278

✓ MEDIUM Potential N+1 Query app/features/sources/history.py:474

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/history.py:67

✓ MEDIUM Potential N+1 Query app/features/sources/history.py:220

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:177

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:267

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:202

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:558

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:341

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:553

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:268

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:407

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:231

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:632

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:233

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:237

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:250

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:620

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:245

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:450

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:265

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:403

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:232

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:261

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:175

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:706

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:172

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:283

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:361

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:276

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:445

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:559

✓ MEDIUM Excessive nesting depth (6+ levels) app/features/sources/indexer.py:244

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:509

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:573

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/indexer.py:94

✓ MEDIUM Potential N+1 Query app/features/sources/repository.py:74

✓ MEDIUM Potential N+1 Query app/features/sources/repository.py:121

✓ MEDIUM Potential N+1 Query app/features/sources/repository.py:110

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:155

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:689

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:116

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:713

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:435

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:77

✓ MEDIUM Weak Password Policy app/features/sources/router.py:521

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:196

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:385

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/router.py:810

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:505

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:422

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:335

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:397

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:278

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:123

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:454

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:179

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:539

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:73

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:173

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:501

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:303

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:244

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:371

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:270

✓ MEDIUM Potential N+1 Query app/features/sources/scheduler.py:177

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:450

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:119

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:541

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:509

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/scheduler.py:113

✓ MEDIUM Weak Password Policy app/features/sources/schemas.py:29

✓ MEDIUM Weak Password Policy app/features/sources/schemas.py:184

✓ MEDIUM Weak Password Policy app/features/sources/schemas.py:28

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:452

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:519

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:497

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:474

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:472

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:250

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:351

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:187

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:281

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:238

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:389

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:240

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:545

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:252

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:171

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:199

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:552

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:517

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:564

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:197

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:459

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:566

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:167

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:308

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:504

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:225

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/sources/service.py:430

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/router.py:130

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/router.py:90

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/router.py:136

✓ MEDIUM Log Injection — tainted data written to logs without sanitization app/features/speech/service.py:237

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/service.py:84

✓ MEDIUM HTTP without TLS app/features/speech/service.py:44

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/service.py:221

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/service.py:289

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/service.py:215

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/service.py:249

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/service.py:246

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/service.py:156

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/speech/service.py:254

✓ MEDIUM Weak Password Policy app/features/system/schemas.py:44

✓ MEDIUM Parser without error handling app/features/system/service.py:339

✓ MEDIUM Potential N+1 Query app/features/system/service.py:265

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/system/service.py:252

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/system/service.py:277

✓ MEDIUM Potential N+1 Query app/features/system/service.py:186

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/system/service.py:196

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/system/service.py:179

✓ MEDIUM Weak Password Policy app/features/user/profile/schemas.py:112

✓ MEDIUM Weak Password Policy app/features/user/profile/schemas.py:45

✓ MEDIUM Weak Password Policy app/features/user/profile/schemas.py:81

✓ MEDIUM Weak Password Policy app/features/user/profile/schemas.py:50

✓ MEDIUM Weak Password Policy app/features/user/profile/schemas.py:44

✓ MEDIUM Weak Password Policy app/features/user/profile/schemas.py:107

✓ MEDIUM Potential N+1 Query app/features/user/profile/service.py:107

✓ MEDIUM Potential N+1 Query app/features/user/profile/service.py:182

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/profile/service.py:149

✓ MEDIUM Potential N+1 Query app/features/user/profile/service.py:121

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/profile/service.py:236

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:59

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:44

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:57

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:42

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:62

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:46

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:60

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:61

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:41

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:43

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:40

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:58

✓ MEDIUM Weak Password Policy app/features/user/schemas.py:56

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:116

✓ MEDIUM Potential N+1 Query app/features/user/service.py:466

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:339

✓ MEDIUM PII Logged app/features/user/service.py:416

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:323

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:220

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:325

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:345

✓ MEDIUM PII Logged app/features/user/service.py:345

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:321

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:360

✓ MEDIUM PII Logged app/features/user/service.py:476

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:433

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:268

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:447

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:414

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:309

✓ MEDIUM PII Logged app/features/user/service.py:429

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:245

✓ MEDIUM PII Logged app/features/user/service.py:325

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:500

✓ MEDIUM PII Logged app/features/user/service.py:447

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:429

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:416

✓ MEDIUM PII Logged app/features/user/service.py:131

✓ MEDIUM PII Logged app/features/user/service.py:387

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:445

✓ MEDIUM Missing MFA (Python) app/features/user/service.py:1

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:157

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:261

✓ MEDIUM PII Logged app/features/user/service.py:433

✓ MEDIUM PII Logged app/features/user/service.py:309

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:296

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:372

✓ MEDIUM PII Logged app/features/user/service.py:220

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:290

✓ MEDIUM PII Logged app/features/user/service.py:116

✓ MEDIUM Potential N+1 Query app/features/user/service.py:252

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:387

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:431

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:242

✓ MEDIUM PII Logged app/features/user/service.py:431

✓ MEDIUM PII Logged app/features/user/service.py:358

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:449

✓ MEDIUM PII Logged app/features/user/service.py:449

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:127

✓ MEDIUM PII Logged app/features/user/service.py:321

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:179

✓ MEDIUM PII Logged app/features/user/service.py:360

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:356

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:142

✓ MEDIUM PII Logged app/features/user/service.py:356

✓ MEDIUM PII Logged app/features/user/service.py:445

✓ MEDIUM PII Logged app/features/user/service.py:323

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:131

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:503

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:195

✓ MEDIUM f-string in logging — use lazy % formatting instead app/features/user/service.py:358

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:325

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:234

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:395

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:992

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:923

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:1033

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:869

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:669

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:647

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:214

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:1000

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:322

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:218

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:1040

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:724

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:261

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:658

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:188

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:651

✓ MEDIUM Catch-all exception app/ingest_v2.py:515

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:351

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:116

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:364

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:347

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:168

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:784

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:966

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:154

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:858

✓ MEDIUM Bare except clause (no exception type) app/ingest_v2.py:515

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:238

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:243

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:867

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:227

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:355

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:185

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:808

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:1032

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:1030

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:102

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:769

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:1031

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:328

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:127

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:1034

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:265

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:945

✓ MEDIUM f-string in logging — use lazy % formatting instead app/ingest_v2.py:360

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:122

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:167

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:120

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:131

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:141

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:160

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:124

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:115

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:301

✓ MEDIUM f-string in logging — use lazy % formatting instead app/main.py:148

✓ LOW Inline CSS style (HTML) UI-BACK/index.html:84

✓ LOW Inline CSS style (HTML) UI-BACK/index.html:97

✓ LOW Missing skip navigation link UI-BACK/index.html:1

✓ LOW Missing Subresource Integrity UI-BACK/index.html:171

✓ LOW Inline SVG in HTML UI-BACK/index.html:59

✓ LOW Manual createElement UI-BACK/js/app.js:83

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:531

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:490

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:541

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:422

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:515

✓ LOW DOM manipulation in loop UI-BACK/js/app.js:94

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:251

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:318

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:402

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:431

✓ LOW Event listeners not cleaned UI-BACK/js/app.js:323

✓ LOW Manual createElement UI-BACK/js/modules/audit.js:727

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:199

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:58

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:302

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:662

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:316

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:562

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:327

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:770

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:290

✓ LOW useless_regexp_escape UI-BACK/js/modules/audit.js:478

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:222

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:194

✓ LOW Manual createElement UI-BACK/js/modules/audit.js:707

✓ LOW DOM manipulation in loop UI-BACK/js/modules/audit.js:762

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:775

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:779

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:373

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:378

✓ LOW Event listeners not cleaned UI-BACK/js/modules/audit.js:774

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:919

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:922

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:364

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:265

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:440

✓ LOW DOM manipulation in loop UI-BACK/js/modules/content-collections.js:915

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:231

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:273

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:241

✓ LOW Manual createElement UI-BACK/js/modules/content-collections.js:902

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:219

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:918

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:834

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:490

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:673

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:269

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-collections.js:230

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:190

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:168

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:522

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:320

✓ LOW Manual createElement UI-BACK/js/modules/content-conversations.js:123

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:203

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:324

✓ LOW DOM manipulation in loop UI-BACK/js/modules/content-conversations.js:489

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:316

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:521

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:470

✓ LOW DOM manipulation in loop UI-BACK/js/modules/content-conversations.js:115

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:179

✓ LOW Manual createElement UI-BACK/js/modules/content-conversations.js:569

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:308

✓ LOW Manual createElement UI-BACK/js/modules/content-conversations.js:479

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:312

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:523

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:336

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:214

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-conversations.js:520

✓ LOW DOM manipulation in loop UI-BACK/js/modules/content-conversations.js:126

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1301

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:317

✓ LOW Manual createElement UI-BACK/js/modules/content-corpus.js:1119

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1149

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:865

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1152

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1309

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:321

✓ LOW DOM manipulation in loop UI-BACK/js/modules/content-corpus.js:1142

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:186

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:626

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:533

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:894

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:650

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:173

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1314

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:271

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1145

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:834

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1190

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:826

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:886

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1181

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:191

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1168

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-corpus.js:1293

✓ LOW DOM manipulation in loop UI-BACK/js/modules/content-documents.js:493

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:495

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:254

✓ LOW Manual createElement UI-BACK/js/modules/content-documents.js:716

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:331

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:319

✓ LOW DOM manipulation in loop UI-BACK/js/modules/content-documents.js:719

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:494

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:275

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:327

✓ LOW Manual createElement UI-BACK/js/modules/content-documents.js:463

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:315

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:323

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:244

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-documents.js:265

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:400

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:402

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:276

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:146

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:149

✓ LOW Manual createElement UI-BACK/js/modules/content-logs.js:871

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:173

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:583

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:290

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:282

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:131

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:202

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:168

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:712

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:135

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:137

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:184

✓ LOW DOM manipulation in loop UI-BACK/js/modules/content-logs.js:398

✓ LOW Manual createElement UI-BACK/js/modules/content-logs.js:389

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:197

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:45

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:708

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:457

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:178

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:192

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content-logs.js:458

✓ LOW Event listeners not cleaned UI-BACK/js/modules/content.js:56

✓ LOW Event listeners not cleaned UI-BACK/js/modules/dashboard.js:20

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:416

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1272

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:14

✓ LOW useless_regexp_escape UI-BACK/js/modules/sources.js:626

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1179

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:377

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1043

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:431

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:15

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:365

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1535

✓ LOW Manual createElement UI-BACK/js/modules/sources.js:68

✓ LOW useless_regexp_escape UI-BACK/js/modules/sources.js:46

✓ LOW Manual createElement UI-BACK/js/modules/sources.js:1577

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:429

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1564

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:900

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1602

✓ LOW DOM manipulation in loop UI-BACK/js/modules/sources.js:71

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:421

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1263

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:352

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:430

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1278

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:428

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:1567

✓ LOW DOM manipulation in loop UI-BACK/js/modules/sources.js:70

✓ LOW Event listeners not cleaned UI-BACK/js/modules/sources.js:355

✓ LOW DOM manipulation in loop UI-BACK/js/modules/sources.js:1600

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system.js:154

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system.js:119

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/appearance.js:158

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/geo.js:134

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:1578

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:664

✓ LOW Inline style in JS UI-BACK/js/modules/system/llm.js:976

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:1587

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:1470

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:676

✓ LOW Manual createElement UI-BACK/js/modules/system/llm.js:1444

✓ LOW Inline style in JS UI-BACK/js/modules/system/llm.js:978

✓ LOW Manual createElement UI-BACK/js/modules/system/llm.js:43

✓ LOW DOM manipulation in loop UI-BACK/js/modules/system/llm.js:973

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:256

✓ LOW Manual createElement UI-BACK/js/modules/system/llm.js:969

✓ LOW DOM manipulation in loop UI-BACK/js/modules/system/llm.js:1466

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:1481

✓ LOW useless_regexp_escape UI-BACK/js/modules/system/llm.js:2029

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:1471

✓ LOW Inline style in JS UI-BACK/js/modules/system/llm.js:972

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/llm.js:669

✓ LOW Manual createElement UI-BACK/js/modules/system/modes.js:160

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/modes.js:175

✓ LOW DOM manipulation in loop UI-BACK/js/modules/system/modes.js:171

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/modes.js:51

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/modes.js:55

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/modes.js:176

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/modes.js:112

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/modes.js:180

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/notifications.js:153

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/notifications.js:150

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/notifications.js:156

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/smtp.js:204

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/smtp.js:215

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/smtp.js:221

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/storage.js:169

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/storage.js:189

✓ LOW Event listeners not cleaned UI-BACK/js/modules/system/storage.js:176

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:327

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:281

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:293

✓ LOW DOM manipulation in loop UI-BACK/js/modules/users.js:370

✓ LOW Manual createElement UI-BACK/js/modules/users.js:364

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:315

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:375

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:311

✓ LOW DOM manipulation in loop UI-BACK/js/modules/users.js:123

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:268

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:323

✓ LOW Manual createElement UI-BACK/js/modules/users.js:120

✓ LOW Event listeners not cleaned UI-BACK/js/modules/users.js:319

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:238

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:235

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:229

✓ LOW Inline style in JS UI-BACK/js/modules/validation.js:462

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:247

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:233

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:250

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:234

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:205

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:217

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:246

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:199

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:230

✓ LOW Event listeners not cleaned UI-BACK/js/modules/validation.js:245

✓ LOW Manual createElement UI-BACK/js/services/adminApi.js:576

✓ LOW DOM manipulation in loop UI-BACK/js/utils/table-sort.js:102

✓ LOW Manual createElement UI-BACK/js/utils/table-sort.js:41

✓ LOW DOM manipulation in loop UI-BACK/js/utils/table-sort.js:44

✓ LOW Event listeners not cleaned UI-BACK/js/utils/table-sort.js:48

✓ LOW Missing Subresource Integrity UI-FRONT/index.html:574

✓ LOW Inline SVG in HTML UI-FRONT/index.html:275

✓ LOW Inline SVG in HTML UI-FRONT/index.html:185

✓ LOW Inline SVG in HTML UI-FRONT/index.html:270

✓ LOW Inline CSS style (HTML) UI-FRONT/index.html:362

✓ LOW Heading skip level UI-FRONT/index.html:238

✓ LOW Inline SVG in HTML UI-FRONT/index.html:227

✓ LOW Inline SVG in HTML UI-FRONT/index.html:439

✓ LOW Inline SVG in HTML UI-FRONT/index.html:182

✓ LOW Inline SVG in HTML UI-FRONT/index.html:197

✓ LOW Inline SVG in HTML UI-FRONT/index.html:176

✓ LOW Inline SVG in HTML UI-FRONT/index.html:521

✓ LOW Inline style in JS UI-FRONT/js/app.js:656

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:427

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/app.js:544

✓ LOW Manual createElement UI-FRONT/js/app.js:326

✓ LOW Inline style in JS UI-FRONT/js/app.js:192

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:664

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/app.js:553

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:648

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:416

✓ LOW DOM manipulation in loop UI-FRONT/js/app.js:540

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:692

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:604

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:686

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:680

✓ LOW Residual console.log UI-FRONT/js/app.js:247

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:399

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/app.js:555

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/app.js:554

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:486

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:673

✓ LOW Inline style in JS UI-FRONT/js/app.js:655

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:639

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/app.js:568

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/app.js:560

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:601

✓ LOW Manual createElement UI-FRONT/js/app.js:525

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:654

✓ LOW Residual console.log UI-FRONT/js/app.js:763

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:139

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:709

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/app.js:552

✓ LOW Inline style in JS UI-FRONT/js/app.js:193

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:749

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:551

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:628

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:67

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:621

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:590

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:636

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/app.js:545

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:607

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:595

✓ LOW Event listeners not cleaned UI-FRONT/js/app.js:543

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/config.js:6

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/config.js:5

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:459

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:467

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:928

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:915

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:969

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:863

✓ LOW Manual createElement UI-FRONT/js/modules/documents.js:851

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:783

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:773

✓ LOW Manual createElement UI-FRONT/js/modules/documents.js:589

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:971

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:476

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:802

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:895

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:962

✓ LOW Manual createElement UI-FRONT/js/modules/documents.js:792

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:943

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:953

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:937

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:893

✓ LOW Inline style in JS UI-FRONT/js/modules/documents.js:213

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:851

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:901

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:479

✓ LOW DOM manipulation in loop UI-FRONT/js/modules/documents.js:592

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:862

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:925

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:979

✓ LOW Manual createElement UI-FRONT/js/modules/documents.js:662

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:823

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:905

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:935

✓ LOW DOM manipulation in loop UI-FRONT/js/modules/documents.js:674

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:679

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:790

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:678

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:960

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:865

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:968

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:907

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:945

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:927

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:343

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:917

✓ LOW DOM manipulation in loop UI-FRONT/js/modules/documents.js:795

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/documents.js:801

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:899

✓ LOW Use of var keyword (JavaScript) UI-FRONT/js/modules/documents.js:951

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/profile.js:348

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/profile.js:319

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/profile.js:336

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/profile.js:296

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/profile.js:325

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/profile.js:342

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/profile.js:289

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/profile.js:313

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/settings.js:257

✓ LOW Event listeners not cleaned UI-FRONT/js/modules/settings.js:273

✓ LOW Manual createElement UI-SHARED/js/components/confirm.js:213

✓ LOW DOM manipulation in loop UI-SHARED/js/components/confirm.js:233

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/components/debug-banner.js:139

✓ LOW useless_regexp_escape UI-SHARED/js/components/debug-banner.js:123

✓ LOW DOM manipulation in loop UI-SHARED/js/components/debug-banner.js:87

✓ LOW Manual createElement UI-SHARED/js/components/debug-banner.js:83

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/components/debug-banner.js:95

✓ LOW Event listeners not cleaned UI-SHARED/js/components/debug-banner.js:28

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:83

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:121

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:120

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:56

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:57

✓ LOW DOM manipulation in loop UI-SHARED/js/components/draggable.js:30

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:122

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:59

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:54

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:100

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:53

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:55

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:82

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:118

✓ LOW Manual createElement UI-SHARED/js/components/draggable.js:23

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:60

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:91

✓ LOW Inline style in JS UI-SHARED/js/components/draggable.js:119

✓ LOW Event listeners not cleaned UI-SHARED/js/components/markdown.js:54

✓ LOW Event listeners not cleaned UI-SHARED/js/components/message-modal.js:73

✓ LOW Event listeners not cleaned UI-SHARED/js/components/message-modal.js:63

✓ LOW Event listeners not cleaned UI-SHARED/js/components/message-modal.js:60

✓ LOW Event listeners not cleaned UI-SHARED/js/components/password-reset.js:132

✓ LOW Event listeners not cleaned UI-SHARED/js/components/password-reset.js:120

✓ LOW Event listeners not cleaned UI-SHARED/js/components/password-reset.js:149

✓ LOW Event listeners not cleaned UI-SHARED/js/components/password-reset.js:126

✓ LOW Event listeners not cleaned UI-SHARED/js/components/password-reset.js:146

✓ LOW Event listeners not cleaned UI-SHARED/js/components/password-reset.js:123

✓ LOW Event listeners not cleaned UI-SHARED/js/components/password-reset.js:155

✓ LOW Event listeners not cleaned UI-SHARED/js/components/password-reset.js:143

✓ LOW useless_regexp_escape UI-SHARED/js/components/progress.js:345

✓ LOW Manual createElement UI-SHARED/js/components/progress.js:55

✓ LOW Event listeners not cleaned UI-SHARED/js/components/progress.js:161

✓ LOW Inline style in JS UI-SHARED/js/components/progress.js:186

✓ LOW Event listeners not cleaned UI-SHARED/js/components/progress.js:116

✓ LOW DOM manipulation in loop UI-SHARED/js/components/progress.js:89

✓ LOW Event listeners not cleaned UI-SHARED/js/components/progress.js:122

✓ LOW Inline style in JS UI-SHARED/js/components/toast.js:96

✓ LOW DOM manipulation in loop UI-SHARED/js/components/toast.js:41

✓ LOW DOM manipulation in loop UI-SHARED/js/components/toast.js:70

✓ LOW Manual createElement UI-SHARED/js/components/toast.js:57

✓ LOW Manual createElement UI-SHARED/js/components/toast.js:38

✓ LOW Inline style in JS UI-SHARED/js/components/toast.js:97

✓ LOW Inline style in JS UI-SHARED/js/components/toast.js:117

✓ LOW Inline style in JS UI-SHARED/js/components/toast.js:99

✓ LOW Inline style in JS UI-SHARED/js/components/toast.js:98

✓ LOW Inline style in JS UI-SHARED/js/components/toast.js:116

✓ LOW Inline style in JS UI-SHARED/js/components/toast.js:95

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:149

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:94

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:786

✓ LOW DOM manipulation in loop UI-SHARED/js/components/upload.js:117

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:91

✓ LOW Inline style in JS UI-SHARED/js/components/upload.js:520

✓ LOW Inline style in JS UI-SHARED/js/components/upload.js:774

✓ LOW DOM manipulation in loop UI-SHARED/js/components/upload.js:827

✓ LOW Manual createElement UI-SHARED/js/components/upload.js:115

✓ LOW Inline style in JS UI-SHARED/js/components/upload.js:870

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:198

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:158

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:153

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:148

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:451

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:181

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:236

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:225

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:240

✓ LOW useless_regexp_escape UI-SHARED/js/components/upload.js:592

✓ LOW Inline style in JS UI-SHARED/js/components/upload.js:366

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:147

✓ LOW Manual createElement UI-SHARED/js/components/upload.js:824

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:227

✓ LOW Event listeners not cleaned UI-SHARED/js/components/upload.js:231

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:712

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:677

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:738

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:862

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:756

✓ LOW DOM manipulation in loop UI-SHARED/js/components/user-form.js:503

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:869

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:850

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:775

✓ LOW DOM manipulation in loop UI-SHARED/js/components/user-form.js:588

✓ LOW Manual createElement UI-SHARED/js/components/user-form.js:582

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:849

✓ LOW Manual createElement UI-SHARED/js/components/user-form.js:501

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:264

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:819

✓ LOW Event listeners not cleaned UI-SHARED/js/components/user-form.js:604

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/config/env.js:24

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/config/env.js:22

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/config/env.js:7

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/config/env.js:23

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/config/env.js:21

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/config/env.js:5

✓ LOW useless_regexp_escape UI-SHARED/js/config/icons.js:129

✓ LOW Event listeners not cleaned UI-SHARED/js/mixins/pagination.js:201

✓ LOW Event listeners not cleaned UI-SHARED/js/mixins/pagination.js:123

✓ LOW Event listeners not cleaned UI-SHARED/js/mixins/pagination.js:208

✓ LOW Event listeners not cleaned UI-SHARED/js/mixins/pagination.js:124

✓ LOW Event listeners not cleaned UI-SHARED/js/mixins/searchable.js:47

✓ LOW Event listeners not cleaned UI-SHARED/js/mixins/searchable.js:33

✓ LOW Event listeners not cleaned UI-SHARED/js/mixins/searchable.js:38

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:225

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:755

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:1398

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:208

✓ LOW Inline style in JS UI-SHARED/js/modules/conversations.js:810

✓ LOW Residual console.log UI-SHARED/js/modules/conversations.js:538

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:230

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:216

✓ LOW Residual console.log UI-SHARED/js/modules/conversations.js:532

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:256

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:295

✓ LOW Residual console.log UI-SHARED/js/modules/conversations.js:323

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:160

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:222

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:1402

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:211

✓ LOW Inline style in JS UI-SHARED/js/modules/conversations.js:1401

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:746

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:444

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:219

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:459

✓ LOW Manual createElement UI-SHARED/js/modules/conversations.js:1427

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/conversations.js:1430

✓ LOW Inline style in JS UI-SHARED/js/modules/conversations.js:1400

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/messages.js:111

✓ LOW Manual createElement UI-SHARED/js/modules/messages.js:35

✓ LOW Inline style in JS UI-SHARED/js/modules/messages.js:269

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/messages.js:257

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/messages.js:280

✓ LOW Residual console.log UI-SHARED/js/modules/messages.js:199

✓ LOW Inline style in JS UI-SHARED/js/modules/messages.js:268

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/messages.js:405

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/messages.js:104

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/messages.js:256

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/messages.js:153

✓ LOW Manual createElement UI-SHARED/js/modules/messages.js:392

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/messages.js:120

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/messages.js:261

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/messages.js:136

✓ LOW useless_regexp_escape UI-SHARED/js/modules/messages.js:244

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/messages.js:267

✓ LOW Manual createElement UI-SHARED/js/modules/messages.js:238

✓ LOW Manual createElement UI-SHARED/js/modules/messages.js:246

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/messages.js:273

✓ LOW Manual createElement UI-SHARED/js/modules/messages.js:241

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/sources-selector.js:138

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/sources-selector.js:133

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/sources-selector.js:153

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/sources-selector.js:149

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/speech.js:80

✓ LOW useless_regexp_escape UI-SHARED/js/modules/speech.js:358

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/streaming.js:233

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:284

✓ LOW Manual createElement UI-SHARED/js/modules/streaming.js:95

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/streaming.js:103

✓ LOW Manual createElement UI-SHARED/js/modules/streaming.js:286

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:159

✓ LOW Manual createElement UI-SHARED/js/modules/streaming.js:318

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:72

✓ LOW Event listeners not cleaned UI-SHARED/js/modules/streaming.js:312

✓ LOW useless_regexp_escape UI-SHARED/js/modules/streaming.js:168

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:125

✓ LOW Manual createElement UI-SHARED/js/modules/streaming.js:86

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:165

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/streaming.js:333

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:349

✓ LOW Inline style in JS UI-SHARED/js/modules/streaming.js:311

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/streaming.js:306

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:282

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:180

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/streaming.js:304

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/streaming.js:91

✓ LOW Inline style in JS UI-SHARED/js/modules/streaming.js:36

✓ LOW Residual console.log UI-SHARED/js/modules/streaming.js:359

✓ LOW DOM manipulation in loop UI-SHARED/js/modules/streaming.js:331

✓ LOW useless_regexp_escape UI-SHARED/js/modules/tts.js:219

✓ LOW useless_regexp_escape UI-SHARED/js/services/api.js:738

✓ LOW Event listeners not cleaned UI-SHARED/js/services/auth.js:520

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/services/config.js:315

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/services/config.js:314

✓ LOW DOM manipulation in loop UI-SHARED/js/services/config.js:144

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/services/config.js:316

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/services/config.js:317

✓ LOW Manual createElement UI-SHARED/js/services/config.js:131

✓ LOW Residual console.log UI-SHARED/js/services/config.js:100

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/services/config.js:319

✓ LOW Use of var keyword (JavaScript) UI-SHARED/js/services/config.js:313

✓ LOW Event listeners not cleaned UI-SHARED/js/services/config.js:149

✓ LOW Manual createElement UI-SHARED/js/services/icon-registry.js:212

✓ LOW Event listeners not cleaned UI-SHARED/js/services/reindex-banner.js:105

✓ LOW DOM manipulation in loop UI-SHARED/js/services/reindex-banner.js:102

✓ LOW Manual createElement UI-SHARED/js/services/reindex-banner.js:89

✓ LOW Manual createElement UI-SHARED/js/services/reindex-banner.js:230

✓ LOW Event listeners not cleaned UI-SHARED/js/services/reindex-banner.js:152

✓ LOW Residual console.log UI-SHARED/js/services/templates.js:92

✓ LOW Event listeners not cleaned UI-SHARED/js/utils/dom.js:45

✓ LOW Manual createElement UI-SHARED/js/utils/dom.js:13

✓ LOW Event listeners not cleaned UI-SHARED/js/utils/i18n.js:197

✓ LOW Event listeners not cleaned UI-SHARED/js/utils/i18n.js:191

✓ LOW Event listeners not cleaned UI-SHARED/js/utils/i18n.js:209

✓ LOW Residual console.log UI-SHARED/js/utils/logger.js:141

✓ LOW Residual console.log UI-SHARED/js/utils/logger.js:79

✓ LOW Residual console.log UI-SHARED/js/utils/logger.js:77

✓ LOW Residual console.log UI-SHARED/js/utils/logger.js:158

✓ LOW Residual console.log UI-SHARED/js/utils/logger.js:192

✓ LOW Heading skip level UI-SHARED/templates/admin/audit.html:91

✓ LOW Heading skip level UI-SHARED/templates/admin/collections.html:145

✓ LOW Heading skip level UI-SHARED/templates/admin/collections.html:138

✓ LOW Heading skip level UI-SHARED/templates/admin/corpus.html:351

✓ LOW Heading skip level UI-SHARED/templates/admin/corpus.html:334

✓ LOW Heading skip level UI-SHARED/templates/admin/dashboard.html:33

✓ LOW Heading skip level UI-SHARED/templates/admin/dashboard.html:20

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:262

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:20

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:296

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:127

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:299

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:270

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:306

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:255

✓ LOW Heading skip level UI-SHARED/templates/admin/logs.html:331

✓ LOW Heading skip level UI-SHARED/templates/admin/modals.html:108

✓ LOW Hardcoded UI string UI-SHARED/templates/admin/sources.html:516

✓ LOW Heading skip level UI-SHARED/templates/admin/sources.html:134

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:879

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:988

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1711

✓ LOW Inline CSS style (HTML) UI-SHARED/templates/admin/system.html:944

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1600

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:736

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1340

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1542

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1697

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1240

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1527

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1349

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:682

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1230

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1478

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:693

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1220

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:872

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1095

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1916

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1591

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1294

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1381

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:791

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1317

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:921

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1159

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1490

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1618

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1460

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1010

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1965

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:663

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1927

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1975

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1955

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:508

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1198

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1276

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:850

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1872

✓ LOW Inline CSS style (HTML) UI-SHARED/templates/admin/system.html:941

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:861

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1211

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1072

✓ LOW Inline CSS style (HTML) UI-SHARED/templates/admin/system.html:1854

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1684

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1108

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1988

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1863

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1018

✓ LOW Inline CSS style (HTML) UI-SHARED/templates/admin/system.html:523

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1267

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1082

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1285

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1515

✓ LOW Inline CSS style (HTML) UI-SHARED/templates/admin/system.html:954

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1936

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:423

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1063

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1659

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1145

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:434

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:620

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1134

✓ LOW Inline CSS style (HTML) UI-SHARED/templates/admin/system.html:1501

✓ LOW Inline CSS style (HTML) UI-SHARED/templates/admin/system.html:270

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:775

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1945

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1636

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:857

✓ LOW Heading skip level UI-SHARED/templates/admin/system.html:1848

✓ LOW Inline SVG in HTML UI-SHARED/templates/admin/tables.html:465

✓ LOW Inline SVG in HTML UI-SHARED/templates/admin/tables.html:558

✓ LOW Inline SVG in HTML UI-SHARED/templates/admin/tables.html:293

✓ LOW Inline SVG in HTML UI-SHARED/templates/admin/tables.html:676

✓ LOW Inline SVG in HTML UI-SHARED/templates/admin/tables.html:316

✓ LOW Inline SVG in HTML UI-SHARED/templates/admin/tables.html:224

✓ LOW Inline SVG in HTML UI-SHARED/templates/admin/tables.html:528

✓ LOW Heading skip level UI-SHARED/templates/admin/tables.html:254

✓ LOW Heading skip level UI-SHARED/templates/admin/tables.html:473

✓ LOW Heading skip level UI-SHARED/templates/admin/users.html:222

✓ LOW Heading skip level UI-SHARED/templates/admin/users.html:197

✓ LOW Heading skip level UI-SHARED/templates/admin/users.html:184

✓ LOW Heading skip level UI-SHARED/templates/admin/validation.html:94

✓ LOW Heading skip level UI-SHARED/templates/admin/validation.html:73

✓ LOW Inline SVG in HTML UI-SHARED/templates/auth/login-form.html:35

✓ LOW Inline SVG in HTML UI-SHARED/templates/auth/login-form.html:124

✓ LOW Inline SVG in HTML UI-SHARED/templates/auth/login-form.html:46

✓ LOW Inline SVG in HTML UI-SHARED/templates/front/documents.html:185

✓ LOW Inline SVG in HTML UI-SHARED/templates/front/documents.html:155

✓ LOW Inline SVG in HTML UI-SHARED/templates/front/documents.html:53

✓ LOW Inline SVG in HTML UI-SHARED/templates/front/documents.html:213

✓ LOW Heading skip level UI-SHARED/templates/front/documents.html:143

✓ LOW Inline SVG in HTML UI-SHARED/templates/upload-modal.html:64

✓ LOW Inline SVG in HTML UI-SHARED/templates/upload-modal.html:57

✓ LOW Missing Data Retention app/common/crypto/__init__.py:1

✓ INFO py_missing_class_docstring app/common/crypto/encryption.py:18

✓ LOW Global statement inside function app/common/crypto/encryption.py:173

✓ INFO py_missing_class_docstring app/common/crypto/encryption.py:23

✓ INFO py_missing_class_docstring app/common/crypto/key_manager.py:18

✓ INFO py_missing_class_docstring app/common/crypto/search.py:20

✓ LOW Global statement inside function app/common/crypto/search.py:265

✓ LOW Missing Data Retention app/common/crypto/search.py:1

✓ INFO py_missing_class_docstring app/common/crypto/types.py:14

✓ LOW Missing Data Retention app/common/crypto/types.py:1

✓ INFO py_missing_class_docstring app/common/crypto/types.py:78

✓ LOW Magic number comparison app/common/email/service.py:127

✓ INFO py_missing_class_docstring app/common/email/service.py:173

✓ INFO py_missing_class_docstring app/common/email/service.py:84

✓ INFO py_missing_class_docstring app/common/email/service.py:154

✓ INFO py_missing_class_docstring app/common/email/service.py:36

✓ LOW Missing Data Retention app/common/email/service.py:1

✓ INFO py_missing_class_docstring app/common/email/service.py:21

✓ LOW Missing <main> landmark app/common/email/templates/new_registration.html:124

✓ LOW Missing <main> landmark app/common/email/templates/password_reset.html:103

✓ LOW Heading skip level app/common/email/templates/pending_approval.html:120

✓ LOW Missing <main> landmark app/common/email/templates/pending_approval.html:93

✓ LOW Inline SVG in HTML app/common/email/templates/pending_approval.html:105

✓ LOW Inline SVG in HTML app/common/email/templates/rejected.html:103

✓ LOW Missing <main> landmark app/common/email/templates/rejected.html:91

✓ LOW Heading skip level app/common/email/templates/rejected.html:117

✓ LOW Missing <main> landmark app/common/email/templates/verification.html:93

✓ LOW Heading skip level app/common/email/templates/welcome.html:121

✓ LOW Missing <main> landmark app/common/email/templates/welcome.html:105

✓ INFO py_missing_class_docstring app/common/errors.py:13

✓ INFO py_missing_class_docstring app/common/exceptions/http.py:127

✓ INFO py_missing_class_docstring app/common/exceptions/http.py:147

✓ INFO py_missing_class_docstring app/common/exceptions/http.py:177

✓ INFO py_missing_class_docstring app/common/exceptions/http.py:25

✓ INFO py_missing_class_docstring app/common/exceptions/http.py:167

✓ INFO py_missing_class_docstring app/common/exceptions/http.py:157

✓ INFO py_missing_class_docstring app/common/exceptions/http.py:117

✓ INFO py_missing_class_docstring app/common/exceptions/http.py:137

✓ INFO py_missing_class_docstring app/common/filetypes/registry.py:16

✓ LOW Global statement inside function app/common/i18n/__init__.py:72

✓ INFO py_missing_class_docstring app/common/llm/base.py:22

✓ INFO py_missing_class_docstring app/common/llm/base.py:13

✓ INFO py_missing_class_docstring app/common/llm/base.py:29

✓ LOW Global statement inside function app/common/llm/factory.py:38

✓ LOW Global statement inside function app/common/llm/factory.py:168

✓ LOW Global statement inside function app/common/llm/factory.py:50

✓ LOW Global statement inside function app/common/llm/factory.py:88

✓ LOW Global statement inside function app/common/llm/factory.py:119

✓ INFO py_missing_class_docstring app/common/llm/llamacpp.py:29

✓ INFO py_missing_class_docstring app/common/llm/llamacpp.py:112

✓ LOW Global statement inside function app/common/llm/llamacpp.py:107

✓ LOW Magic number comparison app/common/llm/ollama.py:486

✓ LOW Magic number comparison app/common/llm/ollama.py:516

✓ LOW Global statement inside function app/common/llm/ollama.py:88

✓ INFO py_missing_class_docstring app/common/llm/ollama.py:93

✓ LOW File too long app/common/llm/ollama.py:1

✓ INFO py_missing_class_docstring app/common/llm/ollama.py:28

✓ LOW Missing Data Retention app/common/middleware/access_log.py:1

✓ LOW Magic number comparison app/common/middleware/access_log.py:73

✓ INFO py_missing_class_docstring app/common/middleware/access_log.py:27

✓ INFO py_missing_class_docstring app/common/middleware/debug_timing.py:14

✓ LOW Missing Data Retention app/common/middleware/request_context.py:1

✓ INFO py_missing_class_docstring app/common/middleware/request_context.py:24

✓ INFO py_missing_class_docstring app/common/rag/compactor.py:49

✓ INFO py_missing_class_docstring app/common/rag/compactor.py:34

✓ INFO py_missing_class_docstring app/common/rag/compactor.py:24

✓ INFO py_missing_class_docstring app/common/schemas/base.py:151

✓ INFO py_missing_class_docstring app/common/schemas/base.py:28

✓ INFO py_missing_class_docstring app/common/schemas/base.py:68

✓ INFO py_missing_class_docstring app/common/schemas/base.py:38

✓ INFO py_missing_class_docstring app/common/schemas/base.py:158

✓ INFO py_missing_class_docstring app/common/schemas/base.py:100

✓ INFO py_missing_class_docstring app/common/schemas/base.py:92

✓ INFO py_missing_class_docstring app/common/schemas/base.py:61

✓ INFO py_missing_class_docstring app/common/schemas/base.py:256

✓ INFO py_missing_class_docstring app/common/schemas/base.py:84

✓ INFO py_missing_class_docstring app/common/schemas/base.py:174

✓ INFO py_missing_class_docstring app/common/schemas/base.py:17

✓ INFO py_missing_class_docstring app/common/schemas/base.py:201

✓ INFO py_missing_class_docstring app/common/schemas/base.py:123

✓ INFO py_missing_class_docstring app/common/schemas/base.py:44

✓ INFO py_missing_class_docstring app/common/schemas/base.py:54

✓ INFO py_missing_class_docstring app/common/schemas/base.py:129

✓ INFO py_missing_class_docstring app/common/schemas/base.py:144

✓ INFO py_missing_class_docstring app/common/schemas/base.py:117

✓ INFO py_missing_class_docstring app/common/schemas/base.py:219

✓ INFO py_missing_class_docstring app/common/schemas/base.py:182

✓ INFO py_missing_class_docstring app/common/schemas/base.py:237

✓ INFO py_missing_class_docstring app/common/storage/backends/local.py:35

✓ INFO py_missing_class_docstring app/common/storage/base.py:14

✓ LOW Missing Monitoring/Logging app/common/storage/base.py:1

✓ INFO py_missing_class_docstring app/common/storage/exceptions.py:19

✓ INFO py_missing_class_docstring app/common/storage/exceptions.py:42

✓ INFO py_missing_class_docstring app/common/storage/exceptions.py:93

✓ INFO py_missing_class_docstring app/common/storage/exceptions.py:56

✓ INFO py_missing_class_docstring app/common/storage/exceptions.py:11

✓ INFO py_missing_class_docstring app/common/storage/exceptions.py:82

✓ INFO py_missing_class_docstring app/common/storage/exceptions.py:27

✓ INFO py_missing_class_docstring app/common/storage/schemas.py:61

✓ INFO py_missing_class_docstring app/common/storage/schemas.py:152

✓ INFO py_missing_class_docstring app/common/storage/schemas.py:91

✓ INFO py_missing_class_docstring app/common/storage/schemas.py:28

✓ INFO py_missing_class_docstring app/common/storage/schemas.py:146

✓ INFO py_missing_class_docstring app/common/storage/schemas.py:113

✓ INFO py_missing_class_docstring app/common/storage/schemas.py:16

✓ INFO py_missing_class_docstring app/common/storage/schemas.py:130

✓ INFO py_missing_class_docstring app/common/storage/service.py:28

✓ INFO py_missing_class_docstring app/common/utils/chroma.py:101

✓ INFO py_missing_class_docstring app/common/utils/chroma.py:18

✓ LOW File too long app/common/utils/chroma.py:1

✓ LOW Global statement inside function app/common/utils/crypto.py:31

✓ INFO Undocumented Security Function app/common/utils/crypto.py:93

✓ LOW Missing Data Retention app/common/utils/notifier.py:1

✓ INFO py_missing_class_docstring app/common/utils/notifier.py:27

✓ INFO py_missing_class_docstring app/common/utils/pagination.py:10

✓ INFO py_missing_class_docstring app/common/utils/pagination.py:16

✓ INFO py_missing_class_docstring app/common/utils/query_cache.py:17

✓ INFO py_missing_class_docstring app/common/utils/query_cache.py:23

✓ INFO py_missing_class_docstring app/common/utils/rag_config.py:151

✓ LOW Global statement inside function app/common/utils/rag_config.py:145

✓ INFO py_missing_class_docstring app/common/utils/rag_config.py:25

✓ INFO py_missing_class_docstring app/common/utils/reindex.py:21

✓ INFO py_missing_class_docstring app/common/utils/reindex.py:27

✓ INFO py_missing_class_docstring app/common/utils/rerank.py:19

✓ INFO py_missing_class_docstring app/common/utils/rerank.py:27

✓ INFO py_missing_class_docstring app/common/utils/timing_stats.py:20

✓ INFO py_missing_class_docstring app/common/utils/timing_stats.py:39

✓ INFO py_missing_class_docstring app/common/utils/timing_stats.py:27

✓ INFO py_missing_class_docstring app/core/bootstrap.py:283

✓ LOW File too long app/core/bootstrap.py:1

✓ INFO py_missing_class_docstring app/core/config.py:57

✓ LOW Global statement inside function app/core/deps.py:41

✓ LOW Global statement inside function app/core/deps.py:308

✓ LOW Global statement inside function app/core/deps.py:65

✓ LOW Global statement inside function app/core/deps.py:337

✓ INFO py_missing_class_docstring app/core/logging.py:108

✓ LOW Missing Data Retention app/core/logging.py:1

✓ INFO py_missing_class_docstring app/core/logging.py:284

✓ INFO py_missing_class_docstring app/core/logging.py:85

✓ INFO py_missing_class_docstring app/core/logging.py:53

✓ LOW Global statement inside function app/core/logging.py:490

✓ INFO py_missing_class_docstring app/db.py:26

✓ LOW File too long app/features/admin/bulk/router.py:1

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:105

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:66

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:91

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:26

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:38

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:112

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:80

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:74

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:16

✓ INFO py_missing_class_docstring app/features/admin/bulk/schemas.py:48

✓ LOW Missing Data Retention app/features/admin/bulk/schemas.py:1

✓ LOW File too long app/features/admin/bulk/service.py:1

✓ INFO py_missing_class_docstring app/features/admin/bulk/service.py:27

✓ LOW File too long app/features/admin/collections/router.py:1

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:18

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:27

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:126

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:12

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:234

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:111

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:82

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:240

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:132

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:101

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:48

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:182

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:225

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:217

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:93

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:207

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:144

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:169

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:176

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:155

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:120

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:39

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:199

✓ INFO py_missing_class_docstring app/features/admin/collections/schemas.py:76

✓ LOW File too long app/features/admin/collections/service.py:1

✓ INFO py_missing_class_docstring app/features/admin/collections/service.py:41

✓ LOW Magic number comparison app/features/admin/config/router.py:1822

✓ LOW Magic number comparison app/features/admin/config/router.py:1693

✓ LOW File too long app/features/admin/config/router.py:1

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:533

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:983

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:692

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:761

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:556

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:445

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:899

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:873

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:960

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:251

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:189

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:938

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:240

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:967

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:478

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:1030

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:547

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:348

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:439

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:644

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:946

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:283

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:66

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:741

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:512

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:722

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:376

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:500

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:521

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:126

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:152

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:423

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:36

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:840

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:576

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:628

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:908

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:450

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:259

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:849

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:930

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:224

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:368

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:170

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:316

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:820

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:730

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:460

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:341

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:921

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:202

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:96

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:273

✓ LOW File too long app/features/admin/config/schemas.py:1

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:295

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:988

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:705

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:105

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:1001

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:15

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:214

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:404

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:541

✓ INFO py_missing_class_docstring app/features/admin/config/schemas.py:800

✓ LOW Global statement inside function app/features/admin/config/service.py:2837

✓ LOW Magic number comparison app/features/admin/config/service.py:2367

✓ LOW File too long app/features/admin/config/service.py:1

✓ LOW Magic number comparison app/features/admin/config/service.py:2537

✓ LOW Magic number comparison app/features/admin/config/service.py:2504

✓ LOW Magic number comparison app/features/admin/config/service.py:2540

✓ LOW Magic number comparison app/features/admin/config/service.py:1108

✓ LOW Magic number comparison app/features/admin/config/service.py:2599

✓ INFO py_missing_class_docstring app/features/admin/config/service.py:91

✓ LOW Magic number comparison app/features/admin/config/service.py:822

✓ LOW Magic number comparison app/features/admin/config/service.py:821

✓ LOW Magic number comparison app/features/admin/config/service.py:2506

✓ LOW File too long app/features/admin/conversations/router.py:1

✓ INFO py_missing_class_docstring app/features/admin/conversations/schemas.py:47

✓ INFO py_missing_class_docstring app/features/admin/conversations/schemas.py:107

✓ INFO py_missing_class_docstring app/features/admin/conversations/schemas.py:101

✓ INFO py_missing_class_docstring app/features/admin/conversations/schemas.py:17

✓ INFO py_missing_class_docstring app/features/admin/conversations/schemas.py:96

✓ INFO py_missing_class_docstring app/features/admin/conversations/schemas.py:35

✓ INFO py_missing_class_docstring app/features/admin/conversations/schemas.py:81

✓ INFO py_missing_class_docstring app/features/admin/conversations/schemas.py:68

✓ LOW File too long app/features/admin/conversations/service.py:1

✓ INFO py_missing_class_docstring app/features/admin/conversations/service.py:23

✓ LOW File too long app/features/admin/corpus/router.py:1

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:251

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:279

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:199

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:104

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:167

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:129

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:85

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:192

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:18

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:181

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:261

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:146

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:158

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:272

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:215

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:239

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:90

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:79

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:298

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:116

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:187

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:123

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:266

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:59

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:284

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:66

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:30

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:41

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:231

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:256

✓ INFO py_missing_class_docstring app/features/admin/corpus/schemas.py:204

✓ INFO py_missing_class_docstring app/features/admin/corpus/service.py:63

✓ LOW File too long app/features/admin/corpus/service.py:1

✓ INFO py_missing_class_docstring app/features/admin/dashboard/schemas.py:55

✓ INFO py_missing_class_docstring app/features/admin/dashboard/schemas.py:66

✓ INFO py_missing_class_docstring app/features/admin/dashboard/schemas.py:102

✓ INFO py_missing_class_docstring app/features/admin/dashboard/schemas.py:31

✓ INFO py_missing_class_docstring app/features/admin/dashboard/schemas.py:16

✓ INFO py_missing_class_docstring app/features/admin/dashboard/schemas.py:43

✓ INFO py_missing_class_docstring app/features/admin/dashboard/schemas.py:88

✓ INFO py_missing_class_docstring app/features/admin/dashboard/schemas.py:79

✓ INFO py_missing_class_docstring app/features/admin/dashboard/service.py:25

✓ LOW File too long app/features/admin/documents/router.py:1

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:102

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:163

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:113

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:34

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:44

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:39

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:124

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:156

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:23

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:131

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:50

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:28

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:92

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:16

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:149

✓ INFO py_missing_class_docstring app/features/admin/documents/schemas.py:62

✓ INFO py_missing_class_docstring app/features/admin/documents/service.py:55

✓ LOW File too long app/features/admin/documents/service.py:1

✓ INFO py_missing_class_docstring app/features/admin/export/schemas.py:13

✓ INFO py_missing_class_docstring app/features/admin/export/schemas.py:26

✓ INFO py_missing_class_docstring app/features/admin/export/schemas.py:19

✓ INFO py_missing_class_docstring app/features/admin/export/service.py:22

✓ LOW Missing Data Retention app/features/admin/export/service.py:1

✓ INFO py_missing_class_docstring app/features/admin/geo/importer.py:135

✓ LOW File too long app/features/admin/geo/importer.py:1

✓ LOW Missing Data Retention app/features/admin/geo/schemas.py:1

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:128

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:77

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:63

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:31

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:20

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:112

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:91

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:143

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:25

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:102

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:85

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:96

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:44

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:7

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:54

✓ INFO py_missing_class_docstring app/features/admin/geo/schemas.py:121

✓ INFO py_missing_class_docstring app/features/admin/geo/service.py:34

✓ INFO py_missing_class_docstring app/features/admin/password_policy/repository.py:19

✓ INFO py_missing_class_docstring app/features/admin/password_policy/repository.py:92

✓ INFO py_missing_class_docstring app/features/admin/password_policy/schemas.py:97

✓ INFO py_missing_class_docstring app/features/admin/password_policy/schemas.py:105

✓ INFO py_missing_class_docstring app/features/admin/password_policy/schemas.py:11

✓ INFO py_missing_class_docstring app/features/admin/password_policy/schemas.py:40

✓ INFO py_missing_class_docstring app/features/admin/password_policy/schemas.py:45

✓ INFO py_missing_class_docstring app/features/admin/password_policy/schemas.py:73

✓ INFO py_missing_class_docstring app/features/admin/password_policy/schemas.py:62

✓ INFO py_missing_class_docstring app/features/admin/password_policy/schemas.py:91

✓ INFO py_missing_class_docstring app/features/admin/password_policy/service.py:27

✓ INFO py_missing_class_docstring app/features/admin/password_policy/validator.py:37

✓ INFO py_missing_class_docstring app/features/admin/password_policy/validator.py:29

✓ INFO py_missing_class_docstring app/features/admin/permissions/schemas.py:18

✓ INFO py_missing_class_docstring app/features/admin/permissions/schemas.py:25

✓ INFO py_missing_class_docstring app/features/admin/permissions/schemas.py:9

✓ INFO py_missing_class_docstring app/features/admin/permissions/schemas.py:33

✓ INFO py_missing_class_docstring app/features/admin/permissions/service.py:475

✓ LOW File too long app/features/admin/permissions/service.py:1

✓ INFO py_missing_class_docstring app/features/admin/repository.py:24

✓ LOW File too long app/features/admin/router.py:1

✓ INFO py_missing_class_docstring app/features/admin/schemas.py:57

✓ INFO py_missing_class_docstring app/features/admin/schemas.py:22

✓ INFO py_missing_class_docstring app/features/admin/schemas.py:50

✓ INFO py_missing_class_docstring app/features/admin/schemas.py:75

✓ INFO py_missing_class_docstring app/features/admin/schemas.py:28

✓ INFO py_missing_class_docstring app/features/admin/schemas.py:69

✓ INFO py_missing_class_docstring app/features/admin/schemas.py:40

✓ INFO py_missing_class_docstring app/features/admin/service.py:25

✓ LOW Missing Data Retention app/features/admin/users/repository.py:1

✓ INFO py_missing_class_docstring app/features/admin/users/repository.py:21

✓ LOW File too long app/features/admin/users/router.py:1

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:60

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:113

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:39

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:81

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:138

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:66

✓ LOW Missing Data Retention app/features/admin/users/schemas.py:1

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:54

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:72

✓ INFO py_missing_class_docstring app/features/admin/users/schemas.py:17

✓ LOW File too long app/features/admin/users/service.py:1

✓ INFO py_missing_class_docstring app/features/admin/users/service.py:28

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:71

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:37

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:32

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:42

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:11

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:58

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:51

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:64

✓ LOW Missing Data Retention app/features/admin/validation/schemas.py:1

✓ INFO py_missing_class_docstring app/features/admin/validation/schemas.py:26

✓ INFO py_missing_class_docstring app/features/admin/validation/service.py:22

✓ LOW Missing Data Retention app/features/admin/validation/service.py:1

✓ INFO py_missing_class_docstring app/features/analytics/repository.py:21

✓ LOW Missing Data Retention app/features/analytics/repository.py:1

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:76

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:39

✓ LOW Missing Data Retention app/features/analytics/schemas.py:1

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:45

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:86

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:14

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:68

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:51

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:93

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:26

✓ INFO py_missing_class_docstring app/features/analytics/schemas.py:61

✓ INFO py_missing_class_docstring app/features/analytics/service.py:25

✓ INFO py_missing_class_docstring app/features/audit/repository.py:21

✓ LOW Local Time Without Timezone app/features/audit/router.py:172

✓ INFO py_missing_class_docstring app/features/audit/router.py:293

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:36

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:124

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:15

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:47

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:110

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:96

✓ LOW Missing Data Retention app/features/audit/schemas.py:1

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:26

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:104

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:74

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:88

✓ INFO py_missing_class_docstring app/features/audit/schemas.py:64

✓ INFO py_missing_class_docstring app/features/audit/service.py:20

✓ LOW File too long app/features/audit/service.py:1

✓ INFO py_missing_class_docstring app/features/auth/service.py:75

✓ INFO py_missing_class_docstring app/features/chat/contextualizer.py:33

✓ INFO py_missing_class_docstring app/features/chat/schemas.py:28

✓ INFO py_missing_class_docstring app/features/chat/schemas.py:21

✓ INFO py_missing_class_docstring app/features/chat/schemas.py:11

✓ LOW File too long app/features/chat/service.py:1

✓ INFO py_missing_class_docstring app/features/chat/service.py:729

✓ INFO py_missing_class_docstring app/features/chat/summarizer.py:41

✓ INFO py_missing_class_docstring app/features/chat/topic_detector.py:68

✓ LOW Global statement inside function app/features/collections/chroma.py:26

✓ INFO py_missing_class_docstring app/features/collections/schemas.py:34

✓ INFO py_missing_class_docstring app/features/collections/schemas.py:11

✓ INFO py_missing_class_docstring app/features/collections/schemas.py:28

✓ INFO py_missing_class_docstring app/features/collections/schemas.py:45

✓ INFO py_missing_class_docstring app/features/collections/service.py:31

✓ INFO py_missing_class_docstring app/features/config/public_schemas.py:20

✓ INFO py_missing_class_docstring app/features/config/public_schemas.py:7

✓ INFO py_missing_class_docstring app/features/conversations/repository.py:310

✓ LOW File too long app/features/conversations/repository.py:1

✓ LOW Missing Monitoring/Logging app/features/conversations/repository.py:1

✓ INFO py_missing_class_docstring app/features/conversations/repository.py:18

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:112

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:107

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:95

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:49

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:134

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:86

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:129

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:119

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:66

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:36

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:24

✓ INFO py_missing_class_docstring app/features/conversations/schemas.py:17

✓ LOW File too long app/features/conversations/service.py:1

✓ INFO py_missing_class_docstring app/features/conversations/service.py:39

✓ INFO py_missing_class_docstring app/features/documents/repository.py:22

✓ LOW File too long app/features/documents/router.py:1

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:16

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:103

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:54

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:114

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:153

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:139

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:131

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:160

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:25

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:31

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:121

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:38

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:170

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:147

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:80

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:85

✓ INFO py_missing_class_docstring app/features/documents/schemas.py:94

✓ LOW File too long app/features/documents/service.py:1

✓ INFO py_missing_class_docstring app/features/documents/service.py:89

✓ LOW Missing Monitoring/Logging app/features/geo/repository.py:1

✓ INFO py_missing_class_docstring app/features/geo/repository.py:83

✓ INFO py_missing_class_docstring app/features/geo/repository.py:19

✓ LOW Missing Monitoring/Logging app/features/geo/router.py:1

✓ INFO py_missing_class_docstring app/features/geo/schemas.py:10

✓ INFO py_missing_class_docstring app/features/geo/schemas.py:27

✓ LOW Missing Data Retention app/features/geo/schemas.py:1

✓ INFO py_missing_class_docstring app/features/geo/schemas.py:88

✓ INFO py_missing_class_docstring app/features/geo/schemas.py:63

✓ INFO py_missing_class_docstring app/features/geo/schemas.py:42

✓ INFO py_missing_class_docstring app/features/geo/schemas.py:18

✓ INFO py_missing_class_docstring app/features/geo/schemas.py:49

✓ INFO py_missing_class_docstring app/features/geo/service.py:15

✓ LOW Missing Monitoring/Logging app/features/health/router.py:1

✓ LOW Magic number comparison app/features/health/service.py:68

✓ INFO py_missing_class_docstring app/features/health/service.py:17

✓ INFO py_missing_class_docstring app/features/ingestion/schemas.py:9

✓ INFO py_missing_class_docstring app/features/ingestion/schemas.py:18

✓ INFO py_missing_class_docstring app/features/ingestion/service.py:39

✓ LOW Missing Monitoring/Logging app/features/logs/repository.py:1

✓ INFO py_missing_class_docstring app/features/logs/repository.py:17

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:62

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:44

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:82

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:68

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:76

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:104

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:35

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:13

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:98

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:56

✓ INFO py_missing_class_docstring app/features/logs/schemas.py:89

✓ INFO py_missing_class_docstring app/features/logs/service.py:27

✓ INFO py_missing_class_docstring app/features/preferences/repository.py:16

✓ INFO py_missing_class_docstring app/features/preferences/schemas.py:31

✓ INFO py_missing_class_docstring app/features/preferences/schemas.py:11

✓ INFO py_missing_class_docstring app/features/preferences/service.py:20

✓ INFO py_missing_class_docstring app/features/sources/connectors/api.py:16

✓ INFO py_missing_class_docstring app/features/sources/connectors/base.py:16

✓ INFO py_missing_class_docstring app/features/sources/connectors/database.py:18

✓ INFO py_missing_class_docstring app/features/sources/connectors/mcp.py:18

✓ LOW Magic number comparison app/features/sources/connectors/web.py:693

✓ INFO py_missing_class_docstring app/features/sources/connectors/web.py:30

✓ LOW File too long app/features/sources/connectors/web.py:1

✓ INFO py_missing_class_docstring app/features/sources/context.py:33

✓ LOW File too long app/features/sources/context.py:1

✓ INFO py_missing_class_docstring app/features/sources/history.py:22

✓ LOW File too long app/features/sources/history.py:1

✓ LOW File too long app/features/sources/indexer.py:1

✓ INFO py_missing_class_docstring app/features/sources/indexer.py:27

✓ INFO py_missing_class_docstring app/features/sources/repository.py:17

✓ LOW File too long app/features/sources/router.py:1

✓ LOW File too long app/features/sources/scheduler.py:1

✓ LOW Global statement inside function app/features/sources/scheduler.py:694

✓ LOW Global statement inside function app/features/sources/scheduler.py:683

✓ LOW Global statement inside function app/features/sources/scheduler.py:644

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:298

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:286

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:11

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:252

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:188

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:138

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:146

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:64

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:158

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:261

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:208

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:114

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:45

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:129

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:182

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:216

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:26

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:102

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:246

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:201

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:18

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:123

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:310

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:277

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:238

✓ INFO py_missing_class_docstring app/features/sources/schemas.py:168

✓ INFO py_missing_class_docstring app/features/sources/service.py:25

✓ LOW File too long app/features/sources/service.py:1

✓ INFO py_missing_class_docstring app/features/speech/schemas.py:17

✓ INFO py_missing_class_docstring app/features/speech/schemas.py:9

✓ INFO py_missing_class_docstring app/features/speech/service.py:30

✓ LOW Magic number comparison app/features/speech/service.py:154

✓ LOW Magic number comparison app/features/speech/service.py:219

✓ INFO py_missing_class_docstring app/features/system/schemas.py:41

✓ INFO py_missing_class_docstring app/features/system/schemas.py:52

✓ INFO py_missing_class_docstring app/features/system/schemas.py:28

✓ INFO py_missing_class_docstring app/features/system/schemas.py:11

✓ INFO py_missing_class_docstring app/features/system/schemas.py:61

✓ INFO py_missing_class_docstring app/features/system/schemas.py:35

✓ INFO py_missing_class_docstring app/features/system/service.py:21

✓ LOW Missing Data Retention app/features/user/profile/router.py:1

✓ LOW Missing Monitoring/Logging app/features/user/profile/router.py:1

✓ INFO py_missing_class_docstring app/features/user/profile/schemas.py:79

✓ INFO py_missing_class_docstring app/features/user/profile/schemas.py:12

✓ INFO py_missing_class_docstring app/features/user/profile/schemas.py:94

✓ INFO py_missing_class_docstring app/features/user/profile/schemas.py:42

✓ INFO py_missing_class_docstring app/features/user/profile/schemas.py:110

✓ INFO py_missing_class_docstring app/features/user/profile/schemas.py:115

✓ LOW Missing Data Retention app/features/user/profile/schemas.py:1

✓ INFO py_missing_class_docstring app/features/user/profile/schemas.py:104

✓ INFO py_missing_class_docstring app/features/user/profile/service.py:21

✓ LOW Missing Data Retention app/features/user/profile/service.py:1

✓ LOW Missing Data Retention app/features/user/schemas.py:1

✓ INFO py_missing_class_docstring app/features/user/schemas.py:12

✓ INFO py_missing_class_docstring app/features/user/schemas.py:28

✓ INFO py_missing_class_docstring app/features/user/schemas.py:50

✓ INFO py_missing_class_docstring app/features/user/schemas.py:66

✓ INFO py_missing_class_docstring app/features/user/service.py:51

✓ INFO py_missing_class_docstring app/features/user/service.py:65

✓ LOW File too long app/features/user/service.py:1

✓ LOW File too long app/ingest_v2.py:1

✓ INFO py_missing_class_docstring app/ingest_v2.py:59

✓ LOW Local Time Without Timezone app/ingest_v2.py:587

✓ INFO py_missing_class_docstring app/ingest_v2.py:673

✓ INFO py_missing_class_docstring app/ingest_v2.py:399

✓ INFO py_missing_class_docstring app/ingest_v2.py:490

✓ INFO py_missing_class_docstring app/ingest_v2.py:302

✓ INFO py_missing_class_docstring app/ingest_v2.py:519

✓ INFO py_missing_class_docstring app/ingest_v2.py:597

✓ INFO py_missing_class_docstring app/models.py:552

✓ INFO py_missing_class_docstring app/models.py:31

✓ INFO py_missing_class_docstring app/models.py:205

✓ INFO py_missing_class_docstring app/models.py:603

✓ INFO py_missing_class_docstring app/models.py:224

✓ INFO py_missing_class_docstring app/models.py:339

✓ INFO py_missing_class_docstring app/models.py:780

✓ INFO py_missing_class_docstring app/models.py:45

✓ INFO py_missing_class_docstring app/models.py:59

✓ INFO py_missing_class_docstring app/models.py:171

✓ INFO py_missing_class_docstring app/models.py:461

✓ INFO py_missing_class_docstring app/models.py:25

✓ INFO py_missing_class_docstring app/models.py:96

✓ INFO py_missing_class_docstring app/models.py:38

✓ INFO py_missing_class_docstring app/models.py:725

✓ INFO py_missing_class_docstring app/models.py:180

✓ INFO py_missing_class_docstring app/models.py:439

✓ INFO py_missing_class_docstring app/models.py:303

✓ INFO py_missing_class_docstring app/models.py:52

✓ INFO py_missing_class_docstring app/models.py:697

✓ INFO py_missing_class_docstring app/models.py:88

✓ INFO py_missing_class_docstring app/models.py:108

✓ INFO py_missing_class_docstring app/models.py:239

✓ INFO py_missing_class_docstring app/models.py:18

✓ INFO py_missing_class_docstring app/models.py:359

✓ INFO py_missing_class_docstring app/models.py:398

✓ INFO py_missing_class_docstring app/models.py:69

✓ INFO py_missing_class_docstring app/models.py:411

✓ INFO py_missing_class_docstring app/models.py:480

✓ INFO py_missing_class_docstring app/models.py:753

✓ INFO py_missing_class_docstring app/models.py:78

✓ INFO py_missing_class_docstring app/models.py:502

✓ INFO py_missing_class_docstring app/models.py:639

✓ LOW File too long app/models.py:1

✓ INFO py_missing_class_docstring app/models.py:381

✓ INFO py_missing_class_docstring app/models.py:318

✓ INFO py_missing_class_docstring app/models.py:813

🔍

Problèmes Détectés 65

↑ Sommaire ▶

💀

Critiques (CRITICAL) 0 problème(s)

▶

✅ Aucun problème détecté dans cette catégorie.

🚨

Importants (HIGH) 2 problème(s)

▶

📦

Code métier

2 ▶

🛡️

Sécurité & OWASP

2 ▶

Dockerfile exécuté en root 2 ▶

Dockerfile exécuté en root 🛡️ Sécurité & OWASP path_to/Dockerfile:## Dockerfile 🛡️ Builtin

# Sidecar HTTP pour n8n-mcp (czlonkowski)

# Transforme les appels HTTP JSON-RPC en appels stdio MCP

Risque: Le conteneur s'exécute en root par défaut, augmentant le rayon d'impact en cas de compromission (CWE-250).

Solution: Ajouter une directiv ...

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Add a USER directive with a non-root user (e.g., USER appuser) after installing dependencies.
✅ Run the audit again to verify the finding is resolved

💡 Principle of least privilege, reduced container escape risk.

CWE-250 ISO A.8.2, A.8.9

🔧 Correction suggérée — Dockerfile exécuté en root

❌ Avant

FROM node:20-alpine
RUN npm install
CMD ["node", app.js ]

✅ Après

FROM node:20-alpine
RUN npm install
USER node
CMD ["node", app.js ]

Dockerfile exécuté en root 🛡️ Sécurité & OWASP path_to/Dockerfile:## Dockerfile 🛡️ Builtin

# Sidecar HTTP pour @makafeli/n8n-workflow-builder

# Transforme les appels HTTP JSON-RPC en appels stdio MCP

# Permet le CRUD des workflows N8N

Risque: Le conteneur s'exécute en root par défaut, augmentant le rayon d'impact en cas de compromission (CWE-250).

Solution: Ajouter une directiv ...

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Add a USER directive with a non-root user (e.g., USER appuser) after installing dependencies.
✅ Run the audit again to verify the finding is resolved

💡 Principle of least privilege, reduced container escape risk.

CWE-250 ISO A.8.2, A.8.9

🔧 Correction suggérée — Dockerfile exécuté en root

❌ Avant

FROM node:20-alpine
RUN npm install
CMD ["node", app.js ]

✅ Après

FROM node:20-alpine
RUN npm install
USER node
CMD ["node", app.js ]

🔗

Dépendances

0 ▶

Aucun problème dans les dépendances.

⚠️

Modérés (MEDIUM) 25 problème(s)

▶

📦

Code métier

25 ▶

🎨

Interface & Rendu

25 ▶

Bouton HTML sans attribut type 25 ▶

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<h1>MyApp</h1>

Risque: Un <button> sans attribut type prend par défaut la valeur type="submit" dans la plupart des navigateurs. Dans un formulaire, cela provoque la soumission du formulaire au clic, même si sa fonction est autre chose (ex. ouvrir une modale, basculer un menu).

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

</button>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

</button>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

</button>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

</button>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<p data-i18n="welcome_message">Posez-moi vos questions, je suis là pour vous aider avec vos documents et données indexées.</p>

<button class="suggestion-btn" data-query-i18n="suggestion_rag_query" data-query="Explique-moi comment fonctionne le RAG" data-i18n="suggestion_rag">Comment fonctionne le RAG ?</button>

<button class="suggestion-btn" data-query-i18n="suggestion_files_query" data-query="Quels sont les fichiers disponibles dans la base de connaissances ?" data-i18n="suggestion_files">Quels fichiers sont disponibles ?</button>

<button class="suggestion-b

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<button class="suggestion-btn" data-query-i18n="suggestion_rag_query" data-query="Explique-moi comment fonctionne le RAG" data-i18n="suggestion_rag">Comment fonctionne le RAG ?</button>

<button class="suggestion-btn" data-query-i18n="suggestion_add_docs_query" data-query="Comment puis-je ajouter de nouveaux documents ?" data-i18n="suggestion_add_docs">Ajouter des documents</button>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<button class="suggestion-btn" data-query-i18n="suggestion_rag_query" data-query="Explique-moi comment fonctionne le RAG" data-i18n="suggestion_rag">Comment fonctionne le RAG ?</button>

<button class="suggestion-btn" data-query-i18n="suggestion_files_q

<button class="suggestion-btn" data-query-i18n="suggestion_add_docs_query" data-query="Comment puis-je ajouter de nouveaux documents ?" data-i18n="suggestion_add_docs">Ajouter des documents</button>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<h2 data-i18n="preferences">Préférences</h2>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

<button class="btn-primary" id="saveSettings" data-i18n="save">Enregistrer</button>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<h2 data-i18n="my_documents">📄 Mes documents</h2>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<button class="btn-pagination" id="docsPrevPage" disabled data-i18n="previous">Précédent</button>

<button class="btn-pagination" id="docsNextPage" disabled data-i18n="next">Suivant</button>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<button class="btn-pagination" id="docsPrevPage" disabled data-i18n="previous">Précédent</button>

<button class="btn-pagination" id="docsNextPage" disabled data-i18n="next">Suivant</button>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<h2 id="documentDetailsTitle" data-i18n="document_details">Détails du document</h2>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<h2 data-i18n="archived_conversations">📦 Conversations archivées</h2>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<h2 data-i18n="my_profile">Mon profil</h2>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<button class="profile-tab-btn active" data-tab="info" data-i18n="tab_information">Informations</button>

<button class="profile-tab-btn" data-tab="password" data-i18n="tab_password">Mot de passe</button>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

Bouton HTML sans attribut type 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<button class="profile-tab-btn active" data-tab="info" data-i18n="tab_information">Informations</button>

<button class="profile-tab-btn" data-tab="password" data-i18n="tab_password">Mot de passe</button>

</div>

Solution: Toujours spécifier l ...

🔧 Correction suggérée — Bouton HTML sans attribut type

❌ Avant

<button onclick="openModal()">Ouvrir</button>
<button onclick="toggleMenu()">Menu</button>

✅ Après

<button type="button" onclick="openModal()">Ouvrir</button>
<button type="button" onclick="toggleMenu()">Menu</button>

🔗

Dépendances

0 ▶

Aucun problème dans les dépendances.

ℹ️

Mineurs (LOW) 38 problème(s)

▶

📦

Code métier

38 ▶

🛡️

Sécurité & OWASP

2 ▶

Intégrité des sous-ressources manquante 2 ▶

Intégrité des sous-ressources manquante 🛡️ Sécurité & OWASP path_to/index.html:## HTML 🛡️ Builtin

Risque: Scripts ou feuilles de style externes chargés sans attribut integrity peuvent être altérés si le CDN est compromis (CWE-353).

Solution: Ajouter l'attribut i ...

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Add integrity attribute with SHA-256/384/512 hash and crossorigin='anonymous' to external script and link tags.
✅ Run the audit again to verify the finding is resolved

💡 Ensures external resources have not been tampered with, protects against CDN compromise.

CWE-353

🔧 Correction suggérée — Intégrité des sous-ressources manquante

❌ Avant

<script src="https://cdn.example.com/lib.js"></script>

✅ Après

<script src="https://cdn.example.com/lib.js" integrity="sha384-..." crossorigin="anonymous"></script>

Intégrité des sous-ressources manquante 🛡️ Sécurité & OWASP path_to/index.html:## HTML 🛡️ Builtin

Risque: Scripts ou feuilles de style externes chargés sans attribut integrity peuvent être altérés si le CDN est compromis (CWE-353).

Solution: Ajouter l'attribut i ...

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Add integrity attribute with SHA-256/384/512 hash and crossorigin='anonymous' to external script and link tags.
✅ Run the audit again to verify the finding is resolved

💡 Ensures external resources have not been tampered with, protects against CDN compromise.

CWE-353

🔧 Correction suggérée — Intégrité des sous-ressources manquante

❌ Avant

<script src="https://cdn.example.com/lib.js"></script>

✅ Après

<script src="https://cdn.example.com/lib.js" integrity="sha384-..." crossorigin="anonymous"></script>

🎨

Interface & Rendu

26 ▶

SVG inline HTML 25 ▶

SVG inline HTML 🎨 Interface & Rendu path_to/rejected.html:## HTML 🛡️ Builtin

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/pending_approval.html:## HTML 🛡️ Builtin

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</button>

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</button>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</button>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</button>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

></textarea>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</button>

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</button>

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<span data-i18n="mode_assistant">Mode Assistant</span>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</svg>

<span data-i18n="my_profile">Mon profil</span>

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

</svg>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

SVG inline HTML 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

<span id="profileUsernameDisplay" data-i18n="user">Utilisateur</span>

Risque: Les XML.">SVG inline alourdissent le HTML et sont difficiles à maintenir.

Solution: Utiliser un système d'icônes ou des sprites XML.">SVG externes.

📋 Playbook

🔍 Locate the vulnerable code pattern in the file
🔧 Use an icon system or external SVG sprites.
✅ Run the audit again to verify the finding is resolved

💡 Consistent icons, smaller HTML.

🔧 Correction suggérée — SVG inline HTML

❌ Avant

<div innerHTML="<svg>...</svg>">

✅ Après

<!-- Use <img src="icon.svg"> or CSS background-image -->

Style CSS en ligne (HTML) 1 ▶

Style CSS en ligne (HTML) 🎨 Interface & Rendu path_to/index.html:## HTML 🛡️ Builtin

</div>

</div>

Risque: Les styles en ligne couplent étroitement la structure HTML à la présentation. Ils ne peuvent pas être remplacés par des feuilles de style externes sans !important, ne peuvent pas être réutilisés et sont difficiles à maintenir à grande échelle.

Solution: Déplacer les styles vers un fichier CSS externe ou un module CSS. Utiliser des classes CSS pour les styles réutilisables et des propriétés CSS personnalisées pour les valeurs dynamiques.

🔧 Correction suggérée — Style CSS en ligne (HTML)

❌ Avant

<div style="color: red; font-size: 14px; margin-top: 8px;">Erreur</div>

✅ Après

<!-- Dans style.css : .error-message { color: red; font-size: 14px; margin-top: 8px; } -->
<div class="error-message">Erreur</div>

🔔

Expérience Utilisateur

10 ▶

Niveau de titre sauté 4 ▶

Niveau de titre sauté 🔔 Expérience Utilisateur path_to/rejected.html:## HTML 🛡️ Builtin

<h3>Motif du refus :</h3>

<p>{{reason}}</p>

</div>

Risque: Les lecteurs d'écran interprètent mal la structure de la page quand les niveaux de titres sont sautés.

Solution: Utilisez des niveaux ...

🔧 Correction suggérée — Niveau de titre sauté

❌ Avant

<h1>Title</h1>
<h3>Subtitle</h3>

✅ Après

<h1>Title</h1>
<h2>Subtitle</h2>

Niveau de titre sauté 🔔 Expérience Utilisateur path_to/pending_approval.html:## HTML 🛡️ Builtin

<h3>Prochaines etapes :</h3>

<ul>

<li>Notre equipe va examiner votre demande</li>

Risque: Les lecteurs d'écran interprètent mal la structure de la page quand les niveaux de titres sont sautés.

Solution: Utilisez des niveaux ...

🔧 Correction suggérée — Niveau de titre sauté

❌ Avant

<h1>Title</h1>
<h3>Subtitle</h3>

✅ Après

<h1>Title</h1>
<h2>Subtitle</h2>

Niveau de titre sauté 🔔 Expérience Utilisateur path_to/welcome.html:## HTML 🛡️ Builtin

<h3>Ce que vous pouvez faire :</h3>

<ul>

<li>Discuter avec l'IA et poser vos questions</li>

Risque: Les lecteurs d'écran interprètent mal la structure de la page quand les niveaux de titres sont sautés.

Solution: Utilisez des niveaux ...

🔧 Correction suggérée — Niveau de titre sauté

❌ Avant

<h1>Title</h1>
<h3>Subtitle</h3>

✅ Après

<h1>Title</h1>
<h2>Subtitle</h2>

Niveau de titre sauté 🔔 Expérience Utilisateur path_to/index.html:## HTML 🛡️ Builtin

<h4 data-i18n="modes_available">📚 Modes disponibles</h4>

Risque: Les lecteurs d'écran interprètent mal la structure de la page quand les niveaux de titres sont sautés.

Solution: Utilisez des niveaux ...

🔧 Correction suggérée — Niveau de titre sauté

❌ Avant

<h1>Title</h1>
<h3>Subtitle</h3>

✅ Après

<h1>Title</h1>
<h2>Subtitle</h2>

Repère principal <main> absent 6 ▶

Repère principal <main> absent 🔔 Expérience Utilisateur path_to/rejected.html:## HTML 🛡️ Builtin

</style>

</head>

<body>

Risque: Une page sans repère principal (<main> ou role="main") oblige les utilisateurs de lecteurs d'écran à naviguer dans tout le contenu sans raccourci vers le contenu principal, augmentant considérablement la charge cognitive.

Solution: Envelopper le conten ...

📋 Playbook

🔍 Check if the page has a <main> element or an element with role="main"
🔧 Wrap the primary page content in <main>...</main>. Use only one <main> per page
✅ Test with a screen reader: verify users can skip to main content with a keyboard shortcut

💡 WCAG 1.3.6 and 2.4.1 compliance — users can bypass navigation and jump to main content.

WCAG WCAG 1.3.6, WCAG 2.4.1

🔧 Correction suggérée — Repère principal

absent

❌ Avant

<body>
<nav>...</nav>
<div class="content">...</div>
</body>

✅ Après

<body>
<nav>...</nav>
<main>
<div class="content">...</div>
</main>
</body>

Repère principal <main> absent 🔔 Expérience Utilisateur path_to/verification.html:## HTML 🛡️ Builtin

</style>

</head>

<body>

Solution: Envelopper le conten ...

📋 Playbook

🔍 Check if the page has a <main> element or an element with role="main"
🔧 Wrap the primary page content in <main>...</main>. Use only one <main> per page
✅ Test with a screen reader: verify users can skip to main content with a keyboard shortcut

💡 WCAG 1.3.6 and 2.4.1 compliance — users can bypass navigation and jump to main content.

WCAG WCAG 1.3.6, WCAG 2.4.1

🔧 Correction suggérée — Repère principal

absent

❌ Avant

<body>
<nav>...</nav>
<div class="content">...</div>
</body>

✅ Après

<body>
<nav>...</nav>
<main>
<div class="content">...</div>
</main>
</body>

Repère principal <main> absent 🔔 Expérience Utilisateur path_to/password_reset.html:## HTML 🛡️ Builtin

</style>

</head>

<body>

Solution: Envelopper le conten ...

📋 Playbook

🔍 Check if the page has a <main> element or an element with role="main"
🔧 Wrap the primary page content in <main>...</main>. Use only one <main> per page
✅ Test with a screen reader: verify users can skip to main content with a keyboard shortcut

💡 WCAG 1.3.6 and 2.4.1 compliance — users can bypass navigation and jump to main content.

WCAG WCAG 1.3.6, WCAG 2.4.1

🔧 Correction suggérée — Repère principal

absent

❌ Avant

<body>
<nav>...</nav>
<div class="content">...</div>
</body>

✅ Après

<body>
<nav>...</nav>
<main>
<div class="content">...</div>
</main>
</body>

Repère principal <main> absent 🔔 Expérience Utilisateur path_to/pending_approval.html:## HTML 🛡️ Builtin

</style>

</head>

<body>

Solution: Envelopper le conten ...

📋 Playbook

🔍 Check if the page has a <main> element or an element with role="main"
🔧 Wrap the primary page content in <main>...</main>. Use only one <main> per page
✅ Test with a screen reader: verify users can skip to main content with a keyboard shortcut

💡 WCAG 1.3.6 and 2.4.1 compliance — users can bypass navigation and jump to main content.

WCAG WCAG 1.3.6, WCAG 2.4.1

🔧 Correction suggérée — Repère principal

absent

❌ Avant

<body>
<nav>...</nav>
<div class="content">...</div>
</body>

✅ Après

<body>
<nav>...</nav>
<main>
<div class="content">...</div>
</main>
</body>

Repère principal <main> absent 🔔 Expérience Utilisateur path_to/welcome.html:## HTML 🛡️ Builtin

</style>

</head>

<body>

Solution: Envelopper le conten ...

📋 Playbook

🔍 Check if the page has a <main> element or an element with role="main"
🔧 Wrap the primary page content in <main>...</main>. Use only one <main> per page
✅ Test with a screen reader: verify users can skip to main content with a keyboard shortcut

💡 WCAG 1.3.6 and 2.4.1 compliance — users can bypass navigation and jump to main content.

WCAG WCAG 1.3.6, WCAG 2.4.1

🔧 Correction suggérée — Repère principal

absent

❌ Avant

<body>
<nav>...</nav>
<div class="content">...</div>
</body>

✅ Après

<body>
<nav>...</nav>
<main>
<div class="content">...</div>
</main>
</body>

Repère principal <main> absent 🔔 Expérience Utilisateur path_to/new_registration.html:## HTML 🛡️ Builtin

</style>

</head>

<body>

Solution: Envelopper le conten ...

📋 Playbook

🔍 Check if the page has a <main> element or an element with role="main"
🔧 Wrap the primary page content in <main>...</main>. Use only one <main> per page
✅ Test with a screen reader: verify users can skip to main content with a keyboard shortcut

💡 WCAG 1.3.6 and 2.4.1 compliance — users can bypass navigation and jump to main content.

WCAG WCAG 1.3.6, WCAG 2.4.1

🔧 Correction suggérée — Repère principal

absent

❌ Avant

<body>
<nav>...</nav>
<div class="content">...</div>
</body>

✅ Après

<body>
<nav>...</nav>
<main>
<div class="content">...</div>
</main>
</body>

🔗

Dépendances

0 ▶

Aucun problème dans les dépendances.

📝

Information (INFO) 0 problème(s)

▶

✅ Aucun problème détecté dans cette catégorie.

📜

Règles personnalisées 0

↑ Sommaire ▶

📜

Aucune règle personnalisée configurée

Les règles personnalisées permettent de détecter des patterns spécifiques à votre base de code. Créez votre première règle avec :

./run_audit.py . --create-rule

📋

Matrice de conformité ISO 27001 44/93

↑ Sommaire ▶

Cette matrice indique quels contrôles de l'Annexe A sont testables par analyse statique de code. Elle ne certifie pas la conformité complète à ISO 27001 — les contrôles organisationnels, physiques et procéduraux nécessitent une évaluation séparée.

Couverture Annexe A 44/93 contrôles couverts (47%)

📋 Couverture globale

📊 Couverture par thème

🕸️ Profil de maturité

📊 Statut des contrôles

🏢 Contrôles organisationnels (A.5) 10/37 ▶

Contrôle	Nom	Statut	Règles	Findings
A.5.1	Policies for information security	Couvert	1	—
A.5.10	Acceptable use of information and other associated assets	Non applicable	0	—
A.5.11	Return of assets	Non applicable	0	—
A.5.12	Classification of information	Non applicable	0	—
A.5.13	Labelling of information	Non applicable	0	—
A.5.14	Information transfer	Couvert	1	—
A.5.15	Access control	Couvert	1	—
A.5.16	Identity management	Non applicable	0	—
A.5.17	Authentication information	Non applicable	0	—
A.5.18	Access rights	Couvert	1	—
A.5.19	Information security in supplier relationships	Non applicable	0	—
A.5.2	Information security roles and responsibilities	Non applicable	0	—
A.5.20	Addressing information security within supplier agreements	Non applicable	0	—
A.5.21	Managing information security in the ICT supply chain	Couvert	5	—
A.5.22	Monitoring, review and change management of supplier services	Non applicable	0	—
A.5.23	Information security for use of cloud services	Couvert	1	—
A.5.24	Information security incident management planning and preparation	Non applicable	0	—
A.5.25	Assessment and decision on information security events	Non applicable	0	—
A.5.26	Response to information security incidents	Non applicable	0	—
A.5.27	Learning from information security incidents	Non applicable	0	—
A.5.28	Collection of evidence	Non applicable	0	—
A.5.29	Information security during disruption	Non applicable	0	—
A.5.3	Segregation of duties	Non applicable	0	—
A.5.30	ICT readiness for business continuity	Non applicable	0	—
A.5.31	Legal, statutory, regulatory and contractual requirements	Non applicable	0	—
A.5.32	Intellectual property rights	Couvert	1	—
A.5.33	Protection of records	Couvert	1	—
A.5.34	Privacy and protection of PII	Couvert	2	—
A.5.35	Independent review of information security	Non applicable	0	—
A.5.36	Compliance with policies, rules and standards for information security	Non applicable	0	—
A.5.37	Documented operating procedures	Couvert	1	—
A.5.4	Management responsibilities	Non applicable	0	—
A.5.5	Contact with authorities	Non applicable	0	—
A.5.6	Contact with special interest groups	Non applicable	0	—
A.5.7	Threat intelligence	Non applicable	0	—
A.5.8	Information security in project management	Non applicable	0	—
A.5.9	Inventory of information and other associated assets	Non applicable	0	—

👥 Contrôles relatifs aux personnes (A.6) 0/8 ▶

Contrôle	Nom	Statut	Findings
A.6.1	Screening	Non applicable	—
A.6.2	Terms and conditions of employment	Non applicable	—
A.6.3	Information security awareness, education and training	Non applicable	—
A.6.4	Disciplinary process	Non applicable	—
A.6.5	Responsibilities after termination or change of employment	Non applicable	—
A.6.6	Confidentiality or non-disclosure agreements	Non applicable	—
A.6.7	Remote working	Non applicable	—
A.6.8	Information security event reporting	Non applicable	—

🏗️ Contrôles physiques (A.7) 0/14 ▶

Contrôle	Nom	Statut	Findings
A.7.1	Physical security perimeters	Non applicable	—
A.7.10	Storage media	Non applicable	—
A.7.11	Supporting utilities	Non applicable	—
A.7.12	Cabling security	Non applicable	—
A.7.13	Equipment maintenance	Non applicable	—
A.7.14	Secure disposal or re-use of equipment	Non applicable	—
A.7.2	Physical entry	Non applicable	—
A.7.3	Securing offices, rooms and facilities	Non applicable	—
A.7.4	Physical security monitoring	Non applicable	—
A.7.5	Protecting against physical and environmental threats	Non applicable	—
A.7.6	Working in secure areas	Non applicable	—
A.7.7	Clear desk and clear screen	Non applicable	—
A.7.8	Equipment siting and protection	Non applicable	—
A.7.9	Security of assets off-premises	Non applicable	—

💻 Contrôles technologiques (A.8) 34/34 ▶

Contrôle	Nom	Statut	Règles	Findings
A.8.1	User endpoint devices	Couvert	1	—
A.8.10	Information deletion	Couvert	1	—
A.8.11	Data masking	Couvert	1	—
A.8.12	Data leakage prevention	Couvert	16	—
A.8.13	Information backup	Couvert	1	—
A.8.14	Redundancy of information processing facilities	Couvert	1	—
A.8.15	Logging	Couvert	9	—
A.8.16	Monitoring activities	Couvert	1	—
A.8.17	Clock synchronization	Couvert	1	—
A.8.18	Use of privileged utility programs	Couvert	1	—
A.8.19	Installation of software on operational systems	Couvert	2	—
A.8.2	Privileged access rights	Problèmes détectés	4	2
A.8.20	Networks security	Couvert	9	—
A.8.21	Security of network services	Couvert	1	—
A.8.22	Segregation of networks	Couvert	1	—
A.8.23	Web filtering	Couvert	1	—
A.8.24	Use of cryptography	Couvert	14	—
A.8.25	Secure development life cycle	Couvert	13	—
A.8.26	Application security requirements	Couvert	61	—
A.8.27	Secure system architecture and engineering principles	Couvert	5	—
A.8.28	Secure coding	Couvert	119	—
A.8.29	Security testing in development and acceptance	Couvert	2	—
A.8.3	Information access restriction	Couvert	9	—
A.8.30	Outsourced development	Couvert	1	—
A.8.31	Separation of development, test and production environments	Couvert	4	—
A.8.32	Change management	Couvert	2	—
A.8.33	Test information	Couvert	1	—
A.8.34	Protection of information systems during audit testing	Couvert	1	—
A.8.4	Access to source code	Couvert	1	—
A.8.5	Secure authentication	Couvert	4	—
A.8.6	Capacity management	Couvert	1	—
A.8.7	Protection against malware	Couvert	6	—
A.8.8	Management of technical vulnerabilities	Couvert	9	—
A.8.9	Configuration management	Problèmes détectés	15	2

🔰

Conformité OWASP ASVS v5.0.0 44/348

↑ Sommaire ▶

Cette matrice indique quels requirements ASVS sont testables par analyse statique de code (~24% plafond SAST). Elle ne certifie pas la conformité complète ASVS — les requirements runtime, infrastructure et procéduraux nécessitent une évaluation séparée.

Couverture ASVS 44/348 requirements couverts (13%)

🔰 Couverture globale

📊 Couverture par chapitre

🕸️ Profil de couverture

📊 Statut des requirements

🛡️ V1 — Encoding, Sanitization and Sandboxing 16/30 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
1.2.1	Verify that output encoding for HTML contexts prevents XSS	L1	Couvert	8	—
1.2.10	Verify that CSV injection is prevented	L2	Couvert	1	—
1.2.2	Verify that output encoding for JavaScript contexts prevents XSS	L1	Non applicable	0	—
1.2.3	Verify that output encoding for URL contexts prevents injection	L1	Non applicable	0	—
1.2.4	Verify that SQL queries use parameterized queries or ORM	L1	Couvert	18	—
1.2.5	Verify that OS command injection is prevented	L1	Couvert	3	—
1.2.6	Verify that LDAP injection is prevented	L1	Couvert	3	—
1.2.7	Verify that XML Path Language — Langage de requête pour documents XML ; l'injection peut permettre un accès non autorisé aux données.">XPath or XML injection is prevented	L1	Couvert	4	—
1.3.10	Verify that format string vulnerabilities are prevented	L2	Couvert	1	—
1.3.11	Verify that SMTP header injection is prevented	L2	Couvert	2	—
1.3.12	Verify that ReDoS is prevented in regex patterns	L2	Couvert	1	—
1.3.2	Verify that dynamic code execution features are not used with untrusted data	L1	Couvert	2	—
1.3.4	Verify that XML.">SVG scriptable content is handled safely	L1	Couvert	1	—
1.3.6	Verify that SSRF protections are implemented	L1	Couvert	5	—
1.3.7	Verify that template injection is prevented	L1	Couvert	3	—
1.3.8	Verify that API Java pour les services d'annuaire ; exploitée dans Log4Shell (CVE-2021-44228) pour exécution de code.">JNDI injection is prevented	L1	Couvert	1	—
1.5.1	Verify that XML parsers are configured to prevent XXE	L1	Couvert	3	—
1.5.2	Verify that deserialization of untrusted data is avoided	L1	Couvert	4	—

✅ V2 — Validation and Business Logic 0/13 ▶

Non applicable

🌐 V3 — Web Frontend Security 11/31 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
3.3.1	Verify that cookies have Secure attribute set	L1	Couvert	1	—
3.4.1	Verify that HSTS header is set	L1	Couvert	1	—
3.4.2	Verify that CORS policy is restrictive	L1	Couvert	3	—
3.4.3	Verify that CSP header is configured	L1	Couvert	1	—
3.4.4	Verify that X-Content-Type-Options is set to nosniff	L1	Couvert	1	—
3.4.5	Verify that Referrer-Policy header is configured	L2	Couvert	1	—
3.4.6	Verify that clickjacking protection is implemented	L1	Couvert	1	—
3.5.1	Verify that CSRF protections are enabled	L1	Couvert	2	—
3.5.5	Verify that postMessage origin is validated	L2	Couvert	1	—
3.6.1	Verify that SRI is used for external scripts	L2	Problèmes détectés	1	2
3.7.2	Verify that open redirect vulnerabilities are prevented	L1	Couvert	3	—

🔌 V4 — API and Web Service Security 3/16 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
4.3.1	Verify that GraphQL has depth and cost limits	L2	Couvert	1	—
4.3.2	Verify that GraphQL introspection is disabled in production	L2	Couvert	1	—
4.4.1	Verify that WebSocket connections use SSL).">TLS	L1	Couvert	1	—

📁 V5 — File Handling 2/13 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
5.2.2	Verify that file uploads are validated for type and size	L1	Couvert	1	—
5.3.2	Verify that path traversal is prevented	L1	Couvert	4	—

🔑 V6 — Authentication 4/48 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
6.2.1	Verify that passwords have a minimum length of 8 characters	L1	Couvert	1	—
6.3.2	Verify that default credentials are not used	L1	Couvert	1	—
6.3.3	Verify that MFA is available for sensitive operations	L2	Couvert	5	—
6.4.2	Verify that security questions are not used for authentication	L1	Couvert	1	—

🔒 V7 — Session Management 0/20 ▶

Non applicable

👤 V8 — Authorization 0/14 ▶

Non applicable

🎟️ V9 — Self-contained Tokens 2/7 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
9.1.2	Verify that JWT none algorithm is rejected	L1	Couvert	1	—
9.1.3	Verify that JWT signing keys are not hardcoded	L1	Couvert	1	—

🔗 V10 — OAuth and OIDC 0/35 ▶

Non applicable

🔐 V11 — Cryptography 4/25 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
11.2.3	Verify that key sizes meet minimum requirements	L1	Couvert	1	—
11.3.1	Verify that strong cryptographic algorithms are used	L1	Couvert	4	—
11.3.2	Verify that deprecated algorithms are not used	L1	Couvert	2	—
11.4.1	Verify that strong hash functions are used	L1	Non applicable	0	—
11.5.1	Verify that cryptographically secure random generators are used	L1	Couvert	4	—

📡 V12 — Secure Communication 1/12 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
12.2.1	Verify that all connections use SSL).">TLS	L1	Couvert	2	—

⚙️ V13 — Configuration 0/21 ▶

Non applicable

💾 V14 — Data Protection 0/13 ▶

Non applicable

🏗️ V15 — Secure Coding and Architecture 0/21 ▶

Non applicable

📝 V16 — Security Logging and Error Handling 1/17 ▶

Requirement	Nom	Niveau	Statut	Règles	Findings
16.3.2	Verify that log injection is prevented	L2	Couvert	1	—

📹 V17 — WebRTC 0/12 ▶

Non applicable

🛡️

Conformité NIST CSF 2.0 0/17

↑ Sommaire ▶

La couverture indique les sous-catégories CSF vérifiées par les règles SCA. Les findings indiquent des problèmes détectés à corriger pour la conformité.

Couverture des sous-catégories CSF 0/17 sous-catégories couvertes (0.0%)

📋 Couverture globale

📊 Couverture par fonction

🕸️ Profil par fonction

📊 Statut des sous-catégories

🏛️ GV — Gouverner 0/1 ▶

ID	Sous-catégorie	Statut	Règles	Findings
GV.SC-05	Supply chain risk assessment is performed	Non applicable	4	—

🔍 ID — Identifier 0/1 ▶

ID	Sous-catégorie	Statut	Règles	Findings
ID.RA-01	Vulnerabilities in assets are identified, validated, and recorded	Non applicable	1	—

🛡️ PR — Protéger 0/14 ▶

ID	Sous-catégorie	Statut	Règles	Findings
PR.AA-01	Identities and credentials are managed	Non applicable	5	—
PR.AA-03	Users, services, and hardware are authenticated	Non applicable	6	—
PR.AA-04	Identity assertions are protected, conveyed, and verified	Non applicable	2	—
PR.AA-05	Access permissions, entitlements, and authorizations are managed	Non applicable	7	—
PR.DS-01	Data-at-rest is protected	Non applicable	13	—
PR.DS-02	Data-in-transit is protected	Non applicable	9	—
PR.DS-10	Confidentiality, integrity, and availability of data are protected	Non applicable	41	—
PR.IR-01	Networks and environments are protected	Non applicable	14	—
PR.IR-02	Technology assets are managed to ensure availability	Non applicable	6	—
PR.PS-01	Configuration management practices are established	Non applicable	4	—
PR.PS-02	Software is maintained, replaced, and removed	Non applicable	7	—
PR.PS-04	Log records are generated and made available	Non applicable	4	—
PR.PS-05	Installation and execution of unauthorized software is prevented	Non applicable	4	—
PR.PS-06	Secure software development practices are used	Non applicable	32	—

📡 DE — Détecter 0/1 ▶

ID	Sous-catégorie	Statut	Règles	Findings
DE.CM-09	Computing hardware and software are monitored	Non applicable	3	—

✅

Bonnes Pratiques Vérifiées 171

↑ Sommaire ▶

Cette section liste les points positifs détectés par l'audit. Chaque élément représente une bonne pratique de sécurité ou d'architecture vérifiée dans votre code.

🛡️

✅ Sécurité & OWASP 144 vérification(s) réussie(s)

▶

Empeche l'execution de code arbitraire via le chargement d'assemblies malveillantes.

Empeche l'exposition des donnees sensibles via le stockage de fichiers en clair.

Reduit la surface d'attaque et renforce la securite de l'application.

Empeche le bypass d'authentification via des verifications de parametres de requete controles par l'utilisateur.

Empêche la reconnaissance de la base de données et la divulgation de la structure interne qui permettent des attaques par injection SQL ciblées.

Empeche l'affaiblissement de la confiance TLS a l'echelle du systeme en ajoutant des certificats specifiques a l'application au store racine.

Empeche la fuite de patterns de donnees via le chiffrement deterministe du mode ECB.

Empeche l'exposition excessive de donnees privees utilisateur dans les reponses API.

Empeche l'exposition accidentelle de donnees sensibles dans les reponses API.

Empeche l'exposition des credentials de base de donnees via des chaines de connexion hardcodees dans le code source.

Empeche l'exposition de la cle de chiffrement via le code source et la decompilation des assemblies compilees.

Garantit que toutes les communications SQL Server sont chiffrees et que le certificat du serveur est valide.

Garantit que les cles RSA repondent aux exigences minimales de resistance cryptographique.

Empeche le debordement de tampon via une arithmetique de pointeurs non validee dans du code unsafe.

Garantit que toutes les actions de controleur sensibles requirerent une authentification avant que l'acces soit accorde.

Empeche les attaques ReDoS via des patterns d'expression reguliere controles par l'utilisateur.

Empeche le chargement non autorise de ressources et l'execution de code via des identifiants de ressources controles par l'utilisateur.

Empeche les attaques oracle de padding contre les donnees chiffrees RSA.

Garantit que les valeurs deserialisees subissent la meme validation runtime que les entrees utilisateur.

Empeche la fixation de session en invalidant la session pre-connexion apres une authentification reussie.

Élimine l'injection SQL via string.Format() en imposant l'utilisation de requêtes paramétrées.

Élimine les vecteurs d'injection SQL dynamique dans les appels de procédures stockées en imposant une exécution paramétrée.

Réduit la surface d'attaque et renforce la sécurité de l'application.

Empeche l'injection de chaine de format pouvant causer des exceptions et bypasser les mecanismes de securite.

Empeche l'execution de code arbitraire via des objets .NET serialises malveillants.

Empeche les attaques d'injection XML via du contenu XML controle par l'utilisateur.

Empeche les attaques XXE via la resolution d'entites externes dans XmlDocument.

Empeche les attaques de traversee de chemin via des noms d'entrees d'archive malveillants.

Empeche le deni de service via l'allocation de tableau de taille controlee par l'utilisateur.

Empeche les acces hors limites du tableau via des valeurs d'index controlees par l'utilisateur.

Empeche l'exposition de donnees sensibles via les dumps de heap et l'inspection de la memoire JVM.

Empeche l'exposition des donnees sensibles via le contenu des cookies visible par les clients et intermediaires.

Empeche l'exposition des credentials via le code source et la decompilation des fichiers class compiles.

Empeche le bypass d'authentification via des conditions de securite controlees par l'utilisateur.

Empeche l'injection de commandes OS en utilisant ProcessBuilder avec des tableaux d'arguments explicites.

Empêche la reconnaissance de la base de données qui permet des attaques par injection SQL ciblées et l'extraction de données.

Chiffre toutes les données en transit entre l'application Java et la base de données, empêchant le vol d'identifiants et l'interception des données.

Empeche l'injection de commandes via des variables d'environnement controlees exterieurement.

Empeche l'injection de commandes shell via des metacaracteres dans des chaines de commandes concatenees.

Empeche l'execution de code arbitraire via l'injection de script Groovy.

Empêche l'exposition des credentials de base de données via le code source et l'historique du contrôle de version.

Empeche les attaques HTTP Response Splitting via l'injection CRLF dans les valeurs de header.

Empeche le deni de service via des conditions de terminaison de boucle controlees par l'utilisateur.

Empeche l'interception des credentials en garantissant que les credentials d'authentification ne sont transmis que via HTTPS chiffre.

Empeche l'injection EL via les expressions de message de contrainte Bean Validation.

Garantit que les credentials SMTP ne sont transmis que via des connexions chiffrees.

Empeche l'interception des credentials LDAP sur des connexions reseau non chiffrees.

Empeche les attaques man-in-the-middle remplacant les artefacts Maven par du code malveillant.

Garantit que les cles asymetriques repondent aux exigences minimales de resistance cryptographique.

Empeche l'execution de code arbitraire via l'injection d'expression JEXL.

Garantit que la signature JWT est verifiee cryptographiquement avant de faire confiance aux claims.

Empeche l'execution de code arbitraire via l'injection d'expression MVEL.

Empeche le HTTP Response Splitting via l'injection CRLF dans les headers HTTP Netty.

Empêche l'injection NoSQL qui contourne les filtres d'authentification et d'autorisation via des opérateurs de requête injectés.

Empeche l'execution de code distante via l'injection d'expression OGNL (attaques de type Struts2).

Empeche le bypass de traversee de chemin via la correspondance de prefixe de nom de repertoire sans separateur.

Le hachage unidirectionnel avec un KDF robuste rend les mots de passe stockés pratiquement irrécupérables même après une fuite de base de données.

Empeche le deni de service via des expressions regulieres a backtracking catastrophique.

Garantit que SecureRandom est initialise avec une vraie entropie, rendant les valeurs generees cryptographiquement imprevisibles.

Garantit que chaque operation de chiffrement utilise un IV unique, empechant l'analyse de patterns et l'exposition de la cle d'authentification GCM.

Élimine l'injection de procédures stockées en imposant des appels de procédures paramétrés.

Empeche l'escalade de privileges via des arguments de verification de permission controles par l'utilisateur.

Empeche l'injection de template cote serveur conduisant a l'execution de code arbitraire.

Prévient les uploads de web shells et l'exécution de code arbitraire via les uploads de fichiers non restreints (CWE-434).

Empeche l'acces non autorise aux ressources internes de l'application via le forwarding RequestDispatcher.

Garantit que toute la communication socket est chiffree avec TLS, empechant l'ecoute reseau.

Empeche l'injection de contenu via des fichiers world-writable modifies entre l'octroi des permissions d'ecriture et l'operation de lecture.

Empeche l'execution de code distante via des fonctions d'extension XSLT malveillantes.

Empeche les attaques XXE permettant la lecture de fichiers locaux, SSRF et deni de service.

Empeche le chargement de ressources depuis des domaines controles par l'attaquant via des listes blanches d'URL trop larges.

Remplace les chiffrements casses/obsoletes par un algorithme de chiffrement moderne et securise.

Empeche l'exposition du code source via les source maps des artefacts de build dans les deployements de production.

Protege les donnees sensibles au repos contre les acces non autorises au systeme de fichiers.

Empeche la falsification de requete cote client via des URLs de requete derivees du DOM.

Empeche le bypass d'autorisation via des conditions de securite controlees par l'utilisateur.

Garantit que toutes les communications de base de données sont chiffrées et que l'identité du serveur est vérifiée, empêchant les attaques de type man-in-the-middle.

Empeche le bypass de controle de securite via la comparaison controlee par l'attaquant de differents types de donnees de requete.

Garantit que la chaine de certificats TLS est validee, empechant les attaques man-in-the-middle.

Empeche l'injection de code via l'utilisation de setTimeout/setInterval avec des chaines.

Empeche l'injection MITM de scripts malveillants via du contenu HTTP/HTTPS mixte dans Electron.

Empeche le XSS dans le renderer d'escalader vers l'execution de code au niveau OS via l'acces a l'API Node.js.

Maintient les limites de securite du navigateur empechant les requetes cross-origin arbitraires dans les applications Electron.

Garantit que tous les services requrerent une authentification, empechant l'acces non autorise.

Empeche l'injection de code via des sources de script externes compromises ou remplacees.

Empeche l'injection de scripts malveillants via le chargement de ressources externes par MITM.

Empeche le code backdoor obfusque de cacher une intention malveillante via l'encodage de donnees.

Empeche la prise de controle de compte via l'empoisonnement du header Host dans les emails transactionnels.

Empeche l'ecriture de fichiers arbitraires via des donnees de reponse HTTP non validees.

Detecte un vecteur de persistance documente utilise dans des attaques supply-chain et bloque la reconfiguration silencieuse de l'IDE.

Empeche le bypass d'injection de code via une sanitisation insuffisante avant eval.

Empeche le XSS via l'injection d'attributs HTML incluant les URIs javascript: et l'injection de gestionnaires d'evenements.

Empeche le bypass XSS via des variations de casse des sequences HTML/JavaScript dangereuses.

Garantit que toutes les occurrences de caracteres dangereux sont remplacees, pas seulement la premiere.

Empeche le XSS via des schemas URL executables alternatifs contournant les verifications incompletes.

Empeche l'injection de commandes OS via des metacaracteres shell dans les chaines de commandes.

Empeche les attaques man-in-the-middle remplacant les dependances npm par du code malveillant.

Empeche les attaques man-in-the-middle remplacant les executables telecharges par du code malveillant.

Elimine la race condition TOCTOU lors de la creation de fichiers temporaires.

Garantit que les hashes de mots de passe sont computationnellement couteux a inverser, resistant aux attaques par force brute.

Garantit que la signature JWT est toujours verifiee cryptographiquement avant de faire confiance au payload.

Empeche le deni de service via des comptages d'iteration de boucle controles par l'attaquant.

Ferme un vecteur d'attaque supply-chain npm documente et garantit que les advisories du registre npm couvrent tout le code installe.

Empeche l'exposition des credentials via le controle de version et les fuites de fichiers de configuration.

Empeche l'exposition du code source, des secrets et des fichiers internes de l'application via le service statique.

Empêche l'injection de code Lua arbitraire dans Redis, protégeant l'intégrité des données et les contrôles d'accès.

Empeche les attaques ReDoS et le bypass de validation par regex.

Empeche la pollution de prototype et l'exhaustion des ressources via des proprietes d'objet fournies par l'utilisateur.

Empeche le deni de service via une allocation memoire ou une iteration CPU non bornees.

Empeche l'injection de commandes de second ordre via des valeurs stockees en base de donnees utilisees dans des commandes shell.

Empeche le deni de service via des entrees malformees causant des exceptions non gerees.

Empeche les attaques de fixation de session en emettant un nouvel ID de session apres la connexion.

Empeche l'injection de commandes via des variables d'environnement controlees par l'attaquant.

Élimine l'injection SQL dans les appels de base de données bruts en déléguant l'échappement des valeurs au driver de base de données.

Empeche le XSS stocke en garantissant que le contenu recupere de la base de donnees n'est pas rendu comme HTML brut.

Empeche les attaques de confusion de type qui bypassent les controles de securite via des types de parametres inattendus.

Prévient les attaques d'upload de fichiers non restreints qui pourraient mener à une exécution de code à distance ou à un accès via web shell (CWE-434).

Empeche l'execution de code arbitraire via la construction dynamique de Function depuis des entrees utilisateur.

Empeche l'execution de code distante via l'invocation dynamique de methodes avec des noms de proprietes controles par l'utilisateur.

Empeche le XSS via l'extension de balises HTML basee sur des regex non securisees.

Empeche l'invocation de fonctions globales arbitraires via l'acces aux proprietes controle par l'utilisateur.

Empeche les attaques de denial-of-service par XML bomb et XXE.

Empeche l'injection XPath permettant le bypass d'authentification et l'extraction non autorisee de donnees XML.

Empeche le XSS via la methode .html() de jQuery avec du contenu controle par l'utilisateur.

Empeche le XSS base sur le DOM via des proprietes navigateur controlees par l'attaquant.

Empeche le XSS provenant de HTML construit avec des donnees serveur controlees par l'utilisateur.

Élimine l'injection de procédures stockées en imposant des appels paramétrés en PHP.

Prévient les uploads de web shells PHP et l'exécution de code arbitraire via les uploads de fichiers non restreints (CWE-434).

Garantit que les hashes de mots de passe sont coûteux à cracker computationnellement, rendant les attaques par force brute et par dictionnaire hors ligne impraticables (CWE-916).

Empêche l'exposition des credentials via le code source et l'historique du contrôle de version.

Empêche les attaquants d'utiliser les messages d'erreur pour effectuer une reconnaissance de la base de données et planifier des attaques ciblées.

Chiffre toutes les données en transit entre l'application et la base de données, empêchant le vol d'identifiants et l'interception des données.

Empêche l'extraction de données non autorisée et le DoS via des injections de DSL Elasticsearch crafted.

Empeche le HTTP Response Splitting, l'empoisonnement de cache et le XSS via injection de header.

Empêche l'exécution de code à distance via des payloads malveillants injectés dans le stockage de base de données.

Empeche les attaques XSS en garantissant que toutes les variables de template sont echappees HTML par defaut.

Empeche l'injection NoSQL permettant le bypass d'authentification et l'acces aux donnees non autorisees.

Empêche l'exécution JavaScript côté serveur et l'injection d'opérateurs qui contournent l'authentification et l'autorisation MongoDB.

Garantit que le statut du compte (expiration, verrouillage) est verifie apres la verification du mot de passe.

Empeche les attaques SSRF contre les services internes et les endpoints de metadonnees cloud.

Le hachage unidirectionnel garantit que les mots de passe stockés ne peuvent pas être récupérés même en cas de fuite de la base de données.

Empêche l'exécution de code Lua arbitraire et l'accès non autorisé aux données Redis via l'injection de script.

Élimine l'injection SQL via le formatage de chaîne Python en déléguant l'échappement des valeurs au driver de base de données.

Empêche l'injection ORDER BY qui permet l'injection SQL aveugle et l'extraction de données via des valeurs de tri forgées.

Empeche l'injection de commandes OS via des metacaracteres shell.

🎨

✅ Interface & Rendu 1 vérification(s) réussie(s)

▶

UI : aucun finding CRITICAL ni HIGH — catégorie dans les seuils acceptables.

🔔

✅ Expérience Utilisateur 7 vérification(s) réussie(s)

▶

Conformité WCAG 1.3.1 et 4.1.2 — la navigation clavier reste cohérente et prévisible pour tous les utilisateurs.

Conformité WCAG 1.3.1 et 4.1.2 — tous les contrôles de formulaire ont un nom accessible compréhensible par les technologies d'assistance.

Conformité WCAG 1.2.2 — Sous-titres (pré-enregistrés) — tous les médias synchronisés ont des sous-titres pour les utilisateurs sourds et malentendants.

Conformité WCAG 1.4.4 — Redimensionnement du texte — garantit que les utilisateurs peuvent agrandir le contenu jusqu'à 200 % sans perte de fonctionnalité.

Conformité WCAG 1.1.1 — Contenu non textuel — toutes les images ont une alternative textuelle accessible aux technologies d'assistance.

Conformité WCAG 1.3.1 et 4.1.2 — cliquer sur le label met le focus sur l'input associé, et les lecteurs d'écran annoncent le label quand l'input est ciblé.

UX : aucun finding CRITICAL ni HIGH — catégorie dans les seuils acceptables.

♻️

✅ Maintenance & DRY 2 vérification(s) réussie(s)

▶

Chaque erreur est visible et traçable — le débogage en production devient possible et les alertes de supervision peuvent se déclencher.

Reduit la dette technique et ameliore la qualite du code.

🗄️

✅ Schéma PostgreSQL 1 vérification(s) réussie(s)

▶

Permet l'analyse du schema de base de donnees et la detection de derive.

⚙️

✅ Pipelines CI/CD 16 vérification(s) réussie(s)

▶

Prévient l'exécution de code arbitraire depuis des ressources distantes compromises ou détournées dans le pipeline CI/CD (OWASP CI-CD-09).

Prévient les attaques d'évasion de conteneur et limite le rayon d'impact d'un job CI/CD compromis au conteneur plutôt qu'à l'hôte.

Détecte les reverse shells potentiels et les canaux d'exfiltration de données embarqués dans les scripts de pipeline CI/CD.

Prévient l'exécution de code externe non vérifié lors des mises à jour automatisées des dépendances, protégeant le pipeline CI/CD des attaques supply chain.

Garantit que les artefacts publiés sont construits depuis les sources uniquement, prévenant les attaques supply chain via l'empoisonnement de cache (OWASP CI-CD-09).

Prévient les attaques de contournement d'auto-merge où un attaquant usurpe l'identité d'un bot de confiance pour merger automatiquement du code malveillant.

Élimine le risque d'injection d'environnement introduit par l'ancienne API de commandes workflow.

Renforce la securite et la fiabilite du pipeline CI/CD.

Garantit que les tokens d'application GitHub respectent le principe du moindre privilège en étant automatiquement invalidés dès la fin du job du workflow.

Prévient les attaques d'injection de variables d'environnement pouvant affecter toutes les étapes suivantes du workflow.

Élimine la surface d'attaque introduite par les commandes workflow non sécurisées sans désactiver les alternatives modernes.

Limite le rayon d'impact d'une étape de workflow compromise aux seuls secrets explicitement référencés, respectant le principe du moindre privilège.

Évite la fuite de secrets dans les logs CI/CD accessibles à tous les contributeurs du dépôt.

Garantit que les vulnérabilités de sécurité bloquent le pipeline et ne peuvent pas être ignorées silencieusement lors des déploiements en production.

Prévient la fuite d'identifiants dans les logs de jobs CI/CD qui pourraient être exploités pour un accès non autorisé au dépôt ou au registre de conteneurs.

Élimine l'exposition des identifiants dans l'historique de contrôle de version et les logs CI/CD (OWASP CI-CD-04, CWE-798).

📖 Lexique ↑ Sommaire

Acronymes et termes techniques utilisés dans ce rapport.

Acronyme	Signification	Description
API	Application Programming Interface	Interface de communication entre logiciels.
ARIA	Accessible Rich Internet Applications	Attributs HTML améliorant l'accessibilité pour les technologies d'assistance.
ASVS	Application Security Verification Standard	Standard OWASP définissant les exigences de sécurité pour les applications web selon 3 niveaux de vérification (L1/L2/L3).
CI/CD	Intégration Continue / Déploiement Continu	Pipeline automatisé qui compile, teste et déploie le code à chaque modification.
CLI	Interface en Ligne de Commande	Interface textuelle permettant d'interagir avec un programme via un terminal.
CORS	Cross-Origin Resource Sharing	Mécanisme de sécurité contrôlant les requêtes HTTP entre domaines différents.
CSP	Content Security Policy	En-tête HTTP limitant les sources de contenu autorisées sur une page web.
CSRF	Cross-Site Request Forgery	Attaque forçant un utilisateur authentifié à exécuter des actions non voulues.
CSS	Cascading Style Sheets	Langage de mise en forme et de style des pages web.
CVE	Common Vulnerabilities and Exposures	Identifiant unique pour une vulnérabilité de sécurité connue.
CVSS	Common Vulnerability Scoring System	Système de notation de la gravité des vulnérabilités (score de 0 à 10).
CWE	Common Weakness Enumeration	Catalogue standardisé des types de faiblesses logicielles.
DOM	Document Object Model	Représentation arborescente d'un document HTML en mémoire.
DRY	Don't Repeat Yourself	Principe de conception évitant la duplication de code.
Fixture	Cas de test (fixture)	Exemple de code (vulnérable ou sain) utilisé pour valider qu'une règle de détection se déclenche correctement.
GDPR	General Data Protection Regulation	Règlement européen sur la protection des données personnelles (version anglaise du RGPD).
HSTS	HTTP Strict Transport Security	En-tête HTTP forçant les navigateurs à utiliser uniquement HTTPS, prévenant les attaques de downgrade.
HTML	HyperText Markup Language	Langage de balisage pour structurer les pages web.
HTTP/HTTPS	HyperText Transfer Protocol (Secure)	Protocole de communication web. HTTPS ajoute le chiffrement via TLS.
i18n	Internationalization	Adaptation d'un logiciel pour supporter plusieurs langues et régions.
IDOR	Référence directe non sécurisée à un objet	Faille de contrôle d'accès permettant à un attaquant d'accéder à des ressources en manipulant des identifiants.
ISO 27001	ISO/IEC 27001:2022	Norme internationale pour les systèmes de management de la sécurité de l'information (SMSI). L'Annexe A définit 93 contrôles répartis en 4 thèmes.
JNDI	Java Naming and Directory Interface	API Java pour les services d'annuaire ; exploitée dans Log4Shell (CVE-2021-44228) pour exécution de code.
JS	JavaScript	Langage de programmation principalement utilisé pour le web.
JSON	JavaScript Object Notation	Format léger d'échange de données structurées.
JWT	JSON Web Token	Jeton d'authentification signé au format JSON, utilisé pour les sessions.
LDAP	Lightweight Directory Access Protocol	Protocole d'accès aux services d'annuaire (comptes utilisateurs, etc.).
MD5	Message Digest 5	Algorithme de hachage obsolète et non sécurisé — à ne plus utiliser.
MFA	Authentification Multi-Facteurs	Authentification nécessitant deux facteurs ou plus (mot de passe + OTP, etc.).
NoSQL	Not only SQL	Bases de données non relationnelles (MongoDB, Redis, etc.) vulnérables aux injections si les requêtes ne sont pas filtrées.
ORM	Object-Relational Mapping	Couche d'abstraction entre le code objet et la base de données relationnelle.
OWASP	Open Web Application Security Project	Référentiel mondial de bonnes pratiques de sécurité pour les applications web.
PII	Données à Caractère Personnel	Toute donnée pouvant identifier un individu (nom, email, numéro de sécurité sociale). Protégées par le RGPD.
RCE	Exécution de Code à Distance	Vulnérabilité critique permettant à un attaquant d'exécuter du code arbitraire sur le serveur.
RGPD	Règlement Général sur la Protection des Données	Règlement européen sur la protection des données personnelles.
SARIF	Static Analysis Results Interchange Format	Format JSON standardisé (OASIS) pour l'échange de résultats d'analyse statique entre outils et systèmes CI/CD.
SAST	Static Application Security Testing	Analyse de sécurité du code source sans exécution de l'application.
SBOM	Software Bill of Materials	Inventaire complet des composants logiciels et dépendances d'un projet (format CycloneDX).
SCA	Static Code Audit	Abréviation de StaticCodeAudit, l'outil ayant généré ce rapport.
SHA-1	Secure Hash Algorithm 1	Algorithme de hachage obsolète — vulnérable aux collisions.
SLA	Accord de Niveau de Service	Engagement définissant les délais maximaux de résolution par sévérité (ex. CRITICAL : 24h, HIGH : 72h).
SMTP	Simple Mail Transfer Protocol	Protocole standard d'envoi d'emails ; les injections peuvent permettre l'usurpation d'expéditeur.
SQL	Structured Query Language	Langage de requêtes pour bases de données relationnelles.
SSH	Secure Shell	Protocole cryptographique pour l'accès distant sécurisé aux serveurs.
SSL	Secure Sockets Layer	Prédécesseur obsolète de TLS. Son utilisation indique une configuration dépassée et non sécurisée.
SSRF	Server-Side Request Forgery	Attaque forçant un serveur à effectuer des requêtes vers des ressources internes.
SSTI	Injection dans les Templates Côté Serveur	Injection de code malveillant dans un moteur de templates serveur, pouvant mener à une exécution de code.
SVG	Scalable Vector Graphics	Format d'image vectorielle pour le web, basé sur XML.
Taint	Analyse de flux de données (Taint Analysis)	Technique de suivi des données non fiables depuis leur source jusqu'aux opérations sensibles (sink) pour détecter les injections.
TLS	Transport Layer Security	Protocole de chiffrement des communications réseau (successeur de SSL).
TOCTOU	Time-of-Check to Time-of-Use	Vulnérabilité de type race condition entre la vérification et l'utilisation d'une ressource.
URL	Uniform Resource Locator	Adresse web identifiant une ressource sur un réseau (ex. https://example.com/chemin).
WCAG	Web Content Accessibility Guidelines	Directives d'accessibilité web du W3C — norme internationale.
XML	eXtensible Markup Language	Format de données structuré utilisé dans les fichiers de configuration, les API et l'échange de documents.
XPath	XML Path Language	Langage de requête pour documents XML ; l'injection peut permettre un accès non autorisé aux données.
XSS	Cross-Site Scripting	Injection de scripts malveillants dans une page web vue par d'autres utilisateurs.
XXE	XML External Entity	Attaque XML exploitant le traitement d'entités externes pour lire des fichiers ou déclencher un SSRF.

StaticCodeAudit — Rapport d'Audit - MyApp

Score de Sécurité du Code : 71%

Score de conformité : 20.0%

📊 Visualisation ↑ Sommaire

Répartition par Sévérité

Problèmes par Catégorie

📊 Findings par langage et sévérité

Code Métier vs Dépendances

🧪 Tests Unitaires

🔬 Validation Fixtures

⏱️ Temps d'analyse

📦 Dépendances

🔬 Chemin de la donnée

📊 Findings par source

📈 Évolution des Problèmes

🧪 Évolution des Tests

⏱️ Évolution des temps

Score de Sécurité du Code

Résumé

Tendance

Recommandations prioritaires

📋 Résumé ↑ Sommaire

📋 Projet

📋 Périmètre de l'audit

⚙️ Options CLI

Top 10 Fichiers Problématiques

Comparaison avec baseline

➕ Nouveaux problèmes 48

✅ Problèmes résolus 3380

Problèmes Détectés 65

Critiques (CRITICAL) 0 problème(s)

Importants (HIGH) 2 problème(s)

Code métier

Sécurité & OWASP

Dépendances

Modérés (MEDIUM) 25 problème(s)

Code métier

Interface & Rendu

Dépendances

Mineurs (LOW) 38 problème(s)

Code métier

Sécurité & OWASP

Interface & Rendu

Expérience Utilisateur

Dépendances

Information (INFO) 0 problème(s)

Règles personnalisées 0

📦 Dépendances ↑ Sommaire

⏱️ SLA par sévérité ↑ Sommaire

👤 Findings par auteur ↑ Sommaire

Matrice de conformité ISO 27001 44/93

📋 Couverture globale

📊 Couverture par thème

🕸️ Profil de maturité

📊 Statut des contrôles

🏢 Contrôles organisationnels (A.5) 10/37 ▶

👥 Contrôles relatifs aux personnes (A.6) 0/8 ▶

🏗️ Contrôles physiques (A.7) 0/14 ▶

💻 Contrôles technologiques (A.8) 34/34 ▶

Conformité OWASP ASVS v5.0.0 44/348

🔰 Couverture globale

📊 Couverture par chapitre

🕸️ Profil de couverture

📊 Statut des requirements

🛡️ V1 — Encoding, Sanitization and Sandboxing 16/30 ▶

✅ V2 — Validation and Business Logic 0/13 ▶

🌐 V3 — Web Frontend Security 11/31 ▶

🔌 V4 — API and Web Service Security 3/16 ▶

📁 V5 — File Handling 2/13 ▶

🔑 V6 — Authentication 4/48 ▶

🔒 V7 — Session Management 0/20 ▶

👤 V8 — Authorization 0/14 ▶

🎟️ V9 — Self-contained Tokens 2/7 ▶

🔗 V10 — OAuth and OIDC 0/35 ▶

🔐 V11 — Cryptography 4/25 ▶

📡 V12 — Secure Communication 1/12 ▶

⚙️ V13 — Configuration 0/21 ▶

💾 V14 — Data Protection 0/13 ▶

🏗️ V15 — Secure Coding and Architecture 0/21 ▶

📝 V16 — Security Logging and Error Handling 1/17 ▶