copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
web-hosts/domains/coppertone.tech/audit-reports/frontend-audit/security-20251123-092506.txt
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

98 lines
6.4 KiB
Plaintext
Raw Permalink Blame History

# Frontend Security Audit - 20251123-092506
== npm audit ==
== Potential XSS vectors (innerHTML, dangerouslySetInnerHTML, v-html) ==
src/components/trustBusiness/WebsiteCopyGenerator.vue:53: v-html="renderedContent"
src/components/trustBusiness/BusinessPlanGenerator.vue:35: v-html="renderedPlan"
src/components/trustBusiness/BusinessPlanGenerator.vue:357: ${planContent.value?.innerHTML || ''}
src/components/trustBusiness/GovernanceCharterGenerator.vue:35: v-html="renderedCharter"
src/components/trustBusiness/GovernanceCharterGenerator.vue:476: ${charterContent.value?.innerHTML || ''}
src/lib/sanitize.ts:8: * Sanitize HTML content for safe rendering with v-html
src/views/ArticleDetailView.vue:33: <div class="article-content text-base sm:text-lg text-gray-800 leading-relaxed" v-html="article.content"></div>
src/views/ServiceDetailView.vue:33: <div class="service-content text-base sm:text-lg text-gray-800 leading-relaxed" v-html="service.content"></div>
== Hardcoded URLs (potential for SSRF or misconfiguration) ==
src/components/TheWelcome.vue:20:https://vuejs.org/
src/components/TheWelcome.vue:31:https://vite.dev/guide/features.html
src/components/TheWelcome.vue:33:https://code.visualstudio.com/
src/components/TheWelcome.vue:35:https://github.com/vuejs/language-tools
src/components/TheWelcome.vue:38:https://vitest.dev/
src/components/TheWelcome.vue:40:https://www.cypress.io/
src/components/TheWelcome.vue:42:https://playwright.dev/
src/components/TheWelcome.vue:58:https://pinia.vuejs.org/
src/components/TheWelcome.vue:59:https://router.vuejs.org/
src/components/TheWelcome.vue:60:https://test-utils.vuejs.org/
src/components/TheWelcome.vue:61:https://github.com/vuejs/devtools
src/components/TheWelcome.vue:63:https://github.com/vuejs/awesome-vue
src/components/TheWelcome.vue:74:https://chat.vuejs.org
src/components/TheWelcome.vue:76:https://stackoverflow.com/questions/tagged/vue.js
src/components/TheWelcome.vue:79:https://bsky.app/profile/vuejs.org
src/components/TheWelcome.vue:81:https://x.com/vuejs
src/components/TheWelcome.vue:93:https://vuejs.org/sponsor/
src/components/HelloWorld.vue:12:https://vite.dev/
src/components/HelloWorld.vue:13:https://vuejs.org/
src/components/icons/IconDocumentation.vue:2:http://www.w3.org/2000/svg
src/components/icons/IconTooling.vue:1:https://github.com/Templarian/MaterialDesign
src/components/icons/IconTooling.vue:1:https://www.apache.org/licenses/LICENSE-2.0
src/components/icons/IconTooling.vue:4:http://www.w3.org/2000/svg
src/components/icons/IconTooling.vue:5:http://www.w3.org/1999/xlink
src/components/icons/IconEcosystem.vue:2:http://www.w3.org/2000/svg
src/components/icons/IconSupport.vue:2:http://www.w3.org/2000/svg
src/components/icons/IconCommunity.vue:2:http://www.w3.org/2000/svg
src/lib/p2pStorage.ts:13:http://localhost
src/views/BizCardView.vue:260:https://coppertone.tech
src/views/BizCardView.vue:269:https://coppertone.tech
src/views/BizCardView.vue:301:https://api.qrserver.com/v1/create-qr-code/?size=
== localStorage/sessionStorage usage (sensitive data?) ==
src/stores/trustBusiness.ts:1158: localStorage.setItem(STORAGE_KEY, JSON.stringify(data))
src/stores/trustBusiness.ts:1168: const raw = localStorage.getItem(STORAGE_KEY)
src/stores/auth.ts:169: const token = ref<string | null>(localStorage.getItem('auth_token'))
src/stores/auth.ts:267: localStorage.setItem('auth_token', data.token)
src/stores/auth.ts:303: localStorage.setItem('auth_token', data.token)
src/stores/auth.ts:417: localStorage.removeItem('auth_token')
src/stores/__tests__/auth.spec.ts:9: // Clear localStorage mock
src/stores/__tests__/auth.spec.ts:10: localStorage.clear()
src/stores/__tests__/auth.spec.ts:79: expect(localStorage.setItem).toHaveBeenCalledWith('auth_token', 'mock-jwt-token')
src/stores/__tests__/auth.spec.ts:92: expect(localStorage.removeItem).toHaveBeenCalledWith('auth_token')
src/stores/__tests__/setup.ts:4:// Mock localStorage
src/stores/__tests__/setup.ts:5:const localStorageMock = (() => {
src/stores/__tests__/setup.ts:25:Object.defineProperty(globalThis, 'localStorage', {
src/stores/__tests__/setup.ts:26: value: localStorageMock,
src/stores/__tests__/setup.ts:36: localStorageMock.clear()
src/lib/p2pStorage.ts:5: * Falls back to localStorage if P2P initialization fails.
== eval() usage (code injection risk) ==
None found
== Potential secrets in code ==
src/stores/__tests__/projects.spec.ts:23: authStore.token = 'mock-token'
src/stores/__tests__/projects.spec.ts:67: authStore.token = 'mock-token'
src/stores/__tests__/projects.spec.ts:84: authStore.token = 'mock-token'
src/stores/__tests__/projects.spec.ts:111: authStore.token = 'mock-token'
src/stores/__tests__/projects.spec.ts:154: authStore.token = 'mock-token'
src/stores/__tests__/invoices.spec.ts:26: authStore.token = 'mock-token'
src/stores/__tests__/invoices.spec.ts:61: authStore.token = 'mock-token'
src/stores/__tests__/invoices.spec.ts:76: authStore.token = 'mock-token'
src/stores/__tests__/invoices.spec.ts:107: authStore.token = 'mock-token'
src/stores/__tests__/invoices.spec.ts:143: authStore.token = 'mock-token'
src/stores/__tests__/invoices.spec.ts:187: authStore.token = 'mock-token'
src/stores/__tests__/invoices.spec.ts:224: authStore.token = 'mock-token'
src/stores/__tests__/auth.spec.ts:54: token: 'mock-jwt-token',
src/stores/__tests__/auth.spec.ts:85: store.token = 'mock-token'
src/stores/__tests__/auth.spec.ts:110: store.token = 'mock-token'
src/stores/__tests__/auth.spec.ts:150: password: 'password123',
src/stores/__tests__/auth.spec.ts:193: const mockToken = 'jwt-token-456'
src/stores/__tests__/auth.spec.ts:237: store.token = 'valid-token'
src/stores/__tests__/auth.spec.ts:257: store.token = 'invalid-token'
src/stores/__tests__/tasks.spec.ts:25: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:60: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:99: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:114: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:146: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:182: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:221: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:253: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:267: authStore.token = 'mock-token'
src/stores/__tests__/tasks.spec.ts:281: authStore.token = 'mock-token'
Reference in New Issue View Git Blame Copy Permalink