critical

@zereight/mcp-gitlab

v2.0.30

MCP server for using the GitLab API

npmGitHub ActionsFirst seen Feb 22, 2026

459

Total

Critical

230

High

159

Medium

Findings

unknown

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    8: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    9: const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_TOKEN || "";
>>> 10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";
    11: const ISSUE_IID = Number(process.env.ISSUE_IID || "1");
    12: async function testCreateIssueNote() {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_TOKEN || "";
    10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";
>>> 11: const ISSUE_IID = Number(process.env.ISSUE_IID || "1");
    12: async function testCreateIssueNote() {
    13:     try {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    3: const DEFAULT_NULL = process.env.DEFAULT_NULL === "true";
    4: const logger = pino({
>>> 5:     level: process.env.LOG_LEVEL || 'info',
    6:     transport: {
    7:         target: 'pino-pretty',

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6: import fetch from "node-fetch";
    7: // GitLab API configuration (replace with actual values when testing)
>>> 8: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    9: const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_TOKEN || "";
    10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    7: // GitLab API configuration (replace with actual values when testing)
    8: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
>>> 9: const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_TOKEN || "";
    10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";
    11: const ISSUE_IID = Number(process.env.ISSUE_IID || "1");

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    8: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    9: const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_TOKEN || "";
>>> 10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";
    11: const ISSUE_IID = Number(process.env.ISSUE_IID || "1");
    12: const DISCUSSION_ID = process.env.DISCUSSION_ID || "your-discussion-id";

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_TOKEN || "";
    10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";
>>> 11: const ISSUE_IID = Number(process.env.ISSUE_IID || "1");
    12: const DISCUSSION_ID = process.env.DISCUSSION_ID || "your-discussion-id";
    13: const NOTE_ID = process.env.NOTE_ID || "your-note-id";

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";
    11: const ISSUE_IID = Number(process.env.ISSUE_IID || "1");
>>> 12: const DISCUSSION_ID = process.env.DISCUSSION_ID || "your-discussion-id";
    13: const NOTE_ID = process.env.NOTE_ID || "your-note-id";
    14: /**

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11: const ISSUE_IID = Number(process.env.ISSUE_IID || "1");
    12: const DISCUSSION_ID = process.env.DISCUSSION_ID || "your-discussion-id";
>>> 13: const NOTE_ID = process.env.NOTE_ID || "your-note-id";
    14: /**
    15:  * Test resolving an issue note

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    23:             // Prepare environment variables for the server process
    24:             const serverEnv = {};
>>> 25:             // Copy process.env, filtering out undefined values
    26:             for (const [key, value] of Object.entries(process.env)) {
    27:                 if (value !== undefined) {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    24:             const serverEnv = {};
    25:             // Copy process.env, filtering out undefined values
>>> 26:             for (const [key, value] of Object.entries(process.env)) {
    27:                 if (value !== undefined) {
    28:                     serverEnv[key] = value;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    33:     }
    34:     const serverEnv = {
>>> 35:         ...process.env,
    36:         ...env,
    37:     };

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    7: const MOCK_TOKEN_HEADER = 'glpat-mock-token-header';
    8: describe('Dynamic Routing and Authentication Scenarios', () => {
>>> 9:     const originalToken = process.env.GITLAB_TOKEN_TEST;
    10:     before(() => {
    11:         process.env.GITLAB_TOKEN_TEST = 'mock-token-for-launcher';

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9:     const originalToken = process.env.GITLAB_TOKEN_TEST;
    10:     before(() => {
>>> 11:         process.env.GITLAB_TOKEN_TEST = 'mock-token-for-launcher';
    12:     });
    13:     after(() => {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13:     after(() => {
    14:         if (originalToken) {
>>> 15:             process.env.GITLAB_TOKEN_TEST = originalToken;
    16:         }
    17:         else {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16:         }
    17:         else {
>>> 18:             delete process.env.GITLAB_TOKEN_TEST;
    19:         }
    20:     });

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    24:         let mcpUrl;
    25:         let mockServer;
>>> 26:         const originalProjectId = process.env.TEST_PROJECT_ID;
    27:         before(async () => {
    28:             // Ensure GITLAB_TOKEN_TEST matches what we expect for this scenario

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    28:             // Ensure GITLAB_TOKEN_TEST matches what we expect for this scenario
    29:             // to avoid launchServer overwriting GITLAB_PERSONAL_ACCESS_TOKEN with a different value
>>> 30:             process.env.GITLAB_TOKEN_TEST = MOCK_TOKEN_DEFAULT;
    31:             process.env.TEST_PROJECT_ID = '1';
    32:             const mockPort = await findMockServerPort(9021);

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    29:             // to avoid launchServer overwriting GITLAB_PERSONAL_ACCESS_TOKEN with a different value
    30:             process.env.GITLAB_TOKEN_TEST = MOCK_TOKEN_DEFAULT;
>>> 31:             process.env.TEST_PROJECT_ID = '1';
    32:             const mockPort = await findMockServerPort(9021);
    33:             mockServer = new MockGitLabServer({ port: mockPort, validTokens: [MOCK_TOKEN_DEFAULT] });

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    49:         after(async () => {
    50:             if (originalProjectId) {
>>> 51:                 process.env.TEST_PROJECT_ID = originalProjectId;
    52:             }
    53:             else {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    52:             }
    53:             else {
>>> 54:                 delete process.env.TEST_PROJECT_ID;
    55:             }
    56:             if (mcpServer)

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10: import { GitLabOAuth } from '../oauth.js';
    11: // Test configuration
>>> 12: const TEST_CLIENT_ID = process.env.GITLAB_OAUTH_CLIENT_ID || 'test-client-id';
    13: const TEST_REDIRECT_URI = process.env.GITLAB_OAUTH_REDIRECT_URI || 'http://127.0.0.1:8888/callback';
    14: const TEST_GITLAB_URL = process.env.GITLAB_API_URL?.replace('/api/v4', '') || 'https://gitlab.com';

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11: // Test configuration
    12: const TEST_CLIENT_ID = process.env.GITLAB_OAUTH_CLIENT_ID || 'test-client-id';
>>> 13: const TEST_REDIRECT_URI = process.env.GITLAB_OAUTH_REDIRECT_URI || 'http://127.0.0.1:8888/callback';
    14: const TEST_GITLAB_URL = process.env.GITLAB_API_URL?.replace('/api/v4', '') || 'https://gitlab.com';
    15: const TEST_TOKEN_PATH = path.join(process.cwd(), '.test-gitlab-token.json');

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12: const TEST_CLIENT_ID = process.env.GITLAB_OAUTH_CLIENT_ID || 'test-client-id';
    13: const TEST_REDIRECT_URI = process.env.GITLAB_OAUTH_REDIRECT_URI || 'http://127.0.0.1:8888/callback';
>>> 14: const TEST_GITLAB_URL = process.env.GITLAB_API_URL?.replace('/api/v4', '') || 'https://gitlab.com';
    15: const TEST_TOKEN_PATH = path.join(process.cwd(), '.test-gitlab-token.json');
    16: const testResults = [];

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    258: // Test 14: Environment variable configuration
    259: async function testEnvironmentVariableConfig() {
>>> 260:     const clientId = process.env.GITLAB_OAUTH_CLIENT_ID;
    261:     const redirectUri = process.env.GITLAB_OAUTH_REDIRECT_URI || 'http://127.0.0.1:8888/callback';
    262:     assert(typeof clientId === 'string' || clientId === undefined, 'Client ID should be string or undefined');

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    259: async function testEnvironmentVariableConfig() {
    260:     const clientId = process.env.GITLAB_OAUTH_CLIENT_ID;
>>> 261:     const redirectUri = process.env.GITLAB_OAUTH_REDIRECT_URI || 'http://127.0.0.1:8888/callback';
    262:     assert(typeof clientId === 'string' || clientId === undefined, 'Client ID should be string or undefined');
    263:     assert(typeof redirectUri === 'string', 'Redirect URI should be string');

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16: }
    17: function getConfig(cliKey, envKey, defaultValue) {
>>> 18:     return cliArgs[cliKey] || process.env[envKey] || defaultValue;
    19: }
    20: import { Server } from "@modelcontextprotocol/sdk/server/index.js";

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    55: import { pino } from "pino";
    56: const logger = pino({
>>> 57:     level: process.env.LOG_LEVEL || "info",
    58:     transport: {
    59:         target: "pino-pretty",

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    176:     const errors = [];
    177:     // Validate SESSION_TIMEOUT_SECONDS
>>> 178:     const timeoutStr = process.env.SESSION_TIMEOUT_SECONDS;
    179:     if (timeoutStr) {
    180:         const timeout = Number.parseInt(timeoutStr, 10);

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10: console.log('');
    11: // Configuration check
>>> 12: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    13: const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
    14: const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11: // Configuration check
    12: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
>>> 13: const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
    14: const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;
    15: console.log('🔧 Test Configuration:');

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    13: const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
>>> 14: const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;
    15: console.log('🔧 Test Configuration:');
    16: console.log(`  GitLab URL: ${GITLAB_API_URL}`);

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13: console.log('');
    14: // Configuration check
>>> 15: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    16: const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
    17: const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14: // Configuration check
    15: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
>>> 16: const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
    17: const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;
    18: console.log('🔧 Test Configuration:');

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    15: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    16: const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
>>> 17: const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;
    18: console.log('🔧 Test Configuration:');
    19: console.log(`  GitLab URL: ${GITLAB_API_URL}`);

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    188:     }
    189:     // Validate MAX_SESSIONS
>>> 190:     const maxSessionsStr = process.env.MAX_SESSIONS;
    191:     if (maxSessionsStr) {
    192:         const maxSessions = Number.parseInt(maxSessionsStr, 10);

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    196:     }
    197:     // Validate MAX_REQUESTS_PER_MINUTE
>>> 198:     const maxReqStr = process.env.MAX_REQUESTS_PER_MINUTE;
    199:     if (maxReqStr) {
    200:         const maxReq = Number.parseInt(maxReqStr, 10);

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1465:     .map(normalizeGitLabApiUrl);
    1466: const GITLAB_API_URL = GITLAB_API_URLS[0];
>>> 1467: const GITLAB_PROJECT_ID = process.env.GITLAB_PROJECT_ID;
    1468: const GITLAB_ALLOWED_PROJECT_IDS = process.env.GITLAB_ALLOWED_PROJECT_IDS?.split(",")
    1469:     .map(id => id.trim())

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1466: const GITLAB_API_URL = GITLAB_API_URLS[0];
    1467: const GITLAB_PROJECT_ID = process.env.GITLAB_PROJECT_ID;
>>> 1468: const GITLAB_ALLOWED_PROJECT_IDS = process.env.GITLAB_ALLOWED_PROJECT_IDS?.split(",")
    1469:     .map(id => id.trim())
    1470:     .filter(Boolean) || [];

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    19:         const proc = spawn('node', ['build/index.js'], {
    20:             stdio: ['pipe', 'pipe', 'pipe'],
>>> 21:             env: { ...process.env, ...env, GITLAB_READ_ONLY_MODE: 'true' },
    22:         });
    23:         const timer = setTimeout(() => {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11:             stdio: ['pipe', 'pipe', 'pipe'],
    12:             env: {
>>> 13:                 ...process.env,
    14:                 ...env,
    15:                 GITLAB_READ_ONLY_MODE: 'true'

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:             env: {
    13:                 ...process.env,
>>> 14:                 ...env,
    15:                 GITLAB_READ_ONLY_MODE: 'true'
    16:             }

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    34:             stdio: ['pipe', 'pipe', 'pipe'],
    35:             env: {
>>> 36:                 ...process.env,
    37:                 ...env,
    38:                 GITLAB_READ_ONLY_MODE: 'true'

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    35:             env: {
    36:                 ...process.env,
>>> 37:                 ...env,
    38:                 GITLAB_READ_ONLY_MODE: 'true'
    39:             }

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13: const __filename = fileURLToPath(import.meta.url);
    14: const __dirname = path.dirname(__filename);
>>> 15: const GITLAB_TOKEN = process.env.GITLAB_PERSONAL_ACCESS_TOKEN || process.env.GITLAB_TOKEN;
    16: const GITLAB_PROJECT_ID = process.env.GITLAB_PROJECT_ID;
    17: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com/api/v4";

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14: const __dirname = path.dirname(__filename);
    15: const GITLAB_TOKEN = process.env.GITLAB_PERSONAL_ACCESS_TOKEN || process.env.GITLAB_TOKEN;
>>> 16: const GITLAB_PROJECT_ID = process.env.GITLAB_PROJECT_ID;
    17: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com/api/v4";
    18: const MERGE_REQUEST_IID = process.env.MERGE_REQUEST_IID;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    15: const GITLAB_TOKEN = process.env.GITLAB_PERSONAL_ACCESS_TOKEN || process.env.GITLAB_TOKEN;
    16: const GITLAB_PROJECT_ID = process.env.GITLAB_PROJECT_ID;
>>> 17: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com/api/v4";
    18: const MERGE_REQUEST_IID = process.env.MERGE_REQUEST_IID;
    19: async function sendMcpRequest(serverProcess, method, params) {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16: const GITLAB_PROJECT_ID = process.env.GITLAB_PROJECT_ID;
    17: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com/api/v4";
>>> 18: const MERGE_REQUEST_IID = process.env.MERGE_REQUEST_IID;
    19: async function sendMcpRequest(serverProcess, method, params) {
    20:     return new Promise((resolve, reject) => {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    68:     const serverProcess = spawn("node", [serverPath], {
    69:         env: {
>>> 70:             ...process.env,
    71:             GITLAB_PERSONAL_ACCESS_TOKEN: GITLAB_TOKEN,
    72:             GITLAB_API_URL,

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    4460:                 const idx = restPath.lastIndexOf("/api/v4");
    4461:                 const prefix = idx >= 0 ? restPath.slice(0, idx) : "";
>>> 4462:                 const graphqlUrl = process.env.GITLAB_GRAPHQL_URL || `${apiUrl.origin}${prefix}/api/graphql`;
    4463:                 // Add timeout to avoid hanging requests
    4464:                 const controller = new AbortController();

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:             stdio: ['pipe', 'pipe', 'pipe'],
    13:             env: {
>>> 14:                 ...process.env,
    15:                 ...env,
    16:                 GITLAB_READ_ONLY_MODE: 'true'

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13:             env: {
    14:                 ...process.env,
>>> 15:                 ...env,
    16:                 GITLAB_READ_ONLY_MODE: 'true'
    17:             }

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5608:     const authTimeouts = {};
    5609:     // Configuration and limits
>>> 5610:     const MAX_SESSIONS = Number.parseInt(process.env.MAX_SESSIONS || "1000", 10);
    5611:     const MAX_REQUESTS_PER_MINUTE = Number.parseInt(process.env.MAX_REQUESTS_PER_MINUTE || "60", 10);
    5612:     // Metrics tracking

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5: import { spawn } from 'child_process';
    6: import * as path from 'path';
>>> 7: export const HOST = process.env.HOST || '127.0.0.1';
    8: export var TransportMode;
    9: (function (TransportMode) {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    20:     // Prepare environment variables based on transport mode
    21:     // Use same configuration pattern as existing validate-api.js
>>> 22:     const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    23:     const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
    24:     const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    21:     // Use same configuration pattern as existing validate-api.js
    22:     const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
>>> 23:     const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
    24:     const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;
    25:     // Check if remote authorization is enabled

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    22:     const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    23:     const GITLAB_TOKEN = process.env.GITLAB_TOKEN_TEST || process.env.GITLAB_TOKEN;
>>> 24:     const TEST_PROJECT_ID = process.env.TEST_PROJECT_ID;
    25:     // Check if remote authorization is enabled
    26:     const isRemoteAuth = env.REMOTE_AUTHORIZATION === 'true';

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    34:     const serverEnv = {
    35:         ...process.env,
>>> 36:         ...env,
    37:     };
    38:     // Only set GITLAB_PERSONAL_ACCESS_TOKEN if not using remote auth

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5609:     // Configuration and limits
    5610:     const MAX_SESSIONS = Number.parseInt(process.env.MAX_SESSIONS || "1000", 10);
>>> 5611:     const MAX_REQUESTS_PER_MINUTE = Number.parseInt(process.env.MAX_REQUESTS_PER_MINUTE || "60", 10);
    5612:     // Metrics tracking
    5613:     const metrics = {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1469:     .map(id => id.trim())
    1470:     .filter(Boolean) || [];
>>> 1471: const GITLAB_COMMIT_FILES_PER_PAGE = process.env.GITLAB_COMMIT_FILES_PER_PAGE
    1472:     ? Number.parseInt(process.env.GITLAB_COMMIT_FILES_PER_PAGE, 10)
    1473:     : 20;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1470:     .filter(Boolean) || [];
    1471: const GITLAB_COMMIT_FILES_PER_PAGE = process.env.GITLAB_COMMIT_FILES_PER_PAGE
>>> 1472:     ? Number.parseInt(process.env.GITLAB_COMMIT_FILES_PER_PAGE, 10)
    1473:     : 20;
    1474: // Validate authentication configuration

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: const logger = pino({
    10:     name: "gitlab-mcp-oauth",
>>> 11:     level: process.env.LOG_LEVEL || "info",
    12: });
    13: // Track pending auth requests across multiple MCP instances

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    83:         this.config = config;
    84:         this.tokenStoragePath =
>>> 85:             config.tokenStoragePath || path.join(process.env.HOME || "", ".gitlab-mcp-token.json");
    86:     }
    87:     /**

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    509:  */
    510: export async function initializeOAuth(gitlabUrl = "https://gitlab.com") {
>>> 511:     const clientId = process.env.GITLAB_OAUTH_CLIENT_ID;
    512:     const clientSecret = process.env.GITLAB_OAUTH_CLIENT_SECRET;
    513:     const redirectUri = process.env.GITLAB_OAUTH_REDIRECT_URI || "http://127.0.0.1:8888/callback";

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    510: export async function initializeOAuth(gitlabUrl = "https://gitlab.com") {
    511:     const clientId = process.env.GITLAB_OAUTH_CLIENT_ID;
>>> 512:     const clientSecret = process.env.GITLAB_OAUTH_CLIENT_SECRET;
    513:     const redirectUri = process.env.GITLAB_OAUTH_REDIRECT_URI || "http://127.0.0.1:8888/callback";
    514:     const tokenStoragePath = process.env.GITLAB_OAUTH_TOKEN_PATH;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    511:     const clientId = process.env.GITLAB_OAUTH_CLIENT_ID;
    512:     const clientSecret = process.env.GITLAB_OAUTH_CLIENT_SECRET;
>>> 513:     const redirectUri = process.env.GITLAB_OAUTH_REDIRECT_URI || "http://127.0.0.1:8888/callback";
    514:     const tokenStoragePath = process.env.GITLAB_OAUTH_TOKEN_PATH;
    515:     if (!clientId) {

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    512:     const clientSecret = process.env.GITLAB_OAUTH_CLIENT_SECRET;
    513:     const redirectUri = process.env.GITLAB_OAUTH_REDIRECT_URI || "http://127.0.0.1:8888/callback";
>>> 514:     const tokenStoragePath = process.env.GITLAB_OAUTH_TOKEN_PATH;
    515:     if (!clientId) {
    516:         throw new Error("GITLAB_OAUTH_CLIENT_ID environment variable is required for OAuth authentication");

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1: import { z } from "zod";
    2: import { pino } from 'pino';
>>> 3: const DEFAULT_NULL = process.env.DEFAULT_NULL === "true";
    4: const logger = pino({
    5:     level: process.env.LOG_LEVEL || 'info',

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6: import fetch from "node-fetch";
    7: // GitLab API configuration (replace with actual values when testing)
>>> 8: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
    9: const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_TOKEN || "";
    10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    7: // GitLab API configuration (replace with actual values when testing)
    8: const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
>>> 9: const GITLAB_PERSONAL_ACCESS_TOKEN = process.env.GITLAB_TOKEN || "";
    10: const PROJECT_ID = process.env.PROJECT_ID || "your/project";
    11: const ISSUE_IID = Number(process.env.ISSUE_IID || "1");

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Lz�E�z�M�׬

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Lz�E�z�C��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �+-1��y��-U�슉�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �Lz�E�z�Uz�"�t��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Lz�E�z�@��轩R��^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-5��zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+->�#y�LzfޮĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-��-zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��z��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-"�.x��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �+-"�.x8�r�,��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z�墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^�墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��O��w��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��zS��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��7��ȥz�h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: yح>�#y�L�W��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^��7��ȥz�h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �L�W��"�.zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �L�W��v�'��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1��v�'R�hiԜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �'��Zr��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: v�'��E�^jǀ�ǭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�'��ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��,��z��Ш�{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��,��z��Ш�{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��,��z��Ш�{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��rם ��"�/�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �{�Ȩ�)�&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��,��z��Ш�{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Qz��z�"��^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��,��z��Ш�{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jf��j{)��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��,��z��Ш�{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: {!jx �^�ӢG�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z�Hu:�a"{-jw

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z�Hu:�a"{-jw

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z�Hu:�a"{-jw

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z�Hu:�a"{-jw

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: {!jx �^�ӢG�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z�Hu:�a"{-jw

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-E�(��˞6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-E�(��˞6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�)bz{S��즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�)bz{S��즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-N��+h��=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-�jX�N��G�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-�jX�N��Li��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-N��X�x��+,��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��->��+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��(��b�ק��b��-��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-N��+h��=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-�jX�N��G�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-�jX�N��Li��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-N��X�x��+,��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��->��+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J��jf��L�޲Х��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J��jf��L�޲Х��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highSC-005Suspicious CommandsMedium ConfidenceLine 0

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    1: import { describe, test, before, after } from 'node:test';
    2: import assert from 'node:assert';
>>> 3: import { spawn } from 'node:child_process';
    4: import fs from 'node:fs';
    5: import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';

Report false positive

highSC-005Suspicious CommandsMedium ConfidenceLine 0

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    1: import { describe, test, before, after } from 'node:test';
    2: import assert from 'node:assert';
>>> 3: import { spawn } from 'child_process';
    4: import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
    5: const MOCK_TOKEN = 'glpat-mock-token-12345';

Report false positive

highSC-005Suspicious CommandsMedium ConfidenceLine 0

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    1: import { describe, test, before, after, beforeEach } from 'node:test';
    2: import assert from 'node:assert';
>>> 3: import { spawn } from 'child_process';
    4: import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
    5: const MOCK_TOKEN = 'glpat-mock-token-12345';

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �x^�+^tIݦ��x�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �x^�+^tIݦ��x�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �x^�+^tIݦ��x�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �x^�+^tIݦ��x�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �x^�+^tIݦ��x�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highSC-005Suspicious CommandsMedium ConfidenceLine 0

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    8:  * Optional: Set MERGE_REQUEST_IID to test a specific merge request
    9:  */
>>> 10: import { spawn } from "child_process";
    11: import path from "path";
    12: import { fileURLToPath } from "url";

Report false positive

highSC-005Suspicious CommandsMedium ConfidenceLine 0

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    1: import { describe, test, before, after } from 'node:test';
    2: import assert from 'node:assert';
>>> 3: import { spawn } from 'child_process';
    4: import { MockGitLabServer, findMockServerPort } from './utils/mock-gitlab-server.js';
    5: const MOCK_TOKEN = 'glpat-mock-token-12345';

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: q�e�Lz�E�z�C��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: q�e�Lz�E�z�C��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: q�e�Lz�E�z�C��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: q�e�Lz�E�z�C��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: q�e�Lz�E�z�C��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highSC-005Suspicious CommandsMedium ConfidenceLine 0

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    3:  * Manages server processes and provides clean shutdown
    4:  */
>>> 5: import { spawn } from 'child_process';
    6: import * as path from 'path';
    7: export const HOST = process.env.HOST || '127.0.0.1';

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�'��ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��zS��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highSC-003Suspicious CommandsMedium ConfidenceLine 0

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    5680:             // \S+ only matches non-whitespace, so trim() is technically unnecessary,
    5681:             // but we keep it for defensive coding and backward compatibility
>>> 5682:             const match = /^Bearer\s+(\S+)$/i.exec(authHeader);
    5683:             if (match) {
    5684:                 token = match[1].trim();

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��R�Z��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��7��ȥz�h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^��7��ȥz�h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^�墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��E�h�+h�$��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �A��܄8�~Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �L�W��v�'��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �L�W��"�.zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��y�^R�Z��b��^��'�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki�,�疊�K�yz֢�Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��y�-zd��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-��-zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-"�.x��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �Lz�E�z�Uz�"�t��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-5��zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+->�#y�LzfޮĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1��v�'R�hiԜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �'��Zr��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: I�r^��"��zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z�墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��׆��a@��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��%��z�'v+�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �wb�'njYrv��S��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: i�^��݊��Mjg�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��%��z�'v+�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��%��z�'v+�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: }歺��׬

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: i�^��݊��Mjg�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jn��E�[^��S��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��jn��E�[^��S��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��׆��a@��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��R�Z��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: I�r^��"��zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��E�h�+h�$��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �Lz�E�z�Uz�"�t��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �A��܄8�~Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-��-zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-"�.x��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+-5��zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+->�#y�LzfޮĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z�墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^�墒#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��zS��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��7��ȥz�h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �^��7��ȥz�h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �L�W��"�.zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �L�W��v�'��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1��v�'R�hiԜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �'��Zr��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��xI�nW�N�%��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��x�݊��S��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��xI�nW�N�%��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �wb�'njYrv��S��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��x�݊��S��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: }歺��׬

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��ȭ��n��r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��,�玦ب�Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki�,�疊�K�yz֢�Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: =�"��^t8�r�,��E�)�{

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �+-"�.x8�r�,��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: u�^��z��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Z��z��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��z��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Lz�E�z�M�׬

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��y�^R�Z��b��^��'�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��j�!E�)�{

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Lz�E�z�C��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Lz�E�z�@��轩R��^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��z��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��z��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��z��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �+-1��y��-U�슉�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��#Z��)iǄ�+-zw

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��#ځ䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: .+->*^�)ް�m��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��b��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��O��w��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �Qz�,��+�:�x�m��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��y�-zd��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: yح>�#y�L�W��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��ȭ��r��?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��ȭ��r��?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: +Ki��Gh�u)��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: v�'��E�^jǀ�ǭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: {%�ם)^=�mz��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: {%�ם)^=�mz��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: {%�ם)^=�mz��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: {%�ם)^=�mz��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��׆��a@��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��E�h�+h�$��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �A��܄8�~Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: I�r^��"��zĜ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��R�Z��b�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z��Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: u�^��z��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Z��z��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��z��ˬ�*'6�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z��h�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    435:         return;
    436:     try {
>>> 437:         const response = await fetch(`${getEffectiveApiUrl()}/user`, {
    438:             ...getFetchConfig(),
    439:             redirect: "follow",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1553:         url.searchParams.append("namespace", namespace);
    1554:     }
>>> 1555:     const response = await fetch(url.toString(), {
    1556:         ...getFetchConfig(),
    1557:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1577:     const effectiveProjectId = getEffectiveProjectId(projectId);
    1578:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/repository/branches`);
>>> 1579:     const response = await fetch(url.toString(), {
    1580:         ...getFetchConfig(),
    1581:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1599:     const effectiveProjectId = getEffectiveProjectId(projectId);
    1600:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}`);
>>> 1601:     const response = await fetch(url.toString(), {
    1602:         ...getFetchConfig(),
    1603:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1625:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/repository/files/${encodedPath}`);
    1626:     url.searchParams.append("ref", ref);
>>> 1627:     const response = await fetch(url.toString(), {
    1628:         ...getFetchConfig(),
    1629:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1654:     const effectiveProjectId = getEffectiveProjectId(projectId);
    1655:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/issues`);
>>> 1656:     const response = await fetch(url.toString(), {
    1657:         ...getFetchConfig(),
    1658:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1712:         }
    1713:     });
>>> 1714:     const response = await fetch(url.toString(), {
    1715:         ...getFetchConfig(),
    1716:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1745:         }
    1746:     });
>>> 1747:     const response = await fetch(url.toString(), {
    1748:         ...getFetchConfig(),
    1749:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1763:     projectId = decodeURIComponent(projectId); // Decode project ID
    1764:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/issues/${issueIid}`);
>>> 1765:     const response = await fetch(url.toString(), {
    1766:         ...getFetchConfig(),
    1767:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1787:         body.labels = body.labels.join(",");
    1788:     }
>>> 1789:     const response = await fetch(url.toString(), {
    1790:         ...getFetchConfig(),
    1791:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1807:     projectId = decodeURIComponent(projectId); // Decode project ID
    1808:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/issues/${issueIid}`);
>>> 1809:     const response = await fetch(url.toString(), {
    1810:         ...getFetchConfig(),
    1811:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1824:     projectId = decodeURIComponent(projectId); // Decode project ID
    1825:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/issues/${issueIid}/links`);
>>> 1826:     const response = await fetch(url.toString(), {
    1827:         ...getFetchConfig(),
    1828:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1843:     projectId = decodeURIComponent(projectId); // Decode project ID
    1844:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/issues/${issueIid}/links/${issueLinkId}`);
>>> 1845:     const response = await fetch(url.toString(), {
    1846:         ...getFetchConfig(),
    1847:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1865:     targetProjectId = decodeURIComponent(targetProjectId); // Decode target project ID as well
    1866:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/issues/${issueIid}/links`);
>>> 1867:     const response = await fetch(url.toString(), {
    1868:         ...getFetchConfig(),
    1869:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1890:     projectId = decodeURIComponent(projectId); // Decode project ID
    1891:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/issues/${issueIid}/links/${issueLinkId}`);
>>> 1892:     const response = await fetch(url.toString(), {
    1893:         ...getFetchConfig(),
    1894:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1907:     projectId = decodeURIComponent(projectId); // Decode project ID
    1908:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests`);
>>> 1909:     const response = await fetch(url.toString(), {
    1910:         ...getFetchConfig(),
    1911:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1956:         url.searchParams.append("per_page", options.per_page.toString());
    1957:     }
>>> 1958:     const response = await fetch(url.toString(), {
    1959:         ...getFetchConfig(),
    1960:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2013:     projectId = decodeURIComponent(projectId); // Decode project ID
    2014:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/discussions/${discussionId}/notes/${noteId}`);
>>> 2015:     const response = await fetch(url.toString(), {
    2016:         ...getFetchConfig(),
    2017:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2045:         payload.resolved = resolved;
    2046:     }
>>> 2047:     const response = await fetch(url.toString(), {
    2048:         ...getFetchConfig(),
    2049:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2091:         payload.resolved = resolved;
    2092:     }
>>> 2093:     const response = await fetch(url.toString(), {
    2094:         ...getFetchConfig(),
    2095:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2116:         payload.created_at = createdAt;
    2117:     }
>>> 2118:     const response = await fetch(url.toString(), {
    2119:         ...getFetchConfig(),
    2120:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2143:         payload.created_at = createdAt;
    2144:     }
>>> 2145:     const response = await fetch(url.toString(), {
    2146:         ...getFetchConfig(),
    2147:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2160:         body,
    2161:     };
>>> 2162:     const response = await fetch(url.toString(), {
    2163:         ...getFetchConfig(),
    2164:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2172:     projectId = decodeURIComponent(projectId); // Decode project ID
    2173:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/notes/${noteId}`);
>>> 2174:     const response = await fetch(url.toString(), {
    2175:         ...getFetchConfig(),
    2176:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2184:     projectId = decodeURIComponent(projectId); // Decode project ID
    2185:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/notes/${noteId}`);
>>> 2186:     const response = await fetch(url.toString(), {
    2187:         ...getFetchConfig(),
    2188:         method: "GET",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2207:         url.searchParams.append("page", page.toString());
    2208:     }
>>> 2209:     const response = await fetch(url.toString(), {
    2210:         ...getFetchConfig(),
    2211:         method: "GET",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2224:         body,
    2225:     };
>>> 2226:     const response = await fetch(url.toString(), {
    2227:         ...getFetchConfig(),
    2228:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2292:         }
    2293:     }
>>> 2294:     const response = await fetch(url.toString(), {
    2295:         ...getFetchConfig(),
    2296:         method,

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2319:         url.searchParams.append("ref", ref);
    2320:     }
>>> 2321:     const response = await fetch(url.toString(), {
    2322:         ...getFetchConfig(),
    2323:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2354:     projectId = decodeURIComponent(projectId); // Decode project ID
    2355:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/repository/commits`);
>>> 2356:     const response = await fetch(url.toString(), {
    2357:         ...getFetchConfig(),
    2358:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2395:     url.searchParams.append("order_by", "id");
    2396:     url.searchParams.append("sort", "desc");
>>> 2397:     const response = await fetch(url.toString(), {
    2398:         ...getFetchConfig(),
    2399:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2422:  */
    2423: async function createRepository(options) {
>>> 2424:     const response = await fetch(`${getEffectiveApiUrl()}/projects`, {
    2425:         ...getFetchConfig(),
    2426:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2462:         throw new Error("Either mergeRequestIid or branchName must be provided");
    2463:     }
>>> 2464:     const response = await fetch(url.toString(), {
    2465:         ...getFetchConfig(),
    2466:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2496:         url.searchParams.append("view", view);
    2497:     }
>>> 2498:     const response = await fetch(url.toString(), {
    2499:         ...getFetchConfig(),
    2500:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2532:         url.searchParams.append("unidiff", "true");
    2533:     }
>>> 2534:     const response = await fetch(url.toString(), {
    2535:         ...getFetchConfig(),
    2536:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2555:         url.searchParams.append("straight", straight.toString());
    2556:     }
>>> 2557:     const response = await fetch(url.toString(), {
    2558:         ...getFetchConfig(),
    2559:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2585:     }
    2586:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}`);
>>> 2587:     const response = await fetch(url.toString(), {
    2588:         ...getFetchConfig(),
    2589:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2605:     projectId = decodeURIComponent(projectId); // Decode project ID
    2606:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/merge`);
>>> 2607:     const response = await fetch(url.toString(), {
    2608:         ...getFetchConfig(),
    2609:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2632:         body.approval_password = approvalPassword;
    2633:     }
>>> 2634:     const response = await fetch(url.toString(), {
    2635:         ...getFetchConfig(),
    2636:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2650:     projectId = decodeURIComponent(projectId);
    2651:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/unapprove`);
>>> 2652:     const response = await fetch(url.toString(), {
    2653:         ...getFetchConfig(),
    2654:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2668:     projectId = decodeURIComponent(projectId);
    2669:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/approval_state`);
>>> 2670:     const response = await fetch(url.toString(), {
    2671:         ...getFetchConfig(),
    2672:         method: "GET",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2692:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/${noteableType}s/${noteableIid}/notes` // Using plural form (issues/merge_requests) as per GitLab API documentation
    2693:     );
>>> 2694:     const response = await fetch(url.toString(), {
    2695:         ...getFetchConfig(),
    2696:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2710:  */
    2711: async function getDraftNote(project_id, merge_request_iid, draft_note_id) {
>>> 2712:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(project_id)}/merge_requests/${merge_request_iid}/draft_notes/${draft_note_id}`);
    2713:     if (!response.ok) {
    2714:         const errorText = await response.text();

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2721:     projectId = decodeURIComponent(projectId);
    2722:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/draft_notes`);
>>> 2723:     const response = await fetch(url.toString(), {
    2724:         ...getFetchConfig(),
    2725:         method: "GET",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2755:         requestBody.resolve_discussion = resolveDiscussion;
    2756:     }
>>> 2757:     const response = await fetch(url.toString(), {
    2758:         ...getFetchConfig(),
    2759:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2790:         requestBody.resolve_discussion = resolveDiscussion;
    2791:     }
>>> 2792:     const response = await fetch(url.toString(), {
    2793:         ...getFetchConfig(),
    2794:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2812:     projectId = decodeURIComponent(projectId);
    2813:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/draft_notes/${draftNoteId}`);
>>> 2814:     const response = await fetch(url.toString(), {
    2815:         ...getFetchConfig(),
    2816:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2831:     projectId = decodeURIComponent(projectId);
    2832:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/draft_notes/${draftNoteId}/publish`);
>>> 2833:     const response = await fetch(url.toString(), {
    2834:         ...getFetchConfig(),
    2835:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2883:     projectId = decodeURIComponent(projectId);
    2884:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/draft_notes/bulk_publish`);
>>> 2885:     const response = await fetch(url.toString(), {
    2886:         ...getFetchConfig(),
    2887:         method: "POST", // Changed from PUT to POST

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2915:         url.searchParams.append("resolved", resolved ? "true" : "false");
    2916:     }
>>> 2917:     const response = await fetch(url.toString(), {
    2918:         ...getFetchConfig(),
    2919:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2951:         payload.created_at = createdAt;
    2952:     }
>>> 2953:     const response = await fetch(url.toString(), {
    2954:         ...getFetchConfig(),
    2955:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2971:     projectId = decodeURIComponent(projectId); // Decode project ID
    2972:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/merge_requests/${mergeRequestIid}/versions`);
>>> 2973:     const response = await fetch(url.toString(), {
    2974:         ...getFetchConfig(),
    2975:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2993:         url.searchParams.append("unidiff", String(unidiff));
    2994:     }
>>> 2995:     const response = await fetch(url.toString(), {
    2996:         ...getFetchConfig(),
    2997:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3021:         url.searchParams.append("top_level_only", "true");
    3022:     }
>>> 3023:     const response = await fetch(url.toString(), {
    3024:         ...getFetchConfig(),
    3025:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3037: async function getNamespace(id) {
    3038:     const url = new URL(`${getEffectiveApiUrl()}/namespaces/${encodeURIComponent(id)}`);
>>> 3039:     const response = await fetch(url.toString(), {
    3040:         ...getFetchConfig(),
    3041:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3057:         url.searchParams.append("parent_id", parentId.toString());
    3058:     }
>>> 3059:     const response = await fetch(url.toString(), {
    3060:         ...getFetchConfig(),
    3061:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3087:         url.searchParams.append("with_custom_attributes", "true");
    3088:     }
>>> 3089:     const response = await fetch(url.toString(), {
    3090:         ...getFetchConfig(),
    3091:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3115:     }
    3116:     // Make the API request
>>> 3117:     const response = await fetch(`${getEffectiveApiUrl()}/projects?${params.toString()}`, {
    3118:         ...getFetchConfig(),
    3119:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3147:     });
    3148:     // Make the API request
>>> 3149:     const response = await fetch(url.toString(), {
    3150:         ...getFetchConfig(),
    3151:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3172:     }
    3173:     // Make the API request
>>> 3174:     const response = await fetch(url.toString(), {
    3175:         ...getFetchConfig(),
    3176:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3191:     projectId = decodeURIComponent(projectId); // Decode project ID
    3192:     // Make the API request
>>> 3193:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/labels`, {
    3194:         ...getFetchConfig(),
    3195:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3213:     projectId = decodeURIComponent(projectId); // Decode project ID
    3214:     // Make the API request
>>> 3215:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/labels/${encodeURIComponent(String(labelId))}`, {
    3216:         ...getFetchConfig(),
    3217:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3233:     projectId = decodeURIComponent(projectId); // Decode project ID
    3234:     // Make the API request
>>> 3235:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/labels/${encodeURIComponent(String(labelId))}`, {
    3236:         ...getFetchConfig(),
    3237:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3281:     if (options.with_security_reports !== undefined)
    3282:         url.searchParams.append("with_security_reports", options.with_security_reports.toString());
>>> 3283:     const response = await fetch(url.toString(), {
    3284:         ...getFetchConfig(),
    3285:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3301:     if (options.with_content)
    3302:         url.searchParams.append("with_content", options.with_content.toString());
>>> 3303:     const response = await fetch(url.toString(), {
    3304:         ...getFetchConfig(),
    3305:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3313: async function getWikiPage(projectId, slug) {
    3314:     projectId = decodeURIComponent(projectId); // Decode project ID
>>> 3315:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/wikis/${encodeURIComponent(slug)}`, { ...getFetchConfig() });
    3316:     await handleGitLabError(response);
    3317:     const data = await response.json();

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3326:     if (format)
    3327:         body.format = format;
>>> 3328:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/wikis`, {
    3329:         ...getFetchConfig(),
    3330:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3347:     if (format)
    3348:         body.format = format;
>>> 3349:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/wikis/${encodeURIComponent(slug)}`, {
    3350:         ...getFetchConfig(),
    3351:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3361: async function deleteWikiPage(projectId, slug) {
    3362:     projectId = decodeURIComponent(projectId); // Decode project ID
>>> 3363:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/wikis/${encodeURIComponent(slug)}`, {
    3364:         ...getFetchConfig(),
    3365:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3383:         }
    3384:     });
>>> 3385:     const response = await fetch(url.toString(), {
    3386:         ...getFetchConfig(),
    3387:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3400:     projectId = decodeURIComponent(projectId); // Decode project ID
    3401:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/pipelines/${pipelineId}`);
>>> 3402:     const response = await fetch(url.toString(), {
    3403:         ...getFetchConfig(),
    3404:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3432:         }
    3433:     });
>>> 3434:     const response = await fetch(url.toString(), {
    3435:         ...getFetchConfig(),
    3436:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3464:         }
    3465:     });
>>> 3466:     const response = await fetch(url.toString(), {
    3467:         ...getFetchConfig(),
    3468:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3477:     projectId = decodeURIComponent(projectId); // Decode project ID
    3478:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/jobs/${jobId}`);
>>> 3479:     const response = await fetch(url.toString(), {
    3480:         ...getFetchConfig(),
    3481:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3499:     projectId = decodeURIComponent(projectId); // Decode project ID
    3500:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/jobs/${jobId}/trace`);
>>> 3501:     const response = await fetch(url.toString(), {
    3502:         ...getFetchConfig(),
    3503:         headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3549:         body.variables = variables;
    3550:     }
>>> 3551:     const response = await fetch(url.toString(), {
    3552:         method: "POST",
    3553:         headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3571:     projectId = decodeURIComponent(projectId); // Decode project ID
    3572:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/pipelines/${pipelineId}/retry`);
>>> 3573:     const response = await fetch(url.toString(), {
    3574:         method: "POST",
    3575:         headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3592:     projectId = decodeURIComponent(projectId); // Decode project ID
    3593:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/pipelines/${pipelineId}/cancel`);
>>> 3594:     const response = await fetch(url.toString(), {
    3595:         method: "POST",
    3596:         headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3618:         body.job_variables_attributes = variables;
    3619:     }
>>> 3620:     const response = await fetch(url.toString(), {
    3621:         ...getFetchConfig(),
    3622:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3637:     projectId = decodeURIComponent(projectId);
    3638:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/jobs/${jobId}/retry`);
>>> 3639:     const response = await fetch(url.toString(), {
    3640:         ...getFetchConfig(),
    3641:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3659:         url.searchParams.append("force", force.toString());
    3660:     }
>>> 3661:     const response = await fetch(url.toString(), {
    3662:         ...getFetchConfig(),
    3663:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3692:         ...buildAuthHeaders(),
    3693:     };
>>> 3694:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(options.project_id))}/repository/tree?${queryParams.toString()}`, {
    3695:         headers,
    3696:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3725:         }
    3726:     });
>>> 3727:     const response = await fetch(url.toString(), {
    3728:         ...getFetchConfig(),
    3729:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3741:     projectId = decodeURIComponent(projectId);
    3742:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/milestones/${milestoneId}`);
>>> 3743:     const response = await fetch(url.toString(), {
    3744:         ...getFetchConfig(),
    3745:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3757:     projectId = decodeURIComponent(projectId);
    3758:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/milestones`);
>>> 3759:     const response = await fetch(url.toString(), {
    3760:         ...getFetchConfig(),
    3761:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3776:     projectId = decodeURIComponent(projectId);
    3777:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/milestones/${milestoneId}`);
>>> 3778:     const response = await fetch(url.toString(), {
    3779:         ...getFetchConfig(),
    3780:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3794:     projectId = decodeURIComponent(projectId);
    3795:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/milestones/${milestoneId}`);
>>> 3796:     const response = await fetch(url.toString(), {
    3797:         ...getFetchConfig(),
    3798:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3809:     projectId = decodeURIComponent(projectId);
    3810:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/milestones/${milestoneId}/issues`);
>>> 3811:     const response = await fetch(url.toString(), {
    3812:         ...getFetchConfig(),
    3813:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3825:     projectId = decodeURIComponent(projectId);
    3826:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/milestones/${milestoneId}/merge_requests`);
>>> 3827:     const response = await fetch(url.toString(), {
    3828:         ...getFetchConfig(),
    3829:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3841:     projectId = decodeURIComponent(projectId);
    3842:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/milestones/${milestoneId}/promote`);
>>> 3843:     const response = await fetch(url.toString(), {
    3844:         ...getFetchConfig(),
    3845:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3858:     projectId = decodeURIComponent(projectId);
    3859:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(getEffectiveProjectId(projectId))}/milestones/${milestoneId}/burndown_events`);
>>> 3860:     const response = await fetch(url.toString(), {
    3861:         ...getFetchConfig(),
    3862:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3875:         const url = new URL(`${getEffectiveApiUrl()}/users`);
    3876:         url.searchParams.append("username", username);
>>> 3877:         const response = await fetch(url.toString(), {
    3878:             ...getFetchConfig(),
    3879:         });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3953:     if (options.per_page)
    3954:         url.searchParams.append("per_page", options.per_page.toString());
>>> 3955:     const response = await fetch(url.toString(), {
    3956:         ...getFetchConfig(),
    3957:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3975:         url.searchParams.append("stats", "true");
    3976:     }
>>> 3977:     const response = await fetch(url.toString(), {
    3978:         ...getFetchConfig(),
    3979:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4001:             url.searchParams.append("page", page.toString());
    4002:         }
>>> 4003:         const response = await fetch(url.toString(), {
    4004:             ...getFetchConfig(),
    4005:         });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4025:  */
    4026: async function getCurrentUser() {
>>> 4027:     const response = await fetch(`${getEffectiveApiUrl()}/user`, getFetchConfig());
    4028:     await handleGitLabError(response);
    4029:     const data = await response.json();

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4089:     if (options.page)
    4090:         url.searchParams.append("page", options.page.toString());
>>> 4091:     const response = await fetch(url.toString(), getFetchConfig());
    4092:     await handleGitLabError(response);
    4093:     const data = await response.json();

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4123:     if (options.per_page)
    4124:         url.searchParams.append("per_page", options.per_page.toString());
>>> 4125:     const response = await fetch(url.toString(), getFetchConfig());
    4126:     if (!response.ok) {
    4127:         await handleGitLabError(response);

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4155:     });
    4156:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/uploads`);
>>> 4157:     const response = await fetch(url.toString(), {
    4158:         method: "POST",
    4159:         headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4188:     const effectiveProjectId = getEffectiveProjectId(projectId);
    4189:     const url = new URL(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/uploads/${secret}/${filename}`);
>>> 4190:     const response = await fetch(url.toString(), {
    4191:         method: "GET",
    4192:         headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4240:         }
    4241:     });
>>> 4242:     const response = await fetch(url.toString(), {
    4243:         method: "GET",
    4244:         headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4268:         }
    4269:     });
>>> 4270:     const response = await fetch(url.toString(), {
    4271:         method: "GET",
    4272:         headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4297:         }
    4298:     });
>>> 4299:     const response = await fetch(url.toString(), {
    4300:         ...getFetchConfig(),
    4301:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4318:         url.searchParams.append("include_html_description", includeHtmlDescription.toString());
    4319:     }
>>> 4320:     const response = await fetch(url.toString(), {
    4321:         ...getFetchConfig(),
    4322:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4334: async function createRelease(projectId, options) {
    4335:     const effectiveProjectId = getEffectiveProjectId(projectId);
>>> 4336:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/releases`, {
    4337:         ...getFetchConfig(),
    4338:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4353: async function updateRelease(projectId, tagName, options) {
    4354:     const effectiveProjectId = getEffectiveProjectId(projectId);
>>> 4355:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/releases/${encodeURIComponent(tagName)}`, {
    4356:         ...getFetchConfig(),
    4357:         method: "PUT",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4371: async function deleteRelease(projectId, tagName) {
    4372:     const effectiveProjectId = getEffectiveProjectId(projectId);
>>> 4373:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/releases/${encodeURIComponent(tagName)}`, {
    4374:         ...getFetchConfig(),
    4375:         method: "DELETE",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4387: async function createReleaseEvidence(projectId, tagName) {
    4388:     const effectiveProjectId = getEffectiveProjectId(projectId);
>>> 4389:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/releases/${encodeURIComponent(tagName)}/evidence`, {
    4390:         ...getFetchConfig(),
    4391:         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4403: async function downloadReleaseAsset(projectId, tagName, directAssetPath) {
    4404:     const effectiveProjectId = getEffectiveProjectId(projectId);
>>> 4405:     const response = await fetch(`${getEffectiveApiUrl()}/projects/${encodeURIComponent(effectiveProjectId)}/releases/${encodeURIComponent(tagName)}/downloads/${directAssetPath}`, {
    4406:         ...getFetchConfig(),
    4407:     });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4467:                 logger.info({ endpoint: graphqlUrl }, "execute_graphql request");
    4468:                 try {
>>> 4469:                     const response = await fetch(graphqlUrl, {
    4470:                         ...getFetchConfig(),
    4471:                         method: "POST",

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4772:                     url.searchParams.append("owned", args.owned.toString());
    4773:                 }
>>> 4774:                 const response = await fetch(url.toString(), {
    4775:                     ...getFetchConfig(),
    4776:                 });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4785:                 const args = GetNamespaceSchema.parse(params.arguments);
    4786:                 const url = new URL(`${GITLAB_API_URL}/namespaces/${encodeURIComponent(args.namespace_id)}`);
>>> 4787:                 const response = await fetch(url.toString(), {
    4788:                     ...getFetchConfig(),
    4789:                 });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4798:                 const args = VerifyNamespaceSchema.parse(params.arguments);
    4799:                 const url = new URL(`${GITLAB_API_URL}/namespaces/${encodeURIComponent(args.path)}/exists`);
>>> 4800:                 const response = await fetch(url.toString(), {
    4801:                     ...getFetchConfig(),
    4802:                 });

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4819:                 if (options.with_custom_attributes)
    4820:                     url.searchParams.append("with_custom_attributes", "true");
>>> 4821:                 const response = await fetch(url.toString(), {
    4822:                     ...getFetchConfig(),
    4823:                 });

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    123:             params.append("client_secret", this.config.clientSecret);
    124:         }
>>> 125:         const response = await fetch(tokenUrl, {
    126:             method: "POST",
    127:             headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    158:             params.append("client_secret", this.config.clientSecret);
    159:         }
>>> 160:         const response = await fetch(tokenUrl, {
    161:             method: "POST",
    162:             headers: {

Report false positive

mediumNS-001Network SuspiciousMedium ConfidenceLine 0

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    254:             requestIdToOAuthInstance.set(initialRequestId, this);
    255:             const timeout = setTimeout(() => {
>>> 256:                 pendingAuthRequests.get(initialRequestId)?.reject(new Error("OAuth flow timed out"));
    257:                 pendingAuthRequests.delete(initialRequestId);
    258:             }, 5 * 60 * 1000);

Report false positive

mediumNS-001Network SuspiciousMedium ConfidenceLine 0

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    323:                             const reqId = stateToRequestId.get(returnedState);
    324:                             if (reqId) {
>>> 325:                                 const pending = pendingAuthRequests.get(reqId);
    326:                                 if (pending) {
    327:                                     clearTimeout(pending.timeout);

Report false positive

mediumNS-001Network SuspiciousMedium ConfidenceLine 0

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    370:                 </html>
    371:               `);
>>> 372:                             const pending = pendingAuthRequests.get(reqId);
    373:                             if (pending) {
    374:                                 clearTimeout(pending.timeout);

Report false positive

mediumNS-001Network SuspiciousMedium ConfidenceLine 0

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    391:                 </html>
    392:               `);
>>> 393:                             const pending = pendingAuthRequests.get(reqId);
    394:                             if (pending) {
    395:                                 clearTimeout(pending.timeout);

Report false positive

mediumNS-001Network SuspiciousMedium ConfidenceLine 0

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    411:                 </html>
    412:               `);
>>> 413:                             const pending = pendingAuthRequests.get(reqId);
    414:                             if (pending) {
    415:                                 clearTimeout(pending.timeout);

Report false positive

mediumNS-001Network SuspiciousMedium ConfidenceLine 0

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    442:             server.on("error", error => {
    443:                 logger.error("OAuth server error:", error);
>>> 444:                 const pending = pendingAuthRequests.get(initialRequestId);
    445:                 if (pending) {
    446:                     clearTimeout(pending.timeout);

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    14:         // Using plural form "issues" in the URL
    15:         const url = new URL(`${GITLAB_API_URL}/api/v4/projects/${encodeURIComponent(PROJECT_ID)}/issues/${ISSUE_IID}/notes`);
>>> 16:         const response = await fetch(url.toString(), {
    17:             method: "POST",
    18:             headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    18:     try {
    19:         const url = new URL(`${GITLAB_API_URL}/api/v4/projects/${encodeURIComponent(PROJECT_ID)}/issues/${ISSUE_IID}/discussions/${DISCUSSION_ID}/notes/${NOTE_ID}`);
>>> 20:         const response = await fetch(url.toString(), {
    21:             method: "PUT",
    22:             headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    47:     try {
    48:         const url = new URL(`${GITLAB_API_URL}/api/v4/projects/${encodeURIComponent(PROJECT_ID)}/issues/${ISSUE_IID}/discussions/${DISCUSSION_ID}/notes/${NOTE_ID}`);
>>> 49:         const response = await fetch(url.toString(), {
    50:             method: "PUT",
    51:             headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    76:     try {
    77:         const url = new URL(`${GITLAB_API_URL}/api/v4/projects/${encodeURIComponent(PROJECT_ID)}/issues/${ISSUE_IID}/discussions/${DISCUSSION_ID}/notes/${NOTE_ID}`);
>>> 78:         const response = await fetch(url.toString(), {
    79:             method: "PUT",
    80:             headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    262:         await client2.listTools();
    263:         // Check metrics
>>> 264:         const response = await fetch(metricsUrl);
    265:         assert.ok(response.ok, 'Metrics endpoint should be accessible');
    266:         const metrics = await response.json();

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    275:     test('should reuse connections for same API URL', async () => {
    276:         // Get initial metrics
>>> 277:         const response1 = await fetch(metricsUrl);
    278:         const metrics1 = await response1.json();
    279:         const initialSize = metrics1.gitlabClientPool?.size || 0;

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    290:         }
    291:         // Check metrics - should not have created 3 new pool entries
>>> 292:         const response2 = await fetch(metricsUrl);
    293:         const metrics2 = await response2.json();
    294:         const finalSize = metrics2.gitlabClientPool?.size || 0;

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    185:         // Step 3: Try to make request WITHOUT auth header - should fail with 401
    186:         try {
>>> 187:             const response = await fetch(mcpUrl, {
    188:                 method: 'POST',
    189:                 headers: {

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    44:  */
    45: async function sendMCPRequest(url, method, headers = {}) {
>>> 46:     const response = await fetch(url, {
    47:         method: 'POST',
    48:         headers: {

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    218:     });
    219:     test('should return 405 for GET /mcp', async () => {
>>> 220:         const response = await fetch(`http://${HOST}:${port}/mcp`);
    221:         assert.strictEqual(response.status, 405, 'GET /mcp should respond with 405');
    222:         const body = await response.json();

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    8: const TEST_SECRET = 'testsecret123';
    9: // Minimum valid 1x1 transparent PNG
>>> 10: const MINIMAL_PNG_BUF = Buffer.from('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==', 'base64');
    11: // Unique suffix per test run to avoid conflicts on concurrent executions
    12: const RUN_ID = Math.random().toString(36).slice(2, 8);

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    199:         try {
    200:             const controller = createTimeoutController(5000);
>>> 201:             const response = await fetch(`http://${HOST}:${port}/health`, {
    202:                 method: 'GET',
    203:                 signal: controller.signal

Report false positive

Scan History

Date	Risk	Findings	Files	Duration
Feb 25, 2026	critical	459	32	0.00s
Feb 23, 2026	critical	459	32	0.00s
Feb 22, 2026	critical	459	32	0.00s