playwright-mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    565:   console.log('Configuration:');
    566:   console.log(`- Port: ${process.env.PORT || 3000}`);
>>> 567:   console.log(`- API Key: ${process.env.OPENAI_API_KEY ? '[REDACTED]' : 'Not set'}`);
    568: }
    569: ```

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    564: function logConfig() {
    565:   console.log('Configuration:');
>>> 566:   console.log(`- Port: ${process.env.PORT || 3000}`);
    567:   console.log(`- API Key: ${process.env.OPENAI_API_KEY ? '[REDACTED]' : 'Not set'}`);
    568: }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    290: // Start the server
    291: function startServer() {
>>> 292:     const port = process.env.PORT || 3000;
    293:     app.listen(port, () => {
    294:         console.log(`MCP server listening on port ${port}`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     if (!openai) {
    13:         openai = new OpenAI({
>>> 14:             apiKey: process.env.OPENAI_API_KEY
    15:         });
    16:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14:     if (!openai) {
    15:         openai = new OpenAI({
>>> 16:             apiKey: process.env.OPENAI_API_KEY
    17:         });
    18:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    426: // Start the server
    427: function startServer(): void {
>>> 428:   const port = process.env.PORT || 3000;
    429:   app.listen(port, () => {
    430:     console.log(`MCP server listening on port ${port}`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    84:   if (!openai) {
    85:     openai = new OpenAI({
>>> 86:       apiKey: process.env.OPENAI_API_KEY
    87:     });
    88:   }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    21:   if (!openai) {
    22:     openai = new OpenAI({
>>> 23:       apiKey: process.env.OPENAI_API_KEY
    24:     });
    25:   }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    611: 
    612: ```javascript
>>> 613: const DEBUG = process.env.DEBUG === 'true';
    614: 
    615: function log(message, data) {

Decoded base64 content: ��k�|�2�i���-��M��_�0�8o���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    386:   const { exec } = require('child_process');
    387:   return new Promise((resolve, reject) => {
>>> 388:     exec(`cd ${workspaceRoot} && npx playwright test temp-test.spec.ts`, (error, stdout, stderr) => {
    389:       if (error) {
    390:         reject(error);

Decoded base64 content: �����h�*.��k�7���^��?r����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �����h�*.��k�7���^��?r����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: jv��7�z�C������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�Cj֏���u��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�Cj֏���u��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    168:       const locatorRegex = /const\s+(\w+)\s*=\s*page\.locator\(['"]([^'"]+)['"]\)/g;
    169:       let match;
>>> 170:       while ((match = locatorRegex.exec(file.content)) !== null) {
    171:         patterns.locators[match[1]] = match[2];
    172:       }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    174:       // Extract imports
    175:       const importRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
>>> 176:       while ((match = importRegex.exec(file.content)) !== null) {
    177:         imports.add(match[0]);
    178:         

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    185:       // Extract fixtures
    186:       const fixtureRegex = /test\.use\(\{([^}]+)\}\)/g;
>>> 187:       while ((match = fixtureRegex.exec(file.content)) !== null) {
    188:         patterns.fixtures.push(match[0]);
    189:       }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    191:       // Extract helper functions
    192:       const helperFunctionRegex = /async\s+function\s+(\w+)\s*\([^)]*\)\s*\{[^}]*\}/g;
>>> 193:       while ((match = helperFunctionRegex.exec(file.content)) !== null) {
    194:         patterns.helpers.push({
    195:           name: match[1],

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    200:       // Extract setup patterns (beforeEach, beforeAll)
    201:       const setupRegex = /(test\.beforeEach|test\.beforeAll)\(\s*async[^{]*\{[^}]*\}\s*\)/g;
>>> 202:       while ((match = setupRegex.exec(file.content)) !== null) {
    203:         patterns.setupPatterns.push(match[0]);
    204:       }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    206:       // Extract teardown patterns (afterEach, afterAll)
    207:       const teardownRegex = /(test\.afterEach|test\.afterAll)\(\s*async[^{]*\{[^}]*\}\s*\)/g;
>>> 208:       while ((match = teardownRegex.exec(file.content)) !== null) {
    209:         patterns.teardownPatterns.push(match[0]);
    210:       }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    212:       // Extract assertion patterns
    213:       const assertionRegex = /expect\([^)]+\)\.(toHaveText|toBeVisible|toHaveValue|toContainText|toHaveAttribute|toHaveClass|toHaveCount|toHaveCSS|toHaveId|toHaveURL|toHaveTitle|toBe|toEqual|toContain|not)\([^)]*\)/g;
>>> 214:       while ((match = assertionRegex.exec(file.content)) !== null) {
    215:         patterns.assertionPatterns.push(match[0]);
    216:       }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    218:       // Extract test structure patterns
    219:       const describeRegex = /test\.describe\(['"]([^'"]+)['"]/g;
>>> 220:       while ((match = describeRegex.exec(file.content)) !== null) {
    221:         patterns.testStructure.describe.push(match[1]);
    222:       }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    223:       
    224:       const testRegex = /test\(['"]([^'"]+)['"]/g;
>>> 225:       while ((match = testRegex.exec(file.content)) !== null) {
    226:         patterns.testStructure.test.push(match[1]);
    227:       }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    229:       // Extract page objects
    230:       const pageObjectRegex = /class\s+(\w+Page)\s*\{[^}]*\}/gs;
>>> 231:       while ((match = pageObjectRegex.exec(file.content)) !== null) {
    232:         patterns.pageObjects.push({
    233:           name: match[1],

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    298:     
    299:     let match;
>>> 300:     while ((match = idRegex.exec(html)) !== null) {
    301:       const id = match[1];
    302:       if (!Object.values(existingLocators).includes(id)) {

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    305:     }
    306:     
>>> 307:     while ((match = classRegex.exec(html)) !== null) {
    308:       const classes = match[1].split(' ');
    309:       for (const className of classes) {

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ޭ�^M�-E�)�{

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    186:         const importRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
    187:         let match;
>>> 188:         while ((match = importRegex.exec(content)) !== null) {
    189:           analysis.patterns.importPatterns.push(match[0]);
    190:         }

Decoded base64 content: >�#y�R������v��Ȭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: >�#y�R������v��Ȭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: >�#y�R������v��Ȭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: jv��7�z�C������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: jv��7�z�C������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: >�#y�R������v��Ȭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: jv��7�z�C������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: >�#y�R������v��Ȭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    113:             const locatorRegex = /const\s+(\w+)\s*=\s*page\.locator\(['"]([^'"]+)['"]\)/g;
    114:             let match;
>>> 115:             while ((match = locatorRegex.exec(file.content)) !== null) {
    116:                 patterns.locators[match[1]] = match[2];
    117:             }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    118:             // Extract imports
    119:             const importRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
>>> 120:             while ((match = importRegex.exec(file.content)) !== null) {
    121:                 imports.add(match[0]);
    122:                 // Track common imports across files

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    127:             // Extract fixtures
    128:             const fixtureRegex = /test\.use\(\{([^}]+)\}\)/g;
>>> 129:             while ((match = fixtureRegex.exec(file.content)) !== null) {
    130:                 patterns.fixtures.push(match[0]);
    131:             }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    132:             // Extract helper functions
    133:             const helperFunctionRegex = /async\s+function\s+(\w+)\s*\([^)]*\)\s*\{[^}]*\}/g;
>>> 134:             while ((match = helperFunctionRegex.exec(file.content)) !== null) {
    135:                 patterns.helpers.push({
    136:                     name: match[1],

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    140:             // Extract setup patterns (beforeEach, beforeAll)
    141:             const setupRegex = /(test\.beforeEach|test\.beforeAll)\(\s*async[^{]*\{[^}]*\}\s*\)/g;
>>> 142:             while ((match = setupRegex.exec(file.content)) !== null) {
    143:                 patterns.setupPatterns.push(match[0]);
    144:             }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    145:             // Extract teardown patterns (afterEach, afterAll)
    146:             const teardownRegex = /(test\.afterEach|test\.afterAll)\(\s*async[^{]*\{[^}]*\}\s*\)/g;
>>> 147:             while ((match = teardownRegex.exec(file.content)) !== null) {
    148:                 patterns.teardownPatterns.push(match[0]);
    149:             }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    150:             // Extract assertion patterns
    151:             const assertionRegex = /expect\([^)]+\)\.(toHaveText|toBeVisible|toHaveValue|toContainText|toHaveAttribute|toHaveClass|toHaveCount|toHaveCSS|toHaveId|toHaveURL|toHaveTitle|toBe|toEqual|toContain|not)\([^)]*\)/g;
>>> 152:             while ((match = assertionRegex.exec(file.content)) !== null) {
    153:                 patterns.assertionPatterns.push(match[0]);
    154:             }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    155:             // Extract test structure patterns
    156:             const describeRegex = /test\.describe\(['"]([^'"]+)['"]/g;
>>> 157:             while ((match = describeRegex.exec(file.content)) !== null) {
    158:                 patterns.testStructure.describe.push(match[1]);
    159:             }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    159:             }
    160:             const testRegex = /test\(['"]([^'"]+)['"]/g;
>>> 161:             while ((match = testRegex.exec(file.content)) !== null) {
    162:                 patterns.testStructure.test.push(match[1]);
    163:             }

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    164:             // Extract page objects
    165:             const pageObjectRegex = /class\s+(\w+Page)\s*\{[^}]*\}/gs;
>>> 166:             while ((match = pageObjectRegex.exec(file.content)) !== null) {
    167:                 patterns.pageObjects.push({
    168:                     name: match[1],

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    222:         const classRegex = /class=["']([^"']+)["']/g;
    223:         let match;
>>> 224:         while ((match = idRegex.exec(html)) !== null) {
    225:             const id = match[1];
    226:             if (!Object.values(existingLocators).includes(id)) {

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    228:             }
    229:         }
>>> 230:         while ((match = classRegex.exec(html)) !== null) {
    231:             const classes = match[1].split(' ');
    232:             for (const className of classes) {

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ޭ�^M�-E�)�{

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    144:                 const importRegex = /import\s+.*?from\s+['"]([^'"]+)['"]/g;
    145:                 let match;
>>> 146:                 while ((match = importRegex.exec(content)) !== null) {
    147:                     analysis.patterns.importPatterns.push(match[0]);
    148:                 }

Decoded base64 content: M�-J��r۫xƧj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: jv��7�z�C������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: jv��7�z�C������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: jv��7�z�C������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    384:   
    385:   // Execute the test
>>> 386:   const { exec } = require('child_process');
    387:   return new Promise((resolve, reject) => {
    388:     exec(`cd ${workspaceRoot} && npx playwright test temp-test.spec.ts`, (error, stdout, stderr) => {

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    2: 
    3: # Set the OpenAI API key
>>> 4: export OPENAI_API_KEY="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"
    5: 
    6: # Change to the script directory

High-entropy string (5.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.