connectiq-mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    375:           "--version=9.0",
    376:         ];
>>> 377:         process.env = {};
    378: 
    379:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    61:                 return join(home, "Library", "Application Support", "Garmin", "ConnectIQ");
    62:             case "win32":
>>> 63:                 return join(process.env.APPDATA ?? join(home, "AppData", "Roaming"), "Garmin", "ConnectIQ");
    64:             default: // Linux and others
    65:                 return join(home, ".Garmin", "ConnectIQ");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    83:         }
    84:         // Fall back to environment variable
>>> 85:         return process.env[envVar];
    86:     }
    87:     /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    4: SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
    5: 
>>> 6: # Check if .env file exists
    7: if [ -f "$SCRIPT_DIR/.env" ]; then
    8:     # Export all variables from .env file

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5: 
    6: # Check if .env file exists
>>> 7: if [ -f "$SCRIPT_DIR/.env" ]; then
    8:     # Export all variables from .env file
    9:     set -a

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6: # Check if .env file exists
    7: if [ -f "$SCRIPT_DIR/.env" ]; then
>>> 8:     # Export all variables from .env file
    9:     set -a
    10:     source "$SCRIPT_DIR/.env"

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    8:     # Export all variables from .env file
    9:     set -a
>>> 10:     source "$SCRIPT_DIR/.env"
    11:     set +a
    12:     echo "Loaded environment variables from $SCRIPT_DIR/.env"

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10:     source "$SCRIPT_DIR/.env"
    11:     set +a
>>> 12:     echo "Loaded environment variables from $SCRIPT_DIR/.env"
    13: else
    14:     echo "Warning: .env file not found at $SCRIPT_DIR/.env"

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     echo "Loaded environment variables from $SCRIPT_DIR/.env"
    13: else
>>> 14:     echo "Warning: .env file not found at $SCRIPT_DIR/.env"
    15:     echo "Please create a .env file with your Github configuration"
    16:     exit 1

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13: else
    14:     echo "Warning: .env file not found at $SCRIPT_DIR/.env"
>>> 15:     echo "Please create a .env file with your Github configuration"
    16:     exit 1
    17: fi

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    80:       case "win32":
    81:         return join(
>>> 82:           process.env.APPDATA ?? join(home, "AppData", "Roaming"),
    83:           "Garmin",
    84:           "ConnectIQ"

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    113: 
    114:     // Fall back to environment variable
>>> 115:     return process.env[envVar];
    116:   }
    117: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    47: 
    48: describe("ConfigManager", () => {
>>> 49:   // Store original process.argv and process.env
    50:   let originalArgv: string[];
    51:   let originalEnv: NodeJS.ProcessEnv;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    53:   beforeEach(() => {
    54:     originalArgv = process.argv;
>>> 55:     originalEnv = process.env;
    56:     vi.clearAllMocks();
    57: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    63:   afterEach(() => {
    64:     process.argv = originalArgv;
>>> 65:     process.env = originalEnv;
    66:   });
    67: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    79:     it("should return Windows path on win32", () => {
    80:       mockedPlatform.mockReturnValue("win32");
>>> 81:       process.env = {
    82:         ...process.env,
    83:         APPDATA: "C:\\Users\\Test\\AppData\\Roaming",

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    80:       mockedPlatform.mockReturnValue("win32");
    81:       process.env = {
>>> 82:         ...process.env,
    83:         APPDATA: "C:\\Users\\Test\\AppData\\Roaming",
    84:       };

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    108:           "--version=8.4",
    109:         ];
>>> 110:         process.env = {};
    111: 
    112:         // Mock directory structure

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    131:           "8.4",
    132:         ];
>>> 133:         process.env = {};
    134: 
    135:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    151:           "--version=8.4",
    152:         ];
>>> 153:         process.env = {};
    154: 
    155:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    176:           "7.2",
    177:         ];
>>> 178:         process.env = {};
    179: 
    180:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    194:       it("should resolve ConnectIQ path from CONNECTIQ_PATH env var", async () => {
    195:         process.argv = ["node", "script.js"];
>>> 196:         process.env = { CONNECTIQ_PATH: "/env/connectiq" };
    197: 
    198:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    211:       it("should resolve version from CONNECTIQ_VERSION env var", async () => {
    212:         process.argv = ["node", "script.js"];
>>> 213:         process.env = {
    214:           CONNECTIQ_PATH: "/env/connectiq",
    215:           CONNECTIQ_VERSION: "8.4",

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    234:           "--version=7.2",
    235:         ];
>>> 236:         process.env = {
    237:           CONNECTIQ_PATH: "/env/connectiq",
    238:           CONNECTIQ_VERSION: "8.4",

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    257:       it("should use OS default path when no path specified", async () => {
    258:         process.argv = ["node", "script.js"];
>>> 259:         process.env = { CONNECTIQ_VERSION: "8.4" };
    260: 
    261:         mockedPlatform.mockReturnValue("darwin");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    282:           "--connectiq-path=/test/connectiq",
    283:         ];
>>> 284:         process.env = {};
    285: 
    286:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    305:           "--connectiq-path=/test/connectiq",
    306:         ];
>>> 307:         process.env = {};
    308: 
    309:         mockedExists.mockImplementation(async (path: string) => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    330:           "--version=8.4.0",
    331:         ];
>>> 332:         process.env = {};
    333: 
    334:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    351:           "--version=8",
    352:         ];
>>> 353:         process.env = {};
    354: 
    355:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    395:           "--version=9.0",
    396:         ];
>>> 397:         process.env = {};
    398: 
    399:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    411:       it("should throw error if ConnectIQ path doesn't exist", async () => {
    412:         process.argv = ["node", "script.js", "--connectiq-path=/nonexistent"];
>>> 413:         process.env = {};
    414: 
    415:         mockedExists.mockResolvedValue(false);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    427:           "--version=8.4",
    428:         ];
>>> 429:         process.env = {};
    430: 
    431:         mockedExists.mockImplementation(async (path: string) => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    452:           "--version=8.4",
    453:         ];
>>> 454:         process.env = {};
    455: 
    456:         mockedExists.mockImplementation(async (path: string) => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    476:           "--version=8.4",
    477:         ];
>>> 478:         process.env = {};
    479: 
    480:         mockedExists.mockImplementation(async (path: string) => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    499:           "--version=8.4",
    500:         ];
>>> 501:         process.env = {};
    502: 
    503:         mockedExists.mockImplementation(async (path: string) => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    525:           "--version=8.4",
    526:         ];
>>> 527:         process.env = {};
    528: 
    529:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    553:           "--version=8.4",
    554:         ];
>>> 555:         process.env = {};
    556: 
    557:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    575:           "--version=8.4",
    576:         ];
>>> 577:         process.env = {};
    578: 
    579:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    597:           "--version=8.4",
    598:         ];
>>> 599:         process.env = {};
    600: 
    601:         mockedExists.mockImplementation(async (path: string) => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    622:           "--version=8.4",
    623:         ];
>>> 624:         process.env = {};
    625: 
    626:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    642:           "--version=8.4",
    643:         ];
>>> 644:         process.env = {};
    645: 
    646:         mockedExists.mockImplementation(async (path: string) => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    665:           "--version=8.4",
    666:         ];
>>> 667:         process.env = {};
    668: 
    669:         mockedExists.mockResolvedValue(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    688:           "--version=8.4",
    689:         ];
>>> 690:         process.env = {};
    691: 
    692:         mockedExists.mockResolvedValue(true);

Decoded base64 content: ������� i�'�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-�����y'dU�슉�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �� ��z{Rv@����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^I�������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    621:     // Pattern: "var name as Type" or "name as Type"
    622:     const asPattern = /\s+as\s+(.+?)(?:\s*$|\s*or\s)/i;
>>> 623:     const match = asPattern.exec(signatureText);
    624:     if (match) {
    625:       // Clean up the type - remove HTML tags if present

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    1028:     const searchArea = el ?? $("body");
    1029:     const text = searchArea.find(".tags").text() || searchArea.text();
>>> 1030:     const match = CONTENT_PATTERNS.apiLevel.exec(text);
    1031:     if (match) {
    1032:       this.logger?.warning("Used pattern-based fallback for since version", {

Decoded base64 content: �����'��-���vK?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�i����¢y�r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�i����¢y�r��7��Ǭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ������� i�'�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����y�r�F�-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����y�r�F�-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-�����y'dU�슉�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �� ��z{Rv@����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�Qz۫�7�r���*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�B�{-j{Uj[�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�B�{-j{Uj[�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: N������^��޾'I�m�x,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���i�^��k����'�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�Qz۫�7�r���*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-�����y'dU�슉�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�i����¢y�r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ������� i�'�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�i����¢y�r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ������� i�'�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�i����¢y�r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^I�������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����y�r�F�-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����y�r�F�-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-�����y'dU�슉�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �� ��z{Rv@����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-�����y'dU�슉�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-�����y'dU�슉�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �� ��z{Rv@����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^I�������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^I�������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    515:         // Pattern: "var name as Type" or "name as Type"
    516:         const asPattern = /\s+as\s+(.+?)(?:\s*$|\s*or\s)/i;
>>> 517:         const match = asPattern.exec(signatureText);
    518:         if (match) {
    519:             // Clean up the type - remove HTML tags if present

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    847:         const searchArea = el ?? $("body");
    848:         const text = searchArea.find(".tags").text() || searchArea.text();
>>> 849:         const match = CONTENT_PATTERNS.apiLevel.exec(text);
    850:         if (match) {
    851:             this.logger?.warning("Used pattern-based fallback for since version", {

Decoded base64 content: {ki�Qz۫�7�r���*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�B�{-j{Uj[�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�B�{-j{Uj[�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: N������^��޾'I�m�x,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���i�^��k����'�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�Qz۫�7�r���*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �׬��(�w��*�I�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �����޳��r@����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�i����¢y�r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�i����¢y�r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    42:       - name: Download mcp-publisher
    43:         run: |
>>> 44:           curl -sL https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_linux_amd64.tar.gz -o mcp-publisher.tar.gz
    45:           tar -xzf mcp-publisher.tar.gz
    46:           chmod +x mcp-publisher

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.