All findings
500 findings across categories.
Category:
Severity:
Rule:
500 findings
| Category | Rule | Evidence | Actions | ||
|---|---|---|---|---|---|
| high | security theater | security_theater.api_key_scopes_never_enforced | .cursor/rules/stripe.mdc:19 | ✅ GOOD: Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | .cursor/rules/stripe.mdc:20 | ```javascript Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | .cursor/rules/stripe.mdc:16 | const stripe = require('stripe')('sk_test_YOUR_SECRET_KEY');Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:137 | export interface FunnelValidationResult {Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | .cursor/rules/stripe.mdc:18 | Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:138 | metric: string; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:139 | expected: number | null; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:140 | actual: number | null; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:141 | delta: number | null; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:142 | delta_pct: number | null; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:145 | Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | .cursor/rules/openai.mdc:3 | globs: **/* Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:161 | "Master Events", Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:146 | export interface FunnelValidation {Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:147 | results: FunnelValidationResult[]; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:148 | passed: boolean; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:149 | } Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:150 | Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:151 | const RAW_SHEETS = [ Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:152 | "RAW_MasterEvents_2025", Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:153 | "RAW_Deals_Lost_2025", Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:154 | "RAW_LeadSource_2025", Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:155 | ]; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:156 | const MAP_SHEET = "MAP_EventType_2025"; Scope-checking auth functions defined but never consumed by route handlers | |
| high | security theater | security_theater.api_key_scopes_never_enforced | apps/app/app/(authenticated)/analytics/sales/lib/sales-analytics.ts:157 | const CALCS_SHEET = "CALCS_Funnel"; Scope-checking auth functions defined but never consumed by route handlers |
Page 1 of 20