Batmanuel - A code quality analysis tool
When the HTTP service is started, any requester can obtain the mock token and submit a ZIP archive for extraction and scanning. This is a concrete untrusted-archive processing risk, not confirmed malicious behavior.
`src/auth/auth.controller.js` publicly returns a fixed bearer token.
src/auth/auth.controller.jsView on unpkg`src/auth/token.guard.js` accepts that same fixed token.
src/auth/token.guard.jsView on unpkg`src/analyze/analyze.controller.js` permits authenticated ZIP uploads.
`src/analyze/analyze.service.js` writes and extracts untrusted archives.
src/analyze/analyze.service.jsView on unpkg`src/auth/auth.controller.js` publicly returns a fixed bearer token.
src/auth/auth.controller.jsView on unpkg`src/auth/token.guard.js` accepts that same fixed token.
src/auth/token.guard.jsView on unpkg`src/analyze/analyze.controller.js` permits authenticated ZIP uploads.
`src/analyze/analyze.service.js` writes and extracts untrusted archives.
src/analyze/analyze.service.jsView on unpkg