Static Scan Results
scanned 8d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/commands/setup/enable-gcp.jsView file
78parent,
L79: requestBody: { serviceIds: REQUIRED_APIS },
L80: });
...
L130: console.log('\nUploading Terraform setup config to GCS...');
L131: const tfDir = (0, path_1.join)(__dirname, '../../templates/setup-gcp');
L132: const files = ['main.tf', 'variables.tf', 'outputs.tf'];
...
L188: if (!num)
L189: throw new errors_1.CliError({ code: 'UPSTREAM', message: 'Could not retrieve project number', exitCode: 3 });
L190: return String(num);
...
L199: subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request',
L200: token_url: 'https://sts.googleapis.com/v1/token',
L201: credential_source: {
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/commands/setup/enable-gcp.jsView on unpkg · L78Findings
1 High3 Medium5 Low
HighCloud Metadata Accessdist/commands/setup/enable-gcp.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings