Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoFilesystemNetworkShellWebSocket
UrlStrings
Source & flagged code
1 flagged · loading sourcedist/cloudflared/provision.jsView file
4import crypto from 'node:crypto';
L5: import { execSync, execFileSync } from 'node:child_process';
L6: import { pipeline } from 'node:stream/promises';
...
L8: import { BIN_DIR } from '../config.js';
L9: const RELEASE_BASE = 'https://github.[redacted]';
L10: const MANUAL_INSTALL_POINTER = 'https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/';
...
L32: try {
L33: const cmd = process.platform === 'win32' ? 'where cloudflared' : 'command -v cloudflared';
L34: const out = execSync(cmd, { stdio: ['ignore', 'pipe', 'ignore'] })
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cloudflared/provision.jsView on unpkg · L4Findings
1 High1 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/cloudflared/provision.js
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings