Skip to content

TheAuditorTool/project_anarchy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.claude
.claude
 
 
.github/workflows
.github/workflows
 
 
anarchy_commerce
anarchy_commerce
 
 
api
api
 
 
assets
assets
 
 
build
build
 
 
configs
configs
 
 
data
data
 
 
dependencies
dependencies
 
 
docs
docs
 
 
documentation
documentation
 
 
flow_analysis
flow_analysis
 
 
frameworks
frameworks
 
 
frontend
frontend
 
 
full_stack_node
full_stack_node
 
 
gateway
gateway
 
 
go_notifications
go_notifications
 
 
graph_nightmares
graph_nightmares
 
 
migrations
migrations
 
 
node_modules
node_modules
 
 
performance
performance
 
 
polyglot_project
polyglot_project
 
 
python_pipeline
python_pipeline
 
 
rust_backend
rust_backend
 
 
scripts
scripts
 
 
security
security
 
 
static
static
 
 
tests
tests
 
 
.DS_Store
.DS_Store
 
 
.coveragerc
.coveragerc
 
 
.env
.env
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
AGENTS.md
AGENTS.md
 
 
ARCHITECTURE.md
ARCHITECTURE.md
 
 
CLAUDE.md
CLAUDE.md
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
FAQ.md
FAQ.md
 
 
GLOSSARY.md
GLOSSARY.md
 
 
INDEX.md
INDEX.md
 
 
README.md
README.md
 
 
VERIFICATION_REPORT.md
VERIFICATION_REPORT.md
 
 
docker-compose.yml
docker-compose.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
pyproject.toml
pyproject.toml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Project Anarchy Error Count Tracking Document

Verification Status: 400/403 errors verified (99.3%) | Full Report

Documentation Description
INDEX.md Navigation index
FAQ.md Frequently asked questions
GLOSSARY.md Terminology definitions
ARCHITECTURE.md System architecture
VERIFICATION_REPORT.md Verification details
CLAUDE.md Claude Code integration

TOTAL ERROR COUNT: 403 ERRORS

  • Phase 2 Errors: 36 errors
  • Phase 3 Errors: 18 errors
  • Phase 4 Errors: 15 errors (outdated package versions)
  • Phase 4 FINAL Errors: 15 errors (completing catalog coverage)
  • Phase 5 Errors: 22 errors (final catalog completion)
  • Phase 6 Errors: 20 errors (74% catalog coverage achieved)
  • Phase 7 Errors: 20 errors (closing major coverage gaps)
  • Phase 8 Errors: 17 errors (final push to 100%)
  • Phase 9 Errors: 17 errors (TRUE 100% coverage achieved)
  • Phase 10 Errors: 34 errors (linter-specific violations)
  • Phase 11 Errors: 15 errors (complex dependency structures)
  • Phase 12 Errors: 5 errors (failing tests for RCA)
  • Phase 13 Errors: 13 errors (framework misconfigurations)
  • Phase 14 Errors: 12 errors (graph analysis targets)
  • Phase 15 Errors: 3 errors (flow analysis scenarios)
  • Phase 16 Errors: 3 errors (performance bottlenecks)
  • Phase 17 Errors: 5 errors (security vulnerabilities)
  • Phase 18 Errors: 9 errors (multi-language integration)
  • Phase 19 Errors: 8 errors (documentation and evidence issues)
  • Phase 21 Errors: 22 errors (full-stack TypeScript feature slice)
  • Phase 22 Errors: 12 errors (broken product variant feature - data contract drift)
  • Phase 23 Errors: 11 errors (flawed Python data pipeline)
  • Phase 24 Errors: 9 errors (unreliable frontend core)
  • Phase 25 Errors: 7 errors (deceptive test suite)
  • Phase 26 Errors: 11 errors (insecure deployment)
  • Phase 27 Errors: 4 errors (data & business logic crisis)
  • Phase 50 Errors: 12 errors (TypeScript refactor nightmare)
  • Phase 51 Errors: 4 errors (Do Not Ship security crisis)
  • Phase 52 Errors: 4 errors (Data integrity & performance crisis)
  • Phase 53 Errors: 8 errors (Distributed system nightmares)
  • Phase 54 Errors: 6 errors (GraphQL security disasters)
  • Phase 55 Errors: 6 errors (Microservices anti-patterns)

Summary by Category

  • Dependency Errors: 21 errors (5 original + 15 outdated versions + 1 diamond)
  • Authentication Errors: 10 errors (auth_service.py: 5, secure_routes.py: 5)
  • Advanced Test Errors: 5 errors (test_advanced.py)
  • Flaky Test Errors: 5 errors (test_flaky.py)
  • Data Import Errors: 5 errors (data_importer.py)
  • Memory Leak Errors: 5 errors (event_system.py)
  • Contract Violation Errors: 5 errors (contracts.py)
  • Framework Config Errors: 1 error (framework_settings.ini)
  • API Core Errors: 21 errors (app.py: 5, db.py: 5, utils.py: 6, config_loader.py: 5)
  • Frontend Errors: 5 errors (api_service.js)
  • Test Errors: 5 errors (test_logic.py)
  • Evidence Errors: 5 errors (evidence.json false claims)
  • Data Errors: 1 error (malformed_notes.txt)
  • Script Errors: 5 errors (complex_processor.py)
  • Static Errors: 5 errors (main.js.py)
  • Security Errors: 1 error (.env file)
  • Structure Errors: 1 error (symlink loop)

Phase 2 Errors (Original 36)

1. Dependency Configuration Files (5 errors total)

Files: requirements.txt, pyproject.toml, package.json, node_modules/, .gitignore

Error # File Error Type Detection Module Description
1 requirements.txt Typosquatting deps.py requets instead of requests
2 requirements.txt Known CVEs deps.py fastapi==0.68.0 has known vulnerabilities
3 pyproject.toml Version Mismatch deps.py fastapi==0.70.0 conflicts with requirements.txt
4 package.json Git Dependency deps.py Points to mutable branch moment.git#develop
5 node_modules/ Committed Artifacts aud index Directory checked into git (should be in .gitignore)

2. api/app.py (5 errors)

Error # Line Error Type Detection Module Description
6 14 Hardcoded Secret lint.py API key exposed: sk-xxxxxxxxxxxxxxxxxxxxxxxx_very_secret_key
7 34-35 Excessive Parameters ast_verify.py Function get_user_details has 8 parameters (>7)
8 28 Missing Await flow_analyzer.py notify_system(user_id) called without await
9 30-31 Resource Leak universal_detector.py File opened but never closed
10 23 Null Dereference rca.py user.get("status").lower() when status is None

3. api/db.py (5 errors)

Error # Line Error Type Detection Module Description
11 20 SQL Injection lint.py f-string formatting in SQL query
12 11 God Object xgraph_builder.py Circular import with utils.py creating tight coupling
13 16-22 Untested Critical risk_scorer.py get_user_by_username is auth-critical but untested
14 24-31 N+1 Query universal_detector.py Loop queries database for each user
15 33-40 Missing Transaction universal_detector.py Multiple updates without transaction boundary

4. api/utils.py (5 errors from Phase 2)

Error # Line Error Type Detection Module Description
16 10 Circular Dependency xgraph_builder.py Imports from db.py creating circular reference
17 15-21 Deep Nesting ast_verify.py Code nested >4 levels deep
18 13 Global Mutable State universal_detector.py Global cache dict causing race conditions
19 32 Unhandled Exception flow_analyzer.py Raises ValueError without catch
20 25 Code Injection lint.py exec() with user input vulnerability

5. frontend/services/api_service.js (5 errors)

Error # Line Error Type Detection Module Description
21 22 Eval Usage lint.py eval() with potentially controlled input
22 30 Empty Catch lint.py Catch block swallows errors silently
23 19 Console Log aud lint --workset console.log left in production code
24 15-24 Unhandled Promise aud flow-analyze fetch() promise has no .catch()
25 10 Type Coercion pattern_rca.py Using == instead of ===

6. tests/test_logic.py (5 errors)

Error # Line Error Type Detection Module Description
26 17-20 No Assertions universal_detector.py Test without any assert statements
27 15 Global State risk_scorer.py Modifies global test_counter without cleanup
28 11 Hardcoded Path lint.py Absolute path /home/user/projects/anarchy
29 22-25 External Dependency flow_analyzer.py Tests depend on github.com API
30 28-30 Duplicate Name ast_verify.py Second test_user_creation overwrites first

7. .pf/evidence.json (5 false claims)

Error # Claim Detection Module Why It's False
31 "All user input is sanitized" evidence_checker.py SQL injection in db.py, eval() in api_service.js
32 "Robust connection pool" evidence_checker.py No connection pooling implemented anywhere
33 "All API endpoints protected by rate limiting" evidence_checker.py No rate limiting code exists
34 "Async operations properly awaited" evidence_checker.py Missing await in app.py line 28
35 "No hardcoded secrets" evidence_checker.py API key hardcoded in app.py line 14

8. data/malformed_notes.txt (1 error)

Error # Error Type Detection Module Description
36 Invalid UTF-8 indexer.py File contains invalid UTF-8 byte sequences

Phase 3 Errors (New 18)

9. .env (1 error)

Error # Error Type Detection Module Description
37 Sensitive Data indexer.py Hidden file with AWS credentials committed to repo

10. api/config_loader.py (5 errors)

Error # Line Error Type Detection Module Description
38 11 Multiple Frameworks framework_detector.py Django imported in FastAPI project
39 17-18 Commented Security lint.py CSRF_ENABLED commented out
40 14 Non-existent Import workset.py Imports non-existent enterprise_license_validator
41 entire Orphaned File workset.py No other file imports config_loader
42 22 Local File Dependency deps.py Uses file:/// local path dependency

11. static/main.js.py (5 errors)

Error # Line Error Type Detection Module Description
43 entire Misleading Extension indexer.py JavaScript code in .py file
44 11-18 Deep Nesting ast_verify.py Code nested >5 levels deep
45 28-34 Deadlock Scenario flow_analyzer.py Lock acquisition A→B, B→A pattern
46 23-25 Copy-Paste Bug ml.py Code copied from api_service.js with subtle bug
47 20 Unicode Error rca.py Mojibake string causes encoding error

12. scripts/complex_processor.py (5 errors)

Error # Line Error Type Detection Module Description
48 11 Off-by-One rca.py Loop accesses items[i+1] causing IndexError
49 14-18 Integer Overflow rca.py Simulates 8-bit signed integer overflow
50 20 Unused Parameter ast_verify.py context parameter never used
51 27-39 High Complexity risk_scorer.py Very high cyclomatic complexity
52 22-25 Inconsistent Types ast_verify.py Returns string or boolean inconsistently

13. api/utils.py (1 additional error from Phase 3)

Error # Line Error Type Detection Module Description
53 12 Circular Import workset.py/xgraph_builder.py Now imports app creating A→B→C→A cycle

14. symlink_to_root (1 error)

Error # Error Type Detection Module Description
54 Symlink Loop indexer.py Symlink creates infinite traversal loop

Phase 4 Errors (New 15 - Outdated Dependencies)

15. requirements.txt (5 outdated packages)

Error # Package Current Version Our Version Detection Module Description
55 numpy ~1.26.0 0.0.001 deps.py --check-latest Extremely outdated version
56 pandas ~2.2.0 0.0.001 deps.py --check-latest Extremely outdated version
57 pytest ~8.0.0 0.0.001 deps.py --check-latest Extremely outdated version
58 sqlalchemy ~2.0.0 0.0.001 deps.py --check-latest Extremely outdated version
59 pydantic ~2.6.0 0.0.001 deps.py --check-latest Extremely outdated version

16. pyproject.toml (5 outdated packages)

Error # Package Current Version Our Version Detection Module Description
60 black ~24.0.0 0.0.001 deps.py --check-latest Extremely outdated version
61 mypy ~1.9.0 0.0.001 deps.py --check-latest Extremely outdated version
62 poetry ~1.8.0 0.0.001 deps.py --check-latest Extremely outdated version
63 ruff ~0.3.0 0.0.001 deps.py --check-latest Extremely outdated version
64 rich ~13.7.0 0.0.001 deps.py --check-latest Extremely outdated version

17. package.json (5 outdated packages)

Error # Package Current Version Our Version Detection Module Description
65 react ~18.2.0 0.0.001 deps.py --check-latest Extremely outdated version
66 express ~4.18.0 0.0.001 deps.py --check-latest Extremely outdated version
67 lodash ~4.17.0 0.0.001 deps.py --check-latest Extremely outdated version
68 axios ~1.6.0 0.0.001 deps.py --check-latest Extremely outdated version
69 webpack ~5.90.0 0.0.001 deps.py --check-latest Extremely outdated version

Phase 4 FINAL Errors (New 15 - Completing Catalog Coverage)

18. api/auth_service.py (5 errors)

Error # Line Error Type Detection Module Description
70 33-38 Race Condition flow_analyzer.py Check-then-act on USER_CREDITS not atomic
71 11 Thread Safety flow_analyzer.py SESSION_TOKENS modified without lock
72 14-15 Missing Type Annotations ast_verify.py is_token_valid lacks type annotations
73 18-20 Plaintext Password evidence_checker.py Stores passwords without encryption
74 23-28 Evolving Bug Pattern ml.py Legacy vulnerable function alongside fixed version

19. tests/test_advanced.py (5 errors)

Error # Line Error Type Detection Module Description
75 13-15 Environment Dependent rca.py Test fails without API_KEY env var
76 10 Security Test Missing test-guidance Imports auth_service but no security tests
77 17-20 Incorrect Null Check pattern_rca.py Checks for None but not empty dict
78 36-38 Cross-Language Dependency workset.py Python executing JavaScript file
79 28-33 Missing Audit Log evidence_checker.py No actual audit logging implementation

20. scripts/data_importer.py (5 errors)

Error # Line Error Type Detection Module Description
80 18 No Retry Backoff universal_detector.py Retry loop without exponential backoff
81 12-15 No Connection Pooling universal_detector.py Creates new DB connection every time
82 23-25 Missing Error Propagation pattern_rca.py Exception caught but not raised/returned
83 28-34 Merge Conflict Markers aud index --exclude-self Unresolved git merge conflict in file
84 10 Proprietary Dependency risk_scorer.py acme_corp_protocol has no alternatives

Phase 5 Errors (New 22 - Final Catalog Completion)

21. api/event_system.py (5 errors - Memory Leak Scenario)

Error # Line Error Type Detection Module Description
85 23 Event Listener Leak universal_detector.py Event listeners registered but never removed
86 27-28 Callback Called Twice flow_analyzer.py Callback potentially invoked multiple times
87 10 Global Event Bus ml.py Team-specific violation using global event bus
88 14-15 Closure Memory Leak RCA Memory Leak Closure holds reference to large object
89 10 Unbounded List Growth RCA Memory Leak Global EVENT_LISTENERS grows unbounded

22. api/contracts.py (5 errors - Contract Violations)

Error # Line Error Type Detection Module Description
90 10-13 Pure Function Side Effect ast-verify --contracts Pure function modifies global COUNTER
91 33-34 Immutable Mutation ast-verify --contracts Tuple mutated via loophole
92 20-21 Invariant Violation ast-verify --contracts Balance can become negative
93 30-31 Missing Default Parameter ast-verify --contracts Required parameter lacks default
94 24-27 Dependency Inversion xgraph_builder.py High-level depends on low-level

23. api/secure_routes.py (5 errors - Authentication Bypass)

Error # Line Error Type Detection Module Description
95 28-31 JWT Validation Skip Auth Bypass RCA Admin route proceeds without JWT
96 24 Insecure Cookie Auth Bypass RCA Cookie lacks Secure/HttpOnly flags
97 17 CORS Misconfiguration Auth Bypass RCA Allows any origin (*)
98 21 No Rate Limiting Auth Bypass RCA Login endpoint unprotected
99 17 Missing CORS Headers aud suggest-fixes Response missing proper CORS headers

24. tests/test_flaky.py (5 errors - Flaky Tests)

Error # Line Error Type Detection Module Description
100 12-17 Timing-Dependent Test aud rca Test fails on timing variations
101 19-25 Locale-Dependent Test aud rca String sorting depends on locale
102 27-31 Platform-Specific Test aud rca Hardcoded Unix path separator
103 14 Magic Numbers aud detect-patterns Uses 0.1 without named constant
104 30 Deprecated Module aud workset --diff Uses os.path instead of pathlib

25. Diamond Dependency (1 error across 4 files)

Error # Files Error Type Detection Module Description
105 Diamond_A/B/C/D.js Diamond Dependency workset.py A→B→D, A→C→D pattern

26. configs/framework_settings.ini (1 error)

Error # Error Type Detection Module Description
106 Missing Configuration framework_detector.py Incomplete framework configuration file

Phase 6 Errors (New 20 - Achieving 100% Catalog Coverage)

27. api/data_corruption.py (5 errors - Data Corruption & Performance Degradation)

Error # Line Error Type Detection Module Description
107 13 Missing Index Performance Degradation RCA 'name' column frequently searched but has no index
108 22 Dirty Reads Data Corruption RCA READ UNCOMMITTED isolation level allows dirty reads
109 12 Missing UNIQUE Data Corruption RCA 'email' column lacks UNIQUE constraint
110 18 No Pagination Performance Degradation RCA Returns all records without pagination
111 28 Breaking Change aud workset --diff Renames 'user_name' to 'fullName', breaking backward compatibility

28. frontend/utils/complex_regex.js (5 errors)

Error # Line Error Type Detection Module Description
112 12 Catastrophic Backtracking aud detect-patterns Regex pattern (a+)+ is exponential
113 22 Complex Regex Pattern ml.py Another bad regex establishing repeated anti-pattern
114 1 Linter Disabled aud lint --workset eslint-disable for entire file
115 25 High Churn No Tests risk_scorer.py File marked as high-churn but lacks tests
116 15-19 Wrong Framework framework_detector.py Vue code in React project

29. api/dynamic_loader.py (5 errors - Graph Analysis)

Error # Line Error Type Detection Module Description
117 16-17 Dynamic Import aud graph build importlib breaks static analysis
118 11 Layering Violation aud graph build High-level imports from test utility
119 13 Cross-boundary Import aud graph build Another test import into api source
120 21-22 Hidden Dependency aud graph build Modifies global state in utils module
121 25-30 Unused Framework framework_detector.py Flask installed but not used

30. api/streams.py (2 errors)

Error # Line Error Type Detection Module Description
122 13-14 Stream No Error Handler aud flow-analyze Stream lacks try/except for connection errors
123 8 Global State Mutation aud detect-patterns Direct mutation of global state

31. docs/OLD_SPECS.md (1 error)

Error # Line Error Type Detection Module Description
124 6 Old TODO aud lint --workset TODO from 2023-01-15 (over 6 months old)

32. api/app.py (2 additional errors from Phase 6)

Error # Line Error Type Detection Module Description
125 44 Sync I/O in Async aud detect-patterns time.sleep(5) blocks async context
126 47 Unreachable Code aud lint --workset Code after return statement

Phase 7 Errors (New 20 - Closing Major Coverage Gaps)

33. api/db_connection_hell.py (4 errors - Database Connection Exhaustion)

Error # Line Error Type Detection Module Description
127 14 No Timeout Database Connection Exhaustion RCA Connection acquisition without timeout
128 14-17 Missing Error Handling Database Connection Exhaustion RCA No specific handling for connection failures
129 18 No Retry Logic Database Connection Exhaustion RCA Connection fails without retry attempt
130 8 Layering Violation xgraph_builder.py Backend importing frontend component

34. frontend/framework_mess.js (5 errors - Framework Detection)

Error # Line Error Type Detection Module Description
131 8-9 Competing Frameworks aud detect-frameworks React and Vue imported in same file
132 23 Missing Test aud detect-frameworks Jest configured but no test file
133 11-12 ORM Without DB aud detect-frameworks Prisma referenced without database config
134 14-15 Version Mismatch framework_detector.py Requires React 18 but has React 17
135 17-20 Uncovered Path aud workset --diff Change in untested code path

35. api/risky_operations.py (5 errors - Risk Scoring)

Error # Line Error Type Detection Module Description
136 18 Critical Path No Tests aud risk-score Payment processing has zero tests
137 12 High Churn Security File aud risk-score Security-critical with recent changes
138 10 Single Point of Failure aud risk-score Only function for payment processing
139 18 Third-Party in Critical aud risk-score Unvetted library in payment flow
140 14 Missing Sanitization aud suggest-fixes User input not sanitized

36. api/validation_patterns.py (4 errors - Pattern RCA)

Error # Line Error Type Detection Module Description
141 9,14 Off-by-One Pattern aud pattern-rca Systematic off-by-one errors
142 9,14 Boundary Condition Pattern aud pattern-rca Repeated boundary condition errors
143 18 Missing Validation Pattern aud pattern-rca Pattern of missing validations
144 9,14 Repeated Anti-Pattern ml.py ML-detectable repeated anti-patterns

37. Build Artifacts (2 errors)

Error # File Error Type Detection Module Description
145 build/app.min.js Build Artifact aud index --exclude-self Minified file committed to repo
146 api/app.py.swp Temp File aud index --exclude-self Swap file committed to repo

Phase 8 Errors (New 17 - Final Push to 100% Coverage)

38. api/final_rca_scenarios.py (8 errors - Completing All RCA Scenarios)

Error # Line Error Type Detection Module Description
147 15-19 Race Condition Data Corruption RCA Concurrent writes can overwrite balance
148 43-47 Partial Write No Rollback Data Corruption RCA Transaction fails without rollback
149 50-53 Sync in Async Performance Degradation RCA time.sleep blocks event loop
150 56-58 Missing Cache Performance Degradation RCA No caching layer for permissions
151 22-23 Session Fixation Auth Bypass RCA User can specify own session ID
152 26-28 Connection Not Released Database Connection Exhaustion RCA Pool connection never released
153 30-38 Circular Reference Memory Leak RCA Objects create permanent circular ref
154 33 Missing Weak Reference Memory Leak RCA Should use weakref for child

39. tests/final_test_guidance.py (4 errors - Completing test-guidance)

Error # Line Error Type Detection Module Description
155 13 Missing Edge Cases aud test-guidance divide() lacks tests for b=0 or non-numeric
156 16-19 Untested Integration aud test-guidance External service call not mocked/tested
157 22-24 No Performance Test aud test-guidance Slow function lacks performance benchmark
158 30 Uncovered Error Path aud test-guidance TypeError catch never tested

40. frontend/final_cli_triggers.js (4 errors - Completing CLI Commands)

Error # Line Error Type Detection Module Description
159 10-14 Missing Try-Catch aud suggest-fixes JSON.parse without error handling
160 17-19 Unhandled Promise aud suggest-fixes Promise rejection never caught
161 22-25 Event Emitter Leak aud flow-analyze Listeners added, never removed
162 28-32 Resource Cleanup Failure pattern_rca.py Handle never closed systematically

41. assets/large_file.bin (1 error - Large File Detection)

Error # Error Type Detection Module Description
163 Large Binary File indexer.py Binary file >100MB committed to repo

Phase 9 Errors (New 17 - TRUE 100% Coverage Achieved)

42. .DS_Store (1 error - macOS System File)

Error # Error Type Detection Module Description
164 System File aud index --exclude-self .DS_Store file committed to repo

43. api/final_coverage_completion.py (14 errors - Completing All CLI Commands)

Error # Line Error Type Detection Module Description
165 24-34 Modified Deprecated aud workset --diff deprecated_and_modified_function recently changed
166 37-39 Config Without Tests aud workset --diff Critical configs changed without test updates
168 56-68 Framework Mismatch aud detect-frameworks Python generating PHP code
169 83-85 No Timeout aud detect-patterns HTTP request missing timeout parameter
170 101-103 Empty Catch aud lint --workset Empty except block swallows KeyError
171 124-133 Contract Violation aud ast-verify --contracts Pre/post conditions violated
172 136 Import Cycle aud graph build Circular import via utils module
173 154 Async No Await aud flow-analyze _process_single_item called without await
174 170-171 Unhandled Future aud flow-analyze Future exception never handled
175 190-208 Complex Hot Path aud risk-score O(n²) complexity in critical path
176 218-225 Env-Specific aud rca Only works in production environment
177 233-238 Version-Specific aud rca Uses deprecated asyncio.get_event_loop
178 248-250, 260-262 Null Pattern aud pattern-rca Treats 0 as null systematically
179 279, 291 Resource Leaks aud pattern-rca Locks acquired but never released
180 306-308 No Rate Limit aud suggest-fixes transfer_funds lacks rate limiting

44. package.json (1 error - Unused Framework)

Error # Line Error Type Detection Module Description
167 11 Unused Framework aud detect-frameworks @angular/core installed but never imported

Phase 10 Errors (New 34 - Linter-Specific Violations)

45. frontend/violations/eslint_violations.js (8 errors - ESLint Rules)

Error # Line Error Type Detection Module Description
181 8 Unused Variable ESLint no-unused-vars unusedVariable declared but never used
182 12 Type Coercion ESLint eqeqeq Using == instead of ===
183 20 Console Statement ESLint no-console console.log in production code
184 26-27 Unreachable Code ESLint no-unreachable Code after return statement
185 32 Undefined Variable ESLint no-undef globalConfigObject not defined
186 37-52 Callback Hell ESLint max-nested-callbacks Callbacks nested 4+ levels deep
187 56-61 No Error Handler ESLint Promise without .catch()
188 65-69 Missing Semicolons ESLint semi Missing semicolons

46. api/violations/ruff_violations.py (8 errors - Ruff Rules)

Error # Line Error Type Detection Module Description
189 8 Line Too Long Ruff E501 Line exceeds 88 characters
190 12-16 Import Order Ruff I001 Imports not in standard order
191 19 Unused Import Ruff F401 json module imported but unused
192 22 Missing Docstring Ruff D103 Public function lacks docstring
193 27 F-string in Logging Ruff G004 F-string used in logging call
194 31 Mutable Default Ruff B006 List as default argument
195 36 Missing Type Hints Ruff ANN101/ANN401 No type annotations
196 44 Assert in Production Ruff S101 Assert used outside tests

47. api/violations/flake8_violations.py (6 errors - Flake8-Specific Rules)

Error # Line Error Type Detection Module Description
197 10 Line Length Flake8 E501 Line 79-88 chars (Flake8 default)
198 15-17 Line Break Flake8 W503 Line break before binary operator
199 21-43 Complexity Flake8 C901 Cyclomatic complexity > 10
200 46 Function Default Flake8 B008 Function call as default argument
201 51 Blank Lines Flake8 E302 Expected 2 blank lines, found 1
202 7 Unused Import Flake8 F401 re module imported but unused

48. frontend/violations/typescript_violations.ts (7 errors - TypeScript Type Violations)

Error # Line Error Type Detection Module Description
203 8 Explicit Any TypeScript Explicitly typed as 'any'
204 13 Implicit Any TypeScript Parameter has implicit 'any' type
205 18 No Return Type TypeScript Function missing return type
206 24 Non-null Assertion TypeScript Using ! on potentially null value
207 30 Type Assertion TypeScript Forcing number to string type
208 34 @ts-ignore TypeScript Suppressing type error with @ts-ignore
209 37-47 Inconsistent Types TypeScript Interface vs type for same shape

49. frontend/violations/prettier_violations.js (5 errors - Prettier Formatting Violations)

Error # Line Error Type Detection Module Description
210 8-10 Mixed Quotes Prettier Single and double quotes mixed
211 13-23 No Trailing Comma Prettier Missing trailing commas in multi-line
212 26-30 Mixed Indentation Prettier Tabs and spaces mixed
213 33 Line Too Long Prettier Line exceeds 120 characters
214 36-38 Inconsistent Spacing Prettier Inconsistent bracket/brace spacing

Verification Commands

To verify all 214 errors with TheAuditor:

# Index the repository (will detect symlink loop, .env, misleading extensions)
aud index --root ./project_anarchy --print-stats

# Run comprehensive analysis
aud lint --workset .
aud ast-verify --contracts
aud deps --check-latest
aud detect-frameworks
aud detect-patterns
aud evidence-check --evidence-file .pf/evidence.json
aud rca
aud risk-score
aud graph build --exclude-self
aud flow-analyze
aud pattern-rca
aud workset --diff main..HEAD

# Generate complete report
aud report

Error Categories Mapped to TheAuditor Modules (Updated)

Module Error Count Error IDs
lint.py 8 6, 11, 20, 21, 22, 28, 39, 28
deps.py 20 1, 2, 3, 4, 42, 55-69
universal_detector.py 8 9, 14, 15, 18, 26, 80, 81, 85
ast_verify.py 7 7, 17, 30, 44, 50, 52, 72
ast-verify --contracts 4 90, 91, 92, 93
flow_analyzer.py 7 8, 19, 29, 45, 70, 71, 86
xgraph_builder.py 4 12, 16, 53, 94
rca.py 5 10, 47, 48, 49, 75
aud rca 3 100, 101, 102
risk_scorer.py 4 13, 27, 51, 84
pattern_rca.py 3 25, 77, 82
indexer.py 7 36, 37, 43, 54, 5, 83, 163
framework_detector.py 2 38, 106
workset.py 5 40, 41, 53, 78, 105
aud workset --diff 1 104
ml.py 3 46, 74, 87
evidence_checker.py 7 31, 32, 33, 34, 35, 73, 79
RCA Memory Leak 2 88, 89
Auth Bypass RCA 4 95, 96, 97, 98
aud suggest-fixes 1 99
aud detect-patterns 1 103
test-guidance 1 76
aud lint --workset 1 23
aud flow-analyze 1 24
aud index 1 5
aud index --exclude-self 1 83

TOTAL: 214 ERRORS

Phase Tracking

Phase 2 Completion

  • Files created: 12
  • Errors implemented: 36
  • Coverage: ~22% of catalog (36/165 items)

Phase 3 Completion

  • Files created: 5
  • Files modified: 1
  • Errors implemented: 18
  • Total errors: 54
  • Coverage: ~33% of catalog (54/165 items)

Phase 4 Completion

  • Files created: 0
  • Files modified: 3 (requirements.txt, pyproject.toml, package.json)
  • Errors implemented: 15 (all outdated dependency versions)
  • Total errors: 69
  • Coverage: ~42% of catalog (69/165 items)

Phase 4 FINAL Completion

  • Files created: 3 (auth_service.py, test_advanced.py, data_importer.py)
  • Files modified: 0
  • Errors implemented: 15 (completing catalog coverage)
  • Total errors: 84
  • Coverage: ~51% of catalog (84/165 items)

Phase 5 Completion

  • Files created: 7 (event_system.py, contracts.py, secure_routes.py, test_flaky.py, Diamond_A/B/C/D.js, framework_settings.ini)
  • Files modified: 0
  • Errors implemented: 22 (final push for catalog coverage)
  • Total errors: 106
  • Coverage: ~64% of catalog (106/165 items)

Phase 6 Completion

  • Files created: 5 (data_corruption.py, complex_regex.js, dynamic_loader.py, streams.py, OLD_SPECS.md)
  • Files modified: 1 (api/app.py)
  • Errors implemented: 20 (attempting full catalog coverage)
  • Total errors: 126
  • Coverage: ~74% of catalog (122/165 items)

Phase 7 Completion

  • Files created: 6 (db_connection_hell.py, framework_mess.js, risky_operations.py, validation_patterns.py, build/app.min.js, app.py.swp)
  • Files modified: 0
  • Errors implemented: 20 (closing major coverage gaps)
  • Total errors: 146
  • Coverage: ~88% of catalog (145/165 items estimated)

Phase 8 Completion

  • Files created: 4 (final_rca_scenarios.py, final_test_guidance.py, final_cli_triggers.js, large_file.bin)
  • Files modified: 0
  • Errors implemented: 17 (final push to 100%)
  • Total errors: 163
  • Coverage: ~99% of catalog (163/165 items estimated)

Phase 9 Completion

  • Files created: 2 (.DS_Store, final_coverage_completion.py)
  • Files modified: 2 (package.json, requirements.txt)
  • Errors implemented: 17 (TRUE 100% coverage)
  • Total errors: 180
  • Coverage: 100% of catalog (all 165 patterns covered + 15 extra)

Phase 10 Completion

  • Files created: 5 (eslint_violations.js, ruff_violations.py, flake8_violations.py, typescript_violations.ts, prettier_violations.js)
  • Files modified: 0
  • Errors implemented: 34 (linter-specific violations)
  • Total errors: 214
  • Coverage: Testing actual linter integration beyond patterns

Catalog Coverage Status

  • ✓ COMPLETED: All 14 Modules (5+ errors each)
  • ✓ COMPLETED: All 14 CLI Commands (5+ errors each)
  • ✓ COMPLETED: All 5 RCA Scenarios (5+ errors each)
  • ✓ 100% COVERAGE ACHIEVED: All 165 detection patterns covered
  • ✓ BONUS: 15 additional errors for robustness testing
  • ✓ EXACT TRACKING: All 180 errors documented with location and type
  • ✓ REAL CODE: Errors embedded in functional-looking code (90% working)
  • ✓ MISSION CRITICAL: Every error numbered, located, and explained

Phase 11 Errors (Complex Dependency Structures - 15 errors)

57. dependencies/python_project/requirements.txt (2 errors)

Error # Line Error Type Detection Module Description
215 1-2 Version Conflict deps.py pandas==1.5.0 conflicts with other files
216 4-5 Version Conflict deps.py numpy<1.24 conflicts with other files

58. dependencies/python_project/pyproject.toml (2 errors)

Error # Line Error Type Detection Module Description
217 10 Version Conflict deps.py pandas==2.0.0 conflicts with requirements.txt
218 11 Version Conflict deps.py numpy>=1.25 conflicts with requirements.txt

59. dependencies/python_project/Pipfile (2 errors)

Error # Line Error Type Detection Module Description
219 8 Version Conflict deps.py pandas~=1.4.0 conflicts with other files
220 10 Wildcard Version deps.py numpy="*" conflicts with specific versions

60. dependencies/python_project/setup.py (2 errors)

Error # Line Error Type Detection Module Description
221 26 Version Conflict deps.py pandas>=2.1.0 conflicts with all others
222 27 Version Conflict deps.py numpy==1.26.0 conflicts with all others

61. dependencies/node_project/package.json (2 errors)

Error # Line Error Type Detection Module Description
223 12 Known CVEs deps.py express 4.16.0 has critical vulnerabilities
224 13 Known CVEs deps.py lodash 4.17.15 has prototype pollution

62. dependencies/node_project/yarn.lock (1 error)

Error # Line Error Type Detection Module Description
225 6 Lock Mismatch deps.py [email protected] differs from package.json

63. dependencies/node_project/pnpm-lock.yaml (1 error)

Error # Line Error Type Detection Module Description
226 16-23 Lock Mismatch deps.py All versions differ from package.json

64. dependencies/monorepo/packages/core/index.js (1 error)

Error # Line Error Type Detection Module Description
227 6 Circular Dependency xgraph_builder.py core depends on api

65. dependencies/monorepo/packages/ui/index.js (1 error)

Error # Line Error Type Detection Module Description
228 6 Circular Dependency xgraph_builder.py Part of circular chain

66. dependencies/monorepo/packages/api/index.js (1 error)

Error # Line Error Type Detection Module Description
229 6 Circular Dependency xgraph_builder.py api depends on core (completes circle)

Phase 12 Errors (Actual Failing Tests for RCA - 5 errors)

67. tests/test_rca_scenarios.py (5 errors)

Error # Line Error Type Detection Module Description
230 14-18 Test Timeout RCA Test Analysis Test sleeps for 10 seconds causing timeout
231 21-26 Flaky Test RCA Test Analysis Random assertion that passes/fails unpredictably
232 29-34 Environment Dependency RCA Test Analysis Requires REQUIRED_VAR environment variable
233 37-62 Race Condition RCA Test Analysis Thread race condition in shared list operations
234 65-79 Memory Exhaustion RCA Test Analysis Attempts to allocate 100M integers causing OOM

Phase 13 Errors (Framework Misconfigurations - 13 errors)

68. frameworks/django_project/settings.py (3 errors)

Error # Line Error Type Detection Module Description
235 14 Debug Mode Framework Config DEBUG=True in production settings
236 17 Hardcoded Secret Framework Config Hardcoded SECRET_KEY instead of env var
237 requirements.txt Outdated Version deps.py Django==3.2.1 with known vulnerabilities

69. frameworks/react_project/ (3 errors)

Error # Line Error Type Detection Module Description
238 webpack.config.js:24 Source Maps Framework Config source-map enabled in production
239 .env Exposed Secrets Framework Config API keys committed in .env file
240 package.json:17-20 Wrong Dependencies Framework Config Test libs jest/enzyme in dependencies

70. frameworks/fastapi_project/ (4 errors)

Error # Line Error Type Detection Module Description
241 main.py:13 Missing CORS Framework Config No CORS middleware configured
242 main.py:21 No Rate Limiting Framework Config No rate limiting implemented
243 config.py:10 Hardcoded DB URL Framework Config Database URL with credentials hardcoded
244 requirements.txt Outdated Version deps.py fastapi==0.95.0 outdated version

71. frameworks/angular_project/ (3 errors)

Error # Line Error Type Detection Module Description
245 angular.json:45 No Optimization Framework Config optimization: false in production
246 environment.prod.ts:11 API Key Exposed Framework Config API key in production environment
247 package.json:19-20 Framework Mixing Framework Config React and Vue in Angular project

Phase 14 Errors (Graph Analysis Targets - 12 errors)

72. graph_nightmares/god_object.py (2 errors)

Error # Line Error Type Detection Module Description
248 9-37 God Object xgraph_builder.py 25+ imports indicating too many responsibilities
257 40 Hotspot Import xgraph_builder.py Imports critical hotspot module

73. graph_nightmares/spaghetti/ (5 errors)

Error # Line Error Type Detection Module Description
249 module_a.py:8 Circular Import xgraph_builder.py module_a imports module_b
250 module_b.py:8 Circular Import xgraph_builder.py module_b imports module_c
251 module_c.py:8 Circular Import xgraph_builder.py module_c imports module_a (completes circle)
252 module_d.py:8-10 Import Tangle xgraph_builder.py Imports all circular modules
258 module_d.py:13 Hotspot Import xgraph_builder.py Imports critical hotspot module

74. graph_nightmares/layer_violations/ (4 errors)

Error # Line Error Type Detection Module Description
253 ui/ui_component.py:8 Layer Violation xgraph_builder.py UI imports database layer
254 database/db_model.py:8 Layer Violation xgraph_builder.py Database imports UI layer
255 business/logic.py:8 Layer Violation xgraph_builder.py Business imports test suite
259 business/logic.py:11 Hotspot Import xgraph_builder.py Imports critical hotspot module

75. graph_nightmares/hotspots/critical.py (1 error)

Error # Line Error Type Detection Module Description
256 Entire module Code Hotspot xgraph_builder.py Critical module imported by many others

Phase 15 Errors (Flow Analysis Scenarios - 3 errors)

76. flow_analysis/deadlock.py (1 error)

Error # Line Error Type Detection Module Description
260 14-15, 22-40, 42-60 Deadlock CFG/DFG Analysis Two-thread, two-lock deadlock scenario

77. flow_analysis/race_condition.py (1 error)

Error # Line Error Type Detection Module Description
261 13-14, 16-26 Race Condition DFG Analysis Non-atomic operations on shared variables

78. flow_analysis/resource_leak.py (1 error)

Error # Line Error Type Detection Module Description
262 16-25 Resource Leak CFG Analysis File not closed on early return path

Phase 16 Errors (Performance Bottlenecks - 3 errors)

79. performance/bottlenecks.py (3 errors)

Error # Line Error Type Detection Module Description
263 11-27 O(n²) Complexity Performance Analysis Nested loops creating quadratic time complexity
264 35-41 Exponential Complexity Performance Analysis Recursive fibonacci with O(2^n) complexity
265 44-58 String Concatenation Performance Analysis String += in loop creating O(n²) operation

Phase 17 Errors (Security Vulnerabilities - 5 errors)

80. security/security_holes.py (5 errors)

Error # Line Error Type Detection Module Description
266 22-40 SQL Injection Security Analysis User input directly in SQL query
267 43-60 XXE Vulnerability Security Analysis XML parsing with resolve_entities=True
268 63-77 Path Traversal Security Analysis Unsanitized filename in path concatenation
269 80-97 Command Injection Security Analysis User input in shell command (os.system)
270 100-113 Insecure Deserialization Security Analysis pickle.loads on untrusted data

Phase 18 Errors (Multi-Language Integration - 9 errors)

81. polyglot_project/ (9 language files)

Error # File Error Type Detection Module Description
271 backend/main.py Language Mix aud detect-frameworks Python in polyglot project
272 backend/utils.rs Language Mix aud detect-frameworks Rust in polyglot project
273 backend/database.go Language Mix aud detect-frameworks Go in polyglot project
274 frontend/app.tsx Language Mix aud detect-frameworks TypeScript React in polyglot
275 frontend/styles.scss Language Mix aud detect-frameworks Sass in polyglot project
276 wasm/module.wat Language Mix aud detect-frameworks WebAssembly in polyglot
277 scripts/build.sh Language Mix aud detect-frameworks Bash in polyglot project
278 scripts/deploy.rb Language Mix aud detect-frameworks Ruby in polyglot project
279 scripts/analyze.r Language Mix aud detect-frameworks R in polyglot project

Phase 19 Errors (Documentation and Evidence Issues - 8 errors)

82. documentation/ (False claims and outdated docs)

Error # File Error Type Detection Module Description
280 API.md False Claim aud check-evidence Claims rate limiting exists (false)
281 SECURITY.md False Claim aud check-evidence Claims encryption exists (false)
282 TESTING.md False Claim aud check-evidence Claims 100% test coverage (false)
283 README.md Outdated Docs aud check-evidence Describes monolith, actually polyglot
284 evidence.json False Evidence aud check-evidence Claims rate limiting in FastAPI (false)
285 evidence.json False Evidence aud check-evidence Claims password encryption (false)
286 evidence.json False Evidence aud check-evidence Claims atomic transactions (false)
287 evidence.json False Evidence aud check-evidence Claims input validation (false)

Phase 21 Errors (Full-Stack TypeScript Feature Slice - 22 errors)

83. full_stack_node/backend/src/config/database.ts (3 errors)

Error # Line Error Type Detection Module Description
288 9 Hardcoded Secret Security Analysis Database URL with credentials hardcoded
289 16-21 Performance Config Performance Analysis Pool max:5 too small for production
290 24-29 Security Config Security Analysis SSL disabled with rejectUnauthorized:false

84. full_stack_node/shared/types.ts (3 errors)

Error # Line Error Type Detection Module Description
291 9 Type Any TypeScript/TSC User.id typed as 'any'
292 17 Type Any TypeScript/TSC User.createdAt typed as 'any'
293 44 Type Any TypeScript/TSC ApiResponse type defined as 'any'

85. full_stack_node/backend/src/models/user.model.ts (4 errors)

Error # Line Error Type Detection Module Description
294 55-59 Schema Issue Sequelize/DB email allows null despite being required
295 13 Type Mismatch TypeScript/TSC Model has passwordHash, User interface doesn't
296 58 Missing Index Performance Analysis No unique constraint/index on email field
297 102-107 Untyped JSONB TypeScript/TSC profileData field typed as 'any' JSONB

86. full_stack_node/backend/src/middleware/auth.middleware.ts (3 errors)

Error # Line Error Type Detection Module Description
298 10 Type Any TypeScript/TSC req, res, next params typed as 'any'
299 17-21 Security Bypass Security Analysis Hardcoded 'master-key' authentication bypass
300 55 Request Hanging Flow Analysis Missing response causes request to hang

87. full_stack_node/backend/src/controllers/user.controller.ts (4 errors)

Error # Line Error Type Detection Module Description
301 12 Type Any TypeScript/TSC req and res typed as 'any'
302 31-33 Empty Catch Error Handling Empty catch block swallowing errors
303 26-29 Data Exposure Security Analysis Returns passwordHash in response
304 37 Type Any Return TypeScript/TSC Returns Promise which is Promise

88. full_stack_node/backend/src/routes/user.routes.ts (2 errors)

Error # Line Error Type Detection Module Description
305 17 Flawed Middleware Security Analysis Uses auth middleware with master-key bypass
306 23 Unused Parameter Code Analysis :userId param defined but ignored by controller

89. full_stack_node/backend/src/server.ts (3 errors)

Error # Line Error Type Detection Module Description
307 Missing Missing Security Security Analysis No helmet middleware for security headers
308 25-30 CORS Misconfiguration Security Analysis CORS allows all origins with credentials
309 Missing No Error Handler Error Handling No global error handling middleware

Phase 22 Errors (Broken Product Variant Feature - 12 errors)

90. full_stack_node/backend/src/controllers/user.controller.ts (1 error)

Error # Line Error Type Detection Module Description
310 222 Contract Drift Data Contract Analysis Returns flat variants instead of nested product structure

91. full_stack_node/frontend/src/types/product.types.ts (2 errors)

Error # Line Error Type Detection Module Description
311 15-22 Root Cause TypeScript/Contract Expects nested product object, backend provides flat structure
312 33-35 Bad Practice TypeScript/Contract Product has pricing fields that moved to variants

92. full_stack_node/frontend/src/services/api.ts (2 errors)

Error # Line Error Type Detection Module Description
313 23 Missing Normalization Data Flow Analysis No data transformation, passes mismatch directly
314 27-29 Poor Error Handling Error Analysis Only console.log, no user feedback

93. full_stack_node/frontend/src/store/product.store.ts (2 errors)

Error # Line Error Type Detection Module Description
315 11 Incorrect State Shape State Management Store designed for old nested structure
316 65-68 Faulty Selector Runtime Analysis selectProductNames accesses undefined product.name

94. full_stack_node/frontend/src/pages/ProductListPage.tsx (2 errors)

Error # Line Error Type Detection Module Description
317 24 Runtime Crash Runtime Analysis TypeError accessing undefined product.name
318 39-42 Incomplete UI Code Analysis Empty onClick handler with TODO comment

95. full_stack_node/frontend/src/components/VariantDetails.tsx (3 errors)

Error # Line Error Type Detection Module Description
319 11 Type Any TypeScript/TSC Component props typed as 'any'
320 22 Type Casting TypeScript/TSC Forces data into wrong shape with 'as'
321 29 Logical Bug Runtime Analysis Renders undefined but any hides compile errors

Phase 23 Errors (Flawed Python Data Pipeline - 11 errors)

96. python_pipeline/db/sqlalchemy_models.py (3 errors)

Error # Line Error Type Detection Module Description
322 22 Performance Database Analysis No unique/index on frequently queried email field
323 31 Relationship Config SQLAlchemy Analysis Missing uselist=False creates one-to-many instead of one-to-one
324 11 Wrong Import Python Import Analysis Importing Mapped from typing instead of sqlalchemy.orm

97. python_pipeline/services/data_ingestion.py (3 errors)

Error # Line Error Type Detection Module Description
325 33 Code Injection Security Analysis Using eval() on CSV data - arbitrary code execution
326 15 Poor Typing Type Analysis Returns list[dict[str, any]], losing type safety
327 52 Error Handling Code Analysis Empty except block silently ignoring errors

98. python_pipeline/processing/tasks.py (3 errors)

Error # Line Error Type Detection Module Description
328 48 Race Condition Concurrency Analysis Sleep after fetch creates window for concurrent modifications
329 71 Logic Bug Business Logic Dividing by currency rate instead of multiplying
330 99 Memory Leak Memory Analysis Global PROCESSED_IDS list grows indefinitely

99. python_pipeline/api/fastapi_endpoint.py (2 errors)

Error # Line Error Type Detection Module Description
331 64-67 Info Leakage Security Analysis Leaking SQLAlchemy error details in HTTP response
332 55 Task Tracking Async Analysis Not capturing task_id, making task impossible to track

Phase 24 Errors (Unreliable Frontend Core - 9 errors)

100. full_stack_node/frontend/src/store/cart.store.ts (3 errors)

Error # Line Error Type Detection Module Description
333 83-87 Floating-Point Math Analysis Precision errors in price calculations
334 48-57 Logic Bug State Analysis Removes all items with same variant_id instead of specific lineItem
335 113-123 Type Safety Security Analysis No validation on localStorage hydration, treats as any

101. full_stack_node/frontend/src/locales/ (2 errors)

Error # Line Error Type Detection Module Description
336 th.json Missing Keys i18n Analysis Missing translations for variants section
337 th.json:38 Syntax Error JSON Parser Trailing comma causes JSON.parse to fail

102. full_stack_node/frontend/vite.config.ts (2 errors)

Error # Line Error Type Detection Module Description
338 17-23 CSP Vulnerability Security Analysis unsafe-inline and unsafe-eval in CSP
339 59 Info Leakage Build Analysis sourcemap: true leaks source in production

103. full_stack_node/frontend/src/hooks/useUserData.ts (2 errors)

Error # Line Error Type Detection Module Description
340 63 Performance React Analysis Missing dependency causes unnecessary re-fetches
341 96-98 Security Security Analysis Storing JWT in localStorage, vulnerable to XSS

Phase 25 Errors (Deceptive Test Suite - 7 errors)

104. tests/e2e/specs/user_journey.spec.js (3 errors - Flaky E2E Tests)

Error # Line Error Type Detection Module Description
342 12-13 No Page Wait E2E Analysis Selector check without waiting for page load
343 22-24 Race Condition E2E Analysis Form submission before typing completes
344 31-33 Brittle Selectors E2E Analysis CSS selectors tied to MUI implementation details

105. tests/python_tests/test_ineffective.py (3 errors - Ineffective Tests)

Error # Line Error Type Detection Module Description
345 18-31 Mock Everything Test Analysis Test mocks all dependencies, tests nothing real
346 42-50 Tautological Tests Test Analysis Assertions that can never fail (x == x)
347 58-74 Wrong Scale Test Analysis Tests 3 items, production has millions

106. .coveragerc (1 error - Misleading Coverage)

Error # Line Error Type Detection Module Description
348 8-26 Coverage Inflation Coverage Analysis Excludes complex files to inflate coverage metrics

Phase 26 Errors (Insecure Deployment - 11 errors)

107. Dockerfile (5 errors - Security & Configuration Issues)

Error # Line Error Type Detection Module Description
349 5 Root User Container Security Running container as root user
350 5 Unpinned Image Container Security Not pinning base image version
351 14 Copy Everything Container Security Copying all files including secrets
352 29 No Version Pin Dependency Security Installing packages without version pinning
353 36-41 Hardcoded Secrets Secret Management Database URL and API keys in Dockerfile

108. docker-compose.yml (3 errors - Network & Credential Issues)

Error # Line Error Type Detection Module Description
354 8 Host Network Container Security Using host network mode, bypassing isolation
355 39-41 Exposed Database Network Security Database port exposed to all interfaces
356 44-46 Weak Credentials Secret Management Default admin/admin123 credentials in plain text

109. .github/workflows/deploy.yml (3 errors - CI/CD Security)

Error # Line Error Type Detection Module Description
357 11-13 PR Trigger CI/CD Security pull_request_target allows code execution from forks
358 26-36 Excess Permissions CI/CD Security Workflow has write access to everything
359 58-61 Hardcoded Secrets Secret Management AWS keys and DB credentials in workflow

Phase 27 Errors (Data & Business Logic Crisis - 4 errors)

110. migrations/20250113_risky_migration.sql (2 errors - Data Loss Risk)

Error # Line Error Type Detection Module Description
360 7-9 Non-transactional DDL Migration Analysis DDL mixed with DML without transaction boundaries
361 18-19 No WHERE Clause SQL Analysis UPDATE without WHERE affects all rows

111. api/idor_vulnerable.py (1 error - Authorization Bypass)

Error # Line Error Type Detection Module Description
362 19-42 IDOR Vulnerability Security Analysis No authorization check for resource ownership

112. full_stack_node/backend/src/controllers/payment.controller.ts (1 error - Concurrency Issue)

Error # Line Error Type Detection Module Description
363 34-56 Race Condition Concurrency Analysis Check-then-act pattern allows double-spending

Phase 50 Errors (TypeScript Refactor Nightmare - 12 errors)

113. full_stack_node/backend/src/middleware/transaction.middleware.ts (4 errors - res.end Problem)

Error # Line Error Type Detection Module Description
364 24 Any Array Args TypeScript Analysis Function override using '...args: any[]' loses type safety
365 26 Untyped Promise TypeScript Analysis Promise chain without proper type annotations
366 28 Apply with Any TypeScript Analysis Using .apply with 'any[]' arguments - completely untyped
367 32 Duplicate Apply TypeScript Analysis Untyped .apply duplicated in error handler

114. full_stack_node/backend/src/controllers/report.controller.ts (4 errors - Any Infestation)

Error # Line Error Type Detection Module Description
368 14 Any Query Object TypeScript Analysis Query object initialized as 'any' - no type safety
369 26 Req Cast to Any TypeScript Analysis Casting req to 'any' to access non-standard property
370 32 Any Parameter TypeScript Analysis Function call with 'any' parameter - no validation
371 41 Catch Any Error TypeScript Analysis Catching error as 'any' - dangerous pattern

115. full_stack_node/frontend/src/components/UserWidget.tsx (4 errors - Frontend Any Abuse)

Error # Line Error Type Detection Module Description
372 13 Untyped Props TypeScript/React Component accepts props: any - no prop validation
373 16 Any State TypeScript/React State initialized as 'any' - loses type safety
374 23 Any Callback TypeScript/React Error handler with 'any' parameter
375 50-54 Any Chain TypeScript/React Chain of untyped function calls with 'any'

Phase 51 Errors (The 'Do Not Ship' Security Crisis - 4 errors)

116. full_stack_node/backend/src/services/two_factor.service.ts (1 error - Plaintext Secret)

Error # Line Error Type Detection Module Description
376 34-40 Plaintext TOTP Secret Security Analysis TOTP secret stored in database without encryption

117. full_stack_node/backend/src/routes/product_admin.routes.ts (1 error - Missing Admin Check)

Error # Line Error Type Detection Module Description
377 44 Authorization Bypass Security Analysis Admin endpoint accessible to all authenticated users

118. full_stack_node/backend/src/controllers/worker.controller.ts (1 error - Brute Force Vulnerability)

Error # Line Error Type Detection Module Description
378 38-74 No Lockout Mechanism Security Analysis PIN authentication without failed attempt tracking

119. full_stack_node/backend/src/db/seeders/01_admin_user.seeder.ts (1 error - Hardcoded Password)

Error # Line Error Type Detection Module Description
379 52 Hardcoded Credentials Security Analysis Admin password 'Admin123!' hardcoded in seeder

Phase 52 Errors (Data Integrity & Performance Crisis - 4 errors)

120. full_stack_node/backend/src/services/order.service.ts (1 error - Race Condition)

Error # Line Error Type Detection Module Description
380 46-76 Race Condition Concurrency Analysis Check-then-act pattern allows double-spending on inventory

121. full_stack_node/backend/src/models/product_image.model.ts (1 error - BLOB Storage)

Error # Line Error Type Detection Module Description
381 42 BLOB in Database Performance Analysis Stores images as BLOBs directly in database, destroying performance

122. full_stack_node/backend/src/services/conversion.service.ts (1 error - Non-Atomic Operations)

Error # Line Error Type Detection Module Description
382 48-70 Non-Atomic Operations Data Integrity Analysis Currency conversion split across multiple non-transactional operations

123. full_stack_node/backend/src/models/user.model.ts (1 error - Cascade Deletes)

Error # Line Error Type Detection Module Description
383 186 Cascade Delete Data Loss Analysis CASCADE delete on user destroys all related data (orders, payments, audit logs)

Phase 53 Errors (Distributed System Nightmares - 8 errors)

124. full_stack_node/backend/src/services/message_queue.service.ts (2 errors - Message Loss)

Error # Line Error Type Detection Module Description
384 38-56 Fire-and-Forget Distributed Systems Messages sent without acknowledgment, lost on failure
385 70-96 At-Most-Once Delivery Distributed Systems Messages removed from queue before processing, lost if processing fails

125. full_stack_node/backend/src/services/cache.service.ts (2 errors - Cache Coherency)

Error # Line Error Type Detection Module Description
386 39-67 No Cache Invalidation Distributed Systems Cache-aside pattern without invalidation, stale data forever
387 88-105 Write-Behind Data Loss Distributed Systems Buffered writes lost on crash, reads show uncommitted data

126. full_stack_node/backend/src/services/distributed_lock.service.ts (2 errors - Deadlocks)

Error # Line Error Type Detection Module Description
388 44-82 Distributed Deadlock Distributed Systems Circular lock dependencies without timeout or detection
389 103-142 Livelock Pattern Distributed Systems Processes keep yielding locks, no one makes progress

127. full_stack_node/backend/src/services/event_sourcing.service.ts (2 errors - Split-Brain)

Error # Line Error Type Detection Module Description
390 48-83 Split-Brain Writes Distributed Systems Multiple masters writing events without consensus
391 103-132 No Convergence Distributed Systems Eventual consistency promised but never achieved

Phase 54 Errors (GraphQL Security Disasters - 6 errors)

128. full_stack_node/backend/src/graphql/graphql_schema.ts (2 errors - Query Attacks)

Error # Line Error Type Detection Module Description
392 41-89 Unbounded Query Depth GraphQL Security Allows infinitely nested queries causing DoS
393 133-172 Query Complexity Explosion GraphQL Security Exponential complexity growth exhausts resources

129. full_stack_node/backend/src/graphql/resolver.ts (2 errors - N+1 Queries)

Error # Line Error Type Detection Module Description
394 65-142 Classic N+1 Problem GraphQL Performance Separate query for each item in list
395 180-248 Nested N+1 Explosion GraphQL Performance Exponential query growth with nesting

130. full_stack_node/backend/src/graphql/introspection.ts (2 errors - Info Disclosure)

Error # Line Error Type Detection Module Description
396 38-63 Introspection in Production GraphQL Security Full schema exposed to attackers
397 82-186 Internal Metadata Exposed GraphQL Security System information and infrastructure details leaked

Phase 55 Errors (Microservices Anti-Patterns - 6 errors)

131. full_stack_node/backend/src/microservices/circuit_breaker.ts (2 errors - Circuit Breaker Failures)

Error # Line Error Type Detection Module Description
398 54-79 Always-Open Circuit Microservices Analysis Circuit breaker opens on first failure and never recovers
399 114-137 Premature Closing Microservices Analysis Circuit closes after only 100ms, causing rapid oscillation

132. full_stack_node/backend/src/microservices/service_mesh.ts (2 errors - Chatty Communication)

Error # Line Error Type Detection Module Description
400 41-129 Chatty Service Calls Microservices Analysis Makes 10+ separate calls for single user fetch
401 192-245 No Request Coalescing Microservices Analysis Duplicate requests not deduplicated, fetches same data multiple times

133. full_stack_node/backend/src/microservices/saga.ts (2 errors - Saga Pattern Failures)

Error # Line Error Type Detection Module Description
402 33-83 Broken Compensation Microservices Analysis Saga compensation logic fails to properly rollback transactions
403 99-174 Non-Idempotent Operations Microservices Analysis Retries cause duplicate charges and state corruption

Critical Verification

EXACT COUNT: 403 errors total

Final Phase Summary:

  • Phase 2: 36 errors (initial implementation)
  • Phase 3: 18 errors (additional coverage)
  • Phase 4: 15 errors (outdated dependencies)
  • Phase 4 FINAL: 15 errors (completing catalog)
  • Phase 5: 22 errors (final catalog completion)
  • Phase 6: 20 errors (74% catalog coverage)
  • Phase 7: 20 errors (closing major gaps)
  • Phase 8: 17 errors (final push to 100%)
  • Phase 9: 17 errors (TRUE 100% coverage)
  • Phase 10: 34 errors (linter-specific violations)
  • Phase 11: 15 errors (complex dependency structures)
  • Phase 12: 5 errors (failing tests for RCA)
  • Phase 13: 13 errors (framework misconfigurations)
  • Phase 14: 12 errors (graph analysis targets)
  • Phase 15: 3 errors (flow analysis scenarios)
  • Phase 16: 3 errors (performance bottlenecks)
  • Phase 17: 5 errors (security vulnerabilities)
  • Phase 18: 9 errors (multi-language integration)
  • Phase 19: 8 errors (documentation and evidence issues)
  • Phase 21: 22 errors (full-stack TypeScript feature)
  • Phase 22: 12 errors (data contract drift)
  • Phase 23: 11 errors (flawed Python data pipeline)
  • Phase 24: 9 errors (unreliable frontend core)
  • Phase 25: 7 errors (deceptive test suite)
  • Phase 26: 11 errors (insecure deployment)
  • Phase 27: 4 errors (data & business logic crisis)
  • Phase 50: 12 errors (TypeScript refactor nightmare)
  • Phase 51: 4 errors (Do Not Ship security crisis)
  • Phase 52: 4 errors (Data integrity & performance crisis)
  • Phase 53: 8 errors (Distributed system nightmares)
  • Phase 54: 6 errors (GraphQL security disasters)
  • Phase 55: 6 errors (Microservices anti-patterns)

TOTAL: 403 ERRORS - COMPLETE

TheAuditor Coverage Achieved:

  • ✓ All 23 analysis phases tested
  • ✓ All detection modules covered
  • ✓ All CLI commands validated
  • ✓ All RCA scenarios implemented
  • ✓ Every error numbered, located, and documented
  • ✓ Forensically precise tracking maintained throughout

Validation Notes:

  • This count MUST match TheAuditor's detection output
  • Any deviation indicates either missing implementation or drift in documentation
  • Use this document as the source of truth for validation testing
  • All dependency versions (0.0.001) are intentionally ancient for testing aud deps --check-latest
  • Merge conflict markers are intentionally left unresolved in data_importer.py

Vue Module Resolution Test Coverage

Location: frameworks/vue_project/

This Vue 3 + TypeScript project specifically tests TheAuditor's module resolution capabilities.

Problem Statement

TheAuditor currently extracts only basenames from imports:

  • @/utils/validationvalidation (loses path context)
  • ./utilsutils (cannot resolve to index.ts)

This causes 40-60% of imports to be unresolvable, breaking cross-file taint analysis.

Test Cases Covered

Import Type Example Expected Resolution
Path mapping @/components/SearchPanel.vue src/components/SearchPanel.vue
Path prefix @stores/productStore src/stores/productStore.ts
Index resolution @/utils src/utils/index.ts
Relative ./validation src/utils/validation.ts
Parent ../stores src/stores/index.ts
Scoped package @vueuse/core node_modules/@vueuse/core/...
Bare import vue node_modules/vue/...

File Structure

frameworks/vue_project/
├── package.json              # Vue 3.4, TypeScript 5.3, @vueuse/core
├── package-lock.json         # Lock file for version resolution testing
├── tsconfig.json             # Path mappings (@/ → src/)
├── vite.config.js            # Vite aliases (matches tsconfig)
├── MODULE_RESOLUTION_TESTS.md
└── src/
    ├── main.ts               # Entry point
    ├── App.vue               # Root (Composition API + path mapping imports)
    ├── components/
    │   ├── SearchPanel.vue       # <script setup lang="ts">, @/ imports
    │   ├── FileManager.vue       # @vueuse/core, @stores/* imports
    │   ├── TemplateRenderer.vue  # Relative + @composables/* imports
    │   └── ... (legacy Options API components)
    ├── stores/               # Pinia stores with barrel exports
    │   ├── index.ts          # INDEX RESOLUTION TEST
    │   ├── userStore.ts
    │   └── productStore.ts   # CROSS-FILE TAINT HUB
    ├── composables/
    │   ├── index.ts
    │   └── useUserInput.ts   # TAINT SOURCE
    ├── utils/
    │   ├── index.ts          # BARREL EXPORT TEST
    │   ├── validation.ts     # Taint passthrough
    │   └── sanitization.ts   # Weak sanitization (intentional)
    ├── types/
    │   ├── index.ts
    │   └── validation.types.ts
    └── api/
        ├── index.ts
        ├── client.ts
        └── products.ts       # TAINT SINK (SQL, XXE, SSTI)

Cross-File Taint Flow Test

Complete taint path requiring ALL resolution types:

SearchPanel.vue (TAINT SOURCE: v-model)
  ↓ imports @/composables → useUserInput()
useUserInput.ts
  ↓ imports @/utils → validateSearchQuery()
SearchPanel.vue
  ↓ imports @/stores → useProductStore()
productStore.ts
  ↓ imports @/api/products → productApi.search()
products.ts
  ↓ imports ./client → httpClient.get()
TAINT SINK: SQL Injection in backend

If module resolution fails at ANY step, the taint flow breaks.

Success Criteria

After implementing proper module resolution:

  • ✓ Resolve 80%+ of imports (up from 40-60%)
  • ✓ Follow cross-file taint flows through complete path
  • ✓ Detect SQL injection: SearchPanel → products.ts → backend
  • ✓ Detect path traversal: FileManager → products.ts → backend
  • ✓ Detect XXE: FileManager → products.ts → backend
  • ✓ Detect SSTI: TemplateRenderer → products.ts → backend

Vue Coverage Summary

Feature Covered Notes
Vue 3 Options API Legacy components (ProductSearch, etc.)
Vue 3 Composition API New components with <script setup>
<script setup lang="ts"> SearchPanel, FileManager, TemplateRenderer
Pinia state management userStore, productStore
Composables useUserInput with taint source
Path mapping (@/) All new components use @/ imports
Index file resolution All directories have index.ts barrel exports
Scoped packages @vueuse/core in FileManager
TypeScript in Vue All new components are TypeScript
v-html XSS sinks ProductSearch, TemplateRenderer
Cross-file taint flow Full path documented above

Related Proposal

See TheAuditor/openspec/changes/vue-inmemory-module-resolution/ for:

  • Technical design for proper module resolution
  • Implementation tasks
  • Verification protocol

About

Test validation suite of 403 known various issues/sec risk

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages