/report · demo-1 · baked output
Authentication Signature Change
Critical authentication bypass due to return type change in verifyToken function
overall
CRITICAL
files
3
cross-svc
yes
critical
3
high
1
medium
0
low
0
/a
changed symbols
services/auth/index.ts
verifyToken function
− function verifyToken(token: string): boolean
+ function verifyToken(token: string): { valid: boolean; userId: string }
/b
impacts
| risk | file | line | symbol | reason | kind |
|---|---|---|---|---|---|
| CRITICAL | services/billing/checkout.ts | 13 | verifyToken | Boolean check on object always passes - authentication bypassed | direct |
| CRITICAL | services/billing/checkout.ts | 30 | verifyToken | Boolean check on object always passes - payment validation bypassed | direct |
| CRITICAL | services/billing/invoice.ts | 11 | verifyToken | Boolean check on object always passes - invoice authorization bypassed | direct |
| HIGH | services/auth/index.ts | 23 | verifyToken | Boolean check on object always passes - token refresh always succeeds | direct |
/c
dependency graph
/d
suggested regression tests
demo-monorepo/tests/regression/cascade-auth.spec.ts// jest
describe('processCheckout authentication', () => {
it('should reject invalid tokens', async () => {
const invalidToken = 'invalid';
await expect(processCheckout(invalidToken, 100)).rejects.toThrow('Invalid authentication token');
});
});demo-monorepo/tests/regression/cascade-auth.spec.ts// jest
describe('validatePayment authentication', () => {
it('should return false for invalid tokens', () => {
const invalidToken = 'invalid';
const result = validatePayment(invalidToken, 'credit_card');
expect(result).toBe(false);
});
});/e
missing coverage
- services/billing/checkout.tsprocessCheckout with invalid token should throw error
- services/billing/checkout.tsvalidatePayment with invalid token should return false
- services/billing/invoice.tsgenerateInvoice with invalid token should throw error
- services/auth/index.tsrefreshToken with invalid token should return null