Nuclide Code Review

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues

Issue	Description	Line	File
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	106	pkg/sample-quickopen-provider-example/lib/ExampleProvider.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	130	pkg/nuclide-datatip/lib/PinnedDatatip.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	223	pkg/nuclide-source-control-side-bar/lib/SideBarComponent.js
Key Hardcoded	A hardcoded key in plain text was identified.	104	pkg/nuclide-find-references/lib/view/FindReferencesView.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	52	pkg/nuclide-external-interfaces/1.0/need-to-upstream-to-flow-lib.js
Remote OS Command Execution	User controlled data in 'child_process.exec()' can result in Remote OS Command Execution.	71	pkg/nuclide-server/spec/NuclideServerSecure-spec.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	26	pkg/nuclide-server/lib/blocked.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	50	pkg/nuclide-server/lib/XhrConnectionHeartbeat.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	60	pkg/nuclide-server/lib/NuclideSocket.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	190	pkg/nuclide-server/lib/NuclideSocket.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	192	pkg/nuclide-server/lib/NuclideSocket.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	211	pkg/nuclide-server/lib/NuclideSocket.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27	pkg/nuclide-server/lib/services/InfoService.js
Remote OS Command Execution	User controlled data in 'child_process.exec()' can result in Remote OS Command Execution.	94	pkg/commons-node/process.js
Remote OS Command Execution	User controlled data in 'child_process.exec()' can result in Remote OS Command Execution.	345	pkg/commons-node/process.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	34	pkg/commons-node/debounce.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	53	pkg/commons-node/debounce.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	32	pkg/commons-node/BatchProcessedQueue.js
Key Hardcoded	A hardcoded key in plain text was identified.	131	pkg/commons-node/humanizeKeystroke.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	110	pkg/commons-node/promise.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	130	pkg/commons-node/promise.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	150	pkg/commons-node/promise.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	232	pkg/commons-node/promise.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	69	pkg/commons-node/ScribeProcess.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	606	pkg/commons-node/spec/promise-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	640	pkg/commons-node/spec/promise-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	37	pkg/commons-node/spec/promise-executors-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	41	pkg/commons-node/spec/promise-executors-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	45	pkg/commons-node/spec/promise-executors-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	78	pkg/commons-node/spec/promise-executors-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	315	pkg/nuclide-hack/lib/HackLanguage.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	101	pkg/nuclide-analytics/spec/decorator-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	128	pkg/nuclide-analytics/spec/decorator-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	14	pkg/nuclide-analytics/lib/HistogramTracker.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	65	pkg/nuclide-analytics/lib/HistogramTracker.js
Key Hardcoded	A hardcoded key in plain text was identified.	16	pkg/nuclide-home/spec/home-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	91	pkg/nuclide-home/lib/HomePaneItem.js
Key Hardcoded	A hardcoded key in plain text was identified.	103	pkg/nuclide-home/lib/HomePaneItem.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	324	pkg/nuclide-quick-open/spec/QuickSelectionComponent-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	332	pkg/nuclide-quick-open/spec/QuickSelectionComponent-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	340	pkg/nuclide-quick-open/spec/QuickSelectionComponent-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	348	pkg/nuclide-quick-open/spec/QuickSelectionComponent-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	70	pkg/nuclide-quick-open/lib/SearchResultManager.js
Key Hardcoded	A hardcoded key in plain text was identified.	71	pkg/nuclide-quick-open/lib/SearchResultManager.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	77	pkg/nuclide-buck/lib/BuckToolbar.js
Key Hardcoded	A hardcoded key in plain text was identified.	152	pkg/nuclide-buck/lib/BuckToolbar.js
Key Hardcoded	A hardcoded key in plain text was identified.	166	pkg/nuclide-buck/lib/BuckToolbar.js
Key Hardcoded	A hardcoded key in plain text was identified.	178	pkg/nuclide-buck/lib/BuckToolbar.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	131	pkg/nuclide-settings/lib/SettingsPaneItem.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	110	pkg/nuclide-nux/lib/NuxView.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	157	pkg/nuclide-nux/lib/NuxView.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	111	pkg/nuclide-remote-projects/spec/form-validation-utils-spec.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	119	pkg/nuclide-remote-projects/spec/form-validation-utils-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	202	pkg/nuclide-remote-projects/spec/form-validation-utils-spec.js
Password Hardcoded	A hardcoded password in plain text was identified. Store it properly in a config file.	233	pkg/nuclide-remote-projects/spec/form-validation-utils-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	113	pkg/nuclide-remote-projects/lib/ConnectionDetailsForm.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	104	pkg/nuclide-remote-projects/lib/main.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	36	pkg/nuclide-jasmine/bin/jasmine-node-transpiled.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	16	pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27	pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	28	pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	45	pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	56	pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	57	pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	75	pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	80	pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	51	pkg/nuclide-jasmine/spec/run-jasmine-tests-spec.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	72	pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/BreakEventHandler.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	73	pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/BreakEventHandler.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	75	pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/BreakEventHandler.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	31	pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/session.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	55	pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/Injections/HeapProfilerAgent.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	97	pkg/nuclide-debugger-node/VendorLib/node_modules/async/lib/async.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	396	pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	683	pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	716	pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	978	pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1005	pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	82	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	206	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	483	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	539	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	903	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1981	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2010	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded	A hardcoded key in plain text was identified.	4122	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded	A hardcoded key in plain text was identified.	5086	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded	A hardcoded key in plain text was identified.	6687	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded	A hardcoded key in plain text was identified.	10177	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded	A hardcoded key in plain text was identified.	10978	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded	A hardcoded key in plain text was identified.	12338	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded	A hardcoded key in plain text was identified.	15368	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded	A hardcoded key in plain text was identified.	24839	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	29120	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	29456	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	31699	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	32928	pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	112	pkg/nuclide-rpc/lib/RpcConnection.js
Weak Hash used - SHA1	SHA1 is a a weak hash which is known to have collision. Use a strong hashing function.	27	pkg/nuclide-remote-connection/spec/RemoteFile-spec.js
Weak Hash used - SHA1	SHA1 is a a weak hash which is known to have collision. Use a strong hashing function.	196	pkg/nuclide-remote-connection/lib/RemoteFile.js
Weak Hash used - SHA1	SHA1 is a a weak hash which is known to have collision. Use a strong hashing function.	91	pkg/nuclide-remote-connection/lib/RemoteConnectionConfigurationManager.js
Weak Hash used - SHA1	SHA1 is a a weak hash which is known to have collision. Use a strong hashing function.	123	pkg/nuclide-remote-connection/lib/RemoteConnectionConfigurationManager.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	346	pkg/nuclide-remote-connection/lib/SshHandshake.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	228	pkg/nuclide-ui/lib/Combobox.js
Key Hardcoded	A hardcoded key in plain text was identified.	295	pkg/nuclide-ui/lib/Combobox.js
Key Hardcoded	A hardcoded key in plain text was identified.	339	pkg/nuclide-ui/lib/Combobox.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	56	pkg/nuclide-ui/lib/LoadingSpinner.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	59	pkg/nuclide-ui/lib/highlightOnUpdate.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	147	pkg/nuclide-blame/lib/BlameGutter.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	64	pkg/nuclide-diff-view/lib/SyncScroll.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	210	pkg/nuclide-diff-view/lib/DiffViewComponent.js
Key Hardcoded	A hardcoded key in plain text was identified.	49	pkg/nuclide-file-tree/components/FileTreeSidebarComponent.js
Key Hardcoded	A hardcoded key in plain text was identified.	142	pkg/nuclide-file-tree/components/FileTreeSidebarComponent.js
Key Hardcoded	A hardcoded key in plain text was identified.	147	pkg/nuclide-file-tree/components/FileTreeSidebarComponent.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	54	pkg/nuclide-file-tree/components/FileTree.js
Weak Hash used - MD5	MD5 is a a weak hash which is known to have collision. Use a strong hashing function.	147	pkg/nuclide-file-tree/lib/FileTreeHelpers.js
Key Hardcoded	A hardcoded key in plain text was identified.	28	pkg/nuclide-debugger-php-rpc/spec/ConnectionUtils-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	50	pkg/nuclide-debugger-php-rpc/spec/ConnectionUtils-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	72	pkg/nuclide-debugger-php-rpc/spec/ConnectionUtils-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	32	pkg/nuclide-debugger-php-rpc/spec/DbgpConnector-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	17	pkg/nuclide-debugger-php-rpc/lib/DbgpMessageHandler.js
Key Hardcoded	A hardcoded key in plain text was identified.	44	pkg/nuclide-logging/lib/main.js
Key Hardcoded	A hardcoded key in plain text was identified.	17	pkg/nuclide-logging/lib/stacktrace.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	28	pkg/nuclide-diagnostics-store/spec/LinterAdapter-spec.js
Key Hardcoded	A hardcoded key in plain text was identified.	16	pkg/nuclide-working-sets/lib/WorkingSetsConfig.js
Weak Hash used - SHA1	SHA1 is a a weak hash which is known to have collision. Use a strong hashing function.	103	pkg/nuclide-node-transpiler/lib/NodeTranspiler.js
Weak Hash used - SHA1	SHA1 is a a weak hash which is known to have collision. Use a strong hashing function.	127	pkg/nuclide-node-transpiler/lib/NodeTranspiler.js
Key Hardcoded	A hardcoded key in plain text was identified.	20	pkg/commons-atom/projects.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	28	pkg/commons-atom/spec/loading-notification-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	46	pkg/commons-atom/spec/loading-notification-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	67	pkg/commons-atom/spec/loading-notification-spec.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	62	pkg/nuclide-debugger-native/lib/LaunchAttachActions.js
Key Hardcoded	A hardcoded key in plain text was identified.	131	pkg/nuclide-debugger-native/lib/AttachUIComponent.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	204	pkg/nuclide-diagnostics-ui/lib/gutter.js
Key Hardcoded	A hardcoded key in plain text was identified.	232	pkg/nuclide-diagnostics-ui/lib/DiagnosticsPane.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	159	pkg/nuclide-debugger/VendorLib/devtools/front_end/Runtime.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	759	pkg/nuclide-debugger/VendorLib/devtools/front_end/Runtime.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	297	pkg/nuclide-debugger/VendorLib/devtools/front_end/bindings/StylesSourceMapping.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	237	pkg/nuclide-debugger/VendorLib/devtools/front_end/bindings/SASSSourceMapping.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	260	pkg/nuclide-debugger/VendorLib/devtools/front_end/bindings/ContentProviderBasedProjectDelegate.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	331	pkg/nuclide-debugger/VendorLib/devtools/front_end/bindings/ContentProviderBasedProjectDelegate.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	261	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/SourcesSearchScope.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	863	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/NavigatorView.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	26	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/JavaScriptCompiler.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	128	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/FilteredItemSelectionDialog.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	232	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/FilteredItemSelectionDialog.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	315	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/FilteredItemSelectionDialog.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	297	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/SourcesPanel.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	36	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/WorkspaceMappingTip.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	29	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/AsyncOperationsSidebarPane.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	379	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/WatchExpressionsSidebarPane.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	876	pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/JavaScriptSourceFrame.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	84	pkg/nuclide-debugger/VendorLib/devtools/front_end/common/WorkerRuntime.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	34	pkg/nuclide-debugger/VendorLib/devtools/front_end/common/StaticContentProvider.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	76	pkg/nuclide-debugger/VendorLib/devtools/front_end/common/Throttler.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	94	pkg/nuclide-debugger/VendorLib/devtools/front_end/common/Throttler.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	67	pkg/nuclide-debugger/VendorLib/devtools/front_end/common/TestBase.js
Key Hardcoded	A hardcoded key in plain text was identified.	287	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/KeyboardShortcut.js
Key Hardcoded	A hardcoded key in plain text was identified.	288	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/KeyboardShortcut.js
Key Hardcoded	A hardcoded key in plain text was identified.	289	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/KeyboardShortcut.js
Key Hardcoded	A hardcoded key in plain text was identified.	290	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/KeyboardShortcut.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	247	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/TextPrompt.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	369	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/TextPrompt.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	131	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/SuggestBox.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	265	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/Popover.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	345	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/Popover.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	357	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/Popover.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	93	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/ShortcutRegistry.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1138	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/UIUtils.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	249	pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/SoftContextMenu.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	596	pkg/nuclide-debugger/VendorLib/devtools/front_end/snippets/ScriptSnippetModel.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	365	pkg/nuclide-debugger/VendorLib/devtools/front_end/host/InspectorFrontendHost.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	820	pkg/nuclide-debugger/VendorLib/devtools/front_end/extensions/ExtensionAPI.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	91	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/matchbrackets.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	96	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	106	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	284	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	325	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	518	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1505	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2810	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2828	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2839	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2877	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3001	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3004	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3094	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3246	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3419	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3432	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3497	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3500	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3509	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3513	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7371	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7429	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7639	pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	421	pkg/nuclide-debugger/VendorLib/devtools/front_end/components/InspectorView.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1160	pkg/nuclide-debugger/VendorLib/devtools/front_end/source_frame/CodeMirrorTextEditor.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1336	pkg/nuclide-debugger/VendorLib/devtools/front_end/source_frame/CodeMirrorTextEditor.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	61	pkg/nuclide-debugger/VendorLib/devtools/front_end/source_frame/SourceFrame.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	40	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/TestController.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	152	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	158	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	182	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	215	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	223	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	285	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Main.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	360	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Main.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	444	pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Main.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	179	pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/DebuggerModel.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	199	pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/InspectorBackend.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	533	pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/InspectorBackend.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	586	pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/InspectorBackend.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	735	pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/InspectorBackend.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1278	pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/DOMModel.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1673	pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/DOMModel.js
Key Hardcoded	A hardcoded key in plain text was identified.	101	pkg/nuclide-debugger/lib/DebuggerSteppingComponent.js
Key Hardcoded	A hardcoded key in plain text was identified.	116	pkg/nuclide-debugger/lib/DebuggerSteppingComponent.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	100	pkg/nuclide-debugger/lib/main.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	101	pkg/nuclide-debugger/lib/Bridge.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	98	pkg/nuclide-debugger/lib/WatchExpressionComponent.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	45	pkg/nuclide-debugger/lib/DebuggerPauseController.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	57	resources/benchmarker/benchmarker-utils.js
Key Hardcoded	A hardcoded key in plain text was identified.	36	resources/benchmarker/spec/benchmarker-spec.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	50	spec/utils/pollFor.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	20	spec/utils/quick-open-provider-cycle-common.js

Issue	Description
Missing Security Header - X-Frame-Options (XFO)	X-Frame-Options (XFO) header provides protection against Clickjacking attacks.
Missing Security Header - Content-Security-Policy (CSP)	Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Missing Security Header - Strict-Transport-Security (HSTS)	Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Infromation Disclosure - X-Powered-By	Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Content-Type-Options	X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.
Missing Security Header - X-Download-Options: noopen	X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - X-XSS-Protection:1	X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.
Missing Security Header - Public-Key-Pins (HPKP)	Public-Key-Pins (HPKP) ensures that certificate is Pinned.

Node.Security

Security Audit of Nuclide