Home / apache / apisix
Repository Analysis

apache/apisix

The Cloud-Native API Gateway and AI Gateway

4.8 Likely human-written View on GitHub
4.8
Adjusted Score
4.8
Raw Score
100%
Time Factor
2026-05-30
Last Push
16,656
Stars
Lua
Language
260,681
Lines of Code
950
Files
443
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 204MEDIUM 9LOW 230

Pattern Findings

443 matches across 8 categories. Click a row to expand file-level details.

Magic Placeholder Names204 hits · 1000 pts
SeverityFileLineSnippet
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md71export OPENAI_API_KEY=<your-api-key>
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md187 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md255 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md402 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md470 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md622 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md690 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md751 "Authorization": "Bearer <your-api-key>"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md791 Authorization: "Bearer <your-api-key>"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md841 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-request-rewrite.md910 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-prompt-guard.md182 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-prompt-guard.md242 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-prompt-guard.md479 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-prompt-guard.md541 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-prompt-template.md196 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-prompt-template.md261 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-prompt-template.md455 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-prompt-template.md526 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rag.md246 api_key: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rag.md250 api_key: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rag.md256 api-key: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rag.md310 api_key: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rag.md314 api_key: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rag.md321 api-key: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md278 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md286 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md341 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md349 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md557 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md566 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md631 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md640 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1144 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1152 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1211 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1219 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1561 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1570 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1626 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1635 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md1990 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2000 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2057 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2067 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2281 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2289 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2355 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2363 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2550 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2558 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2624 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-proxy-multi.md2632 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/datadog.md109 -e DD_API_KEY=<your-api-key> \
HIGHdocs/zh/latest/plugins/ai-rate-limiting.md170 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rate-limiting.md228 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rate-limiting.md417 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rate-limiting.md425 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rate-limiting.md486 Authorization: "Bearer your-api-key"
HIGHdocs/zh/latest/plugins/ai-rate-limiting.md494 Authorization: "Bearer your-api-key"
144 more matches not shown…
Over-Commented Block219 hits · 219 pts
SeverityFileLineSnippet
LOW.asf.yaml1#
LOWCODE_OF_CONDUCT.md1<!--
LOWpowered-by.md1---
LOWCHANGELOG.md1---
LOWVision-and-Milestones.md1<!--
LOWREADME.md1<!--
LOWCODE_STYLE.md1---
LOWCONTRIBUTING.md1<!--
LOW.licenserc.yaml1#
LOWTHREAT_MODEL.md1<!--
LOW.markdownlint.yml1#
LOWMAINTAIN.md1<!--
LOWbenchmark/run.sh1#! /bin/bash -x
LOWdocker/compose/docker-compose-master.yaml1#
LOWdocker/compose/apisix_conf/master/config.yaml1#
LOWdocker/debian-dev/docker-entrypoint.sh1#!/usr/bin/env bash
LOWdocker/debian-dev/install-brotli.sh1#!/usr/bin/env bash
LOWautodocs/generate.sh1#!/usr/bin/env bash
LOWapisix/plugins/grpc-transcode/proto.lua161 syntax = "proto3";
LOWapisix/plugins/grpc-transcode/proto.lua181 // * Applications are allowed to cache lookup results based on the
LOWapisix/plugins/grpc-transcode/proto.lua201 // different programming environments, including REST APIs and RPC APIs. It is
LOWci/linux-install-etcd-client.sh1#!/usr/bin/env bash
LOWci/linux-install-openresty.sh1#!/usr/bin/env bash
LOW…ux_apisix_current_luarocks_in_customed_nginx_runner.sh1#!/usr/bin/env bash
LOWci/common.sh1#
LOWci/init-common-test-service.sh1#!/usr/bin/env bash
LOWci/free_disk_space.sh1#!/usr/bin/env bash
LOWci/init-last-test-service.sh1#!/usr/bin/env bash
LOWci/init-plugin-test-service.sh1#!/usr/bin/env bash
LOWci/prepare_filesystem_mcp.sh1#!/usr/bin/env bash
LOWci/linux_openresty_tongsuo_runner.sh1#!/usr/bin/env bash
LOWci/tars-ci.sh1#!/usr/bin/env bash
LOWci/backup-docker-images.sh1#!/usr/bin/env bash
LOWci/kubernetes-ci.sh1#!/usr/bin/env bash
LOWci/linux_openresty_runner.sh1#!/usr/bin/env bash
LOWci/linux_apisix_current_luarocks_runner.sh1#!/usr/bin/env bash
LOWci/linux_openresty_common_runner.sh1#!/usr/bin/env bash
LOWci/redhat-ci.sh1#!/usr/bin/env bash
LOWci/pod/docker-compose.common.yml1#
LOWci/pod/docker-compose.first.yml1#
LOWci/pod/docker-compose.plugin.yml1#
LOWci/pod/docker-compose.last.yml1#
LOWci/pod/nacos/healthcheck/nacos-server-healthcheck.sh1#!/usr/bin/env bash
LOWci/pod/nacos/healthcheck/nacos-service-healthcheck.sh1#!/usr/bin/env bash
LOWci/pod/openfunction/build-function-image.sh1#!/usr/bin/env bash
LOWci/pod/otelcol-contrib/config.yaml1#
LOWci/pod/keycloak/kcadm_configure_cas.sh1#!/usr/bin/env bash
LOWci/pod/keycloak/kcadm_configure_basic.sh1#!/usr/bin/env bash
LOWci/pod/keycloak/kcadm_configure_university.sh1#!/usr/bin/env bash
LOWci/pod/vector/vector.toml1#
LOWutils/check-test-code-style.sh1#!/usr/bin/env bash
LOWutils/gen-vote-contents.sh1#!/bin/sh
LOWutils/check-version.sh1#!/bin/sh
LOWutils/install-rust-toolchain.sh1#!/usr/bin/env bash
LOWutils/fix-zh-doc-segment.py1#!/usr/bin/env python3
LOWutils/check-plugins-code.sh1#!/bin/bash
LOWutils/check-lua-code-style.sh1#!/bin/sh
LOWutils/linux-install-luarocks.sh1#!/usr/bin/env bash
LOWutils/install-dependencies.sh1#!/usr/bin/env bash
LOWutils/check-category.py1#!/usr/bin/env python
159 more matches not shown…
Self-Referential Comments7 hits · 21 pts
SeverityFileLineSnippet
MEDIUMt/fuzzing/simple_http.py20# This file provides a fuzzing test with most common plugins via plain HTTP request
MEDIUMt/fuzzing/http_upstream.py20# This file provides a fuzzing test with different upstreams
MEDIUMt/cli/test_stream_port_range.sh417# Create a stream route targeting the inline upstream
MEDIUMt/cli/test_standalone.sh148## Create a symlink to change the link count and as a result `st_ctime`
MEDIUMt/cli/test_limit_conn_redis_ttl.sh50# Create a route with limit-conn and redis policy
MEDIUMt/cli/test_limit_req_redis_ttl.sh50# Create a route with limit-req and redis policy
MEDIUMt/cli/test_ci_only.sh20# This file is like other test_*.sh, but requires extra dependencies which
Fake / Example Data6 hits · 6 pts
SeverityFileLineSnippet
LOWdocs/zh/latest/plugins/body-transformer.md871 "user_name": "John Doe",
LOWdocs/zh/latest/plugins/body-transformer.md895 "name": "John Doe",
LOWdocs/zh/latest/plugins/body-transformer.md917 "name": "John Doe",
LOWdocs/en/latest/plugins/body-transformer.md871 "user_name": "John Doe",
LOWdocs/en/latest/plugins/body-transformer.md895 "name": "John Doe",
LOWdocs/en/latest/plugins/body-transformer.md917 "name": "John Doe",
Hyper-Verbose Identifiers3 hits · 3 pts
SeverityFileLineSnippet
LOWci/check_changelog_prs.ts71function extractVersionsFromChangelog(): Version[] {
LOWci/check_changelog_prs.ts115function shouldIgnoreCommitMessage(message: string): boolean {
LOWt/fuzzing/public.py79def get_linear_regression_sloped(samples):
Slop Phrases1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMconf/config.yaml28# To configure via environment variables, you can use `${{VAR}}` syntax. For instance:
Deep Nesting2 hits · 2 pts
SeverityFileLineSnippet
LOWutils/fix-zh-doc-segment.py39
LOWutils/check-category.py31
Excessive Try-Catch Wrapping1 hit · 2 pts
SeverityFileLineSnippet
MEDIUMt/fuzzing/public.py48 print("Error in log: ", err)