Warden Scheduled Scan Results
Run: 2026-06-01T07:50:40.703Z
Commit: 9d56189
Summary
| Severity |
Count |
| High |
4 |
| Medium |
2 |
| Low |
2 |
Findings
EBQ-CJK publicSchemaObject omits bundleId, making session-aware mode accept no parameters (L131-L138) · high
The session-aware public schema omits all three fields including bundleId, so when isSessionDefaultsOptOutEnabled() is false the tool exposes an empty schema and callers have no way to specify which app to stop.
Suggested fix: Only omit the simulator-identity fields from the public schema, keeping bundleId.
6M5-ZPM process.chdir causes race condition in concurrent async template downloads (L103-L117) · high
Using process.chdir to set the unzip working directory mutates global process state; concurrent async downloadTemplate calls will race on the CWD, causing one call to extract into another call's temp directory or the wrong directory entirely. Use unzip -d tempDir instead.C6A-EGB version.substring(1) silently produces wrong URL and path when version lacks 'v' prefix (L86-L87) · medium
If a user configures iosTemplateVersion/macosTemplateVersion without a leading v (e.g. "1.2.3" instead of "v1.2.3"), version.substring(1) strips the first digit, producing a malformed download URL and an incorrect expected extraction directory name.
MPL-LLZ Import uses .ts extension instead of .js, breaking Node16 module resolution (L31) · high
The import on line 31 uses './xcresult-test-failures.ts' but all other local imports in this file use .js extensions — this will fail at runtime under Node16 module resolution because the compiled output will not contain a .ts file.
Suggested fix: Change the .ts extension to .js to match the rest of the file and satisfy Node16 module resolution.
NG2-AWX Unverified remote script downloaded and executed as binary (L63-L75) · high
The installXcodemake function fetches a raw script from GitHub and writes it to disk as an executable with no integrity check (hash or signature), allowing a compromised repo or MITM to execute arbitrary code on the host.
H98-G4Z Glob metacharacters in compiler-derived filename cause incorrect file matching (L214-L217) · medium
The bare filename extracted from a compiler diagnostic (e.g. [Error].swift) is interpolated directly into a glob pattern **/${filePath} without escaping, so special characters like [, ], *, and ? are interpreted as glob syntax and may match unintended files.
B9Y-JZX Log file receives all messages regardless of configured log level (L267-L272) · low
The file write guard on line 267 only checks clientLogLevel !== 'none', skipping the severity comparison that shouldLog() enforces for stderr — so a caller who sets level error will still see every debug message in the log file.
ZMX-3PN Compiler diagnostics and test failures share a single dedup Set, risking cross-namespace key collision (L184-L188) · low
The seenDiagnostics Set is used as the dedup store for both compiler diagnostics (acceptDedupedDiagnostic) and test failures (test-failure case), so a key produced by one type can silently suppress an unrelated entry of the other type.
Generated by Warden
Warden Scheduled Scan Results
Run: 2026-06-01T07:50:40.703Z
Commit:
9d56189Summary
Findings
src/mcp/tools/simulator/stop_app_sim.tsEBQ-CJKpublicSchemaObjectomitsbundleId, making session-aware mode accept no parameters (L131-L138) · highThe session-aware public schema omits all three fields including
bundleId, so whenisSessionDefaultsOptOutEnabled()is false the tool exposes an empty schema and callers have no way to specify which app to stop.Suggested fix: Only omit the simulator-identity fields from the public schema, keeping
bundleId.src/utils/template-manager.ts6M5-ZPMprocess.chdir causes race condition in concurrent async template downloads (L103-L117) · highUsing
process.chdirto set the unzip working directory mutates global process state; concurrent asyncdownloadTemplatecalls will race on the CWD, causing one call to extract into another call's temp directory or the wrong directory entirely. Useunzip -d tempDirinstead.C6A-EGBversion.substring(1) silently produces wrong URL and path when version lacks 'v' prefix (L86-L87) · mediumIf a user configures
iosTemplateVersion/macosTemplateVersionwithout a leadingv(e.g."1.2.3"instead of"v1.2.3"),version.substring(1)strips the first digit, producing a malformed download URL and an incorrect expected extraction directory name.src/utils/xcodebuild-domain-results.tsMPL-LLZImport uses.tsextension instead of.js, breaking Node16 module resolution (L31) · highThe import on line 31 uses
'./xcresult-test-failures.ts'but all other local imports in this file use.jsextensions — this will fail at runtime under Node16 module resolution because the compiled output will not contain a.tsfile.Suggested fix: Change the
.tsextension to.jsto match the rest of the file and satisfy Node16 module resolution.src/utils/xcodemake.tsNG2-AWXUnverified remote script downloaded and executed as binary (L63-L75) · highThe
installXcodemakefunction fetches a raw script from GitHub and writes it to disk as an executable with no integrity check (hash or signature), allowing a compromised repo or MITM to execute arbitrary code on the host.src/utils/renderers/event-formatting.tsH98-G4ZGlob metacharacters in compiler-derived filename cause incorrect file matching (L214-L217) · mediumThe bare filename extracted from a compiler diagnostic (e.g.
[Error].swift) is interpolated directly into a glob pattern**/${filePath}without escaping, so special characters like[,],*, and?are interpreted as glob syntax and may match unintended files.src/utils/logger.tsB9Y-JZXLog file receives all messages regardless of configured log level (L267-L272) · lowThe file write guard on line 267 only checks
clientLogLevel !== 'none', skipping the severity comparison thatshouldLog()enforces for stderr — so a caller who sets levelerrorwill still see everydebugmessage in the log file.src/utils/xcodebuild-run-state.tsZMX-3PNCompiler diagnostics and test failures share a single dedup Set, risking cross-namespace key collision (L184-L188) · lowThe
seenDiagnosticsSet is used as the dedup store for both compiler diagnostics (acceptDedupedDiagnostic) and test failures (test-failurecase), so a key produced by one type can silently suppress an unrelated entry of the other type.Generated by Warden