{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 21 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 21."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 569 lines (recommend <300)", "shortDescription": {"text": "Average file size is 569 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `esbuild` is minor version(s) behind (^0.24.2 -> 0.28.0)", "shortDescription": {"text": "npm package `esbuild` is minor version(s) behind (^0.24.2 -> 0.28.0)"}, "fullDescription": {"text": "`esbuild` is pinned/resolved at ^0.24.2 but the latest stable release on the npm registry is 0.28.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED104", "name": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local pr", "shortDescription": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "fullDescription": {"text": "Use the least-privilege mode the file actually needs (e.g. 640 for configs, 750 for executables). For directories that genuinely need shared write access, use a group with chmod g+w and chown the right group."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "package.json dep `material-colors` pulled from URL/Git", "shortDescription": {"text": "package.json dep `material-colors` pulled from URL/Git"}, "fullDescription": {"text": "`dependencies.material-colors` = `https://github.com/rakibdev/material-colors/releases/latest/download/npm.tgz` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.show_only_favorites` used but never assigned in __init__", "shortDescription": {"text": "`self.show_only_favorites` used but never assigned in __init__"}, "fullDescription": {"text": "Method `filter_flowbox` of class `WallpaperApp` reads `self.show_only_favorites`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `queue` used but not imported", "shortDescription": {"text": "Missing import: `queue` used but not imported"}, "fullDescription": {"text": "The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/962"}, "properties": {"repository": "dusklinux/dusky", "repoUrl": "https://github.com/dusklinux/dusky", "branch": "main"}, "results": [{"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 90264, "scanner": "repobility-threat-engine", "fingerprint": "f3bd790b667ad037cb39c290abc046243d6c0a7e6d009ac3e1d52d4f1be1b650", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.critical(f\"UNCAUGHT EXCEPTION in thread {thread_name}: {args", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f3bd790b667ad037cb39c290abc046243d6c0a7e6d009ac3e1d52d4f1be1b650"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tts_stt/old/dusky_whisper/dusky_stt_main.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 90263, "scanner": "repobility-threat-engine", "fingerprint": "9970e72e8d07d0cda86295d8181898e63ecadcf83d3d7153c37788284bb19f02", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.critical(f\"UNCAUGHT EXCEPTION: {args", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9970e72e8d07d0cda86295d8181898e63ecadcf83d3d7153c37788284bb19f02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tts_stt/dusky_parakeet/dusky_stt_main.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 90252, "scanner": "repobility-threat-engine", "fingerprint": "9479d73e01265a1b50973539e96226db17da636723be06bf59b515322b632064", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ",eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|3|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tools/.unsorted/gcd.sh"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 90251, "scanner": "repobility-threat-engine", "fingerprint": "08ec8bf6e9071c5d5de8c91bc061c239d46bec04b81f6032b8373e2c849dde6e", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval (", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|322|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/hypr/monitor/screen_rotate.py"}, "region": {"startLine": 322}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, except=1, if=7, nested_bonus=11, while=1."}, "properties": {"repobilityId": 90238, "scanner": "repobility-threat-engine", "fingerprint": "533c8b83b179ae16a17eba4418fde3e6e427709dcbc48c62972b9081944c8ca2", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 7, "while": 1, "except": 1, "continue": 1, "nested_bonus": 11}, "complexity": 21, "correlation_key": "fp|533c8b83b179ae16a17eba4418fde3e6e427709dcbc48c62972b9081944c8ca2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 90235, "scanner": "repobility-threat-engine", "fingerprint": "14509ae2f1c13b4ca11eae7ff71d94fc446c9b18481b6d607b6073a84cdca3b5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|14509ae2f1c13b4ca11eae7ff71d94fc446c9b18481b6d607b6073a84cdca3b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/hypr/monitor/screen_rotate.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 90234, "scanner": "repobility-threat-engine", "fingerprint": "f6323e9c5f63f7b8a1c82f999d0bedebb554d8bb3f3e1baefeb39e6819300273", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f6323e9c5f63f7b8a1c82f999d0bedebb554d8bb3f3e1baefeb39e6819300273"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/dusky_tui/python/engines/systemd.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 90233, "scanner": "repobility-threat-engine", "fingerprint": "c248574317fb39e2fe89ac90adc012efb93804c98d22b479eabc7b692dd85650", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c248574317fb39e2fe89ac90adc012efb93804c98d22b479eabc7b692dd85650"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 90220, "scanner": "repobility-agent-runtime", "fingerprint": "34881c4d1af1e743b3a9cdea43fb6672d6af2211dcb687463171629e6e490fc8", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|34881c4d1af1e743b3a9cdea43fb6672d6af2211dcb687463171629e6e490fc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/070_openssh_setup.sh"}, "region": {"startLine": 171}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 90219, "scanner": "repobility-agent-runtime", "fingerprint": "ec4f3976fa61f465463550890311a7c88c36c9ec91a89a630ecf577067011e70", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|ec4f3976fa61f465463550890311a7c88c36c9ec91a89a630ecf577067011e70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Documents/pensive/linux/Post Install Setup/More +/Spicetify instructions.md"}, "region": {"startLine": 32}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 90218, "scanner": "repobility-agent-runtime", "fingerprint": "f729093b85e8fd143ea47616f2f1df0f05ae25ef0c5802bd226c17336e70b292", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|f729093b85e8fd143ea47616f2f1df0f05ae25ef0c5802bd226c17336e70b292"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/extension/content.js"}, "region": {"startLine": 279}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90211, "scanner": "repobility-ast-engine", "fingerprint": "3423b76e69ee4e41eaa72f8aa12233a6927cb89d7155b2f4055e4e05974e40d7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3423b76e69ee4e41eaa72f8aa12233a6927cb89d7155b2f4055e4e05974e40d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/matugenfox_host.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90210, "scanner": "repobility-ast-engine", "fingerprint": "f3d4e1c3071ee55f51bdbce1ab04fb0fadff23c65a6f889d4ff21ba16af45410", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3d4e1c3071ee55f51bdbce1ab04fb0fadff23c65a6f889d4ff21ba16af45410"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/matugenfox_host.py"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90209, "scanner": "repobility-ast-engine", "fingerprint": "4f0c08158c89f626c9efe995e8646e586804e185426525dcbdd34c10e0d7fca4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f0c08158c89f626c9efe995e8646e586804e185426525dcbdd34c10e0d7fca4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/matugenfox_host.py"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90208, "scanner": "repobility-ast-engine", "fingerprint": "326774d183e02066d471f54b51665e85615b267753c330f5732a35a5a6542182", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|326774d183e02066d471f54b51665e85615b267753c330f5732a35a5a6542182"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/matugenfox_host.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90207, "scanner": "repobility-ast-engine", "fingerprint": "b036ac4672589352c0c834e298bda727cf5e7f9b8fec7d758f5a944a98abd9dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b036ac4672589352c0c834e298bda727cf5e7f9b8fec7d758f5a944a98abd9dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/matugenfox_host.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90206, "scanner": "repobility-ast-engine", "fingerprint": "c14c73e80d64a7200d2b8f5a6ec13964011a2dcac939f008c402f6a649251d20", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c14c73e80d64a7200d2b8f5a6ec13964011a2dcac939f008c402f6a649251d20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/dusky_sites.py"}, "region": {"startLine": 809}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90205, "scanner": "repobility-ast-engine", "fingerprint": "05bda2f055f10a83aece68fa10a80585c4f32aba7ff2e4b716202ac1f13f07cd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05bda2f055f10a83aece68fa10a80585c4f32aba7ff2e4b716202ac1f13f07cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/dusky_sites.py"}, "region": {"startLine": 783}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90204, "scanner": "repobility-ast-engine", "fingerprint": "48a1a0f28c5a38e3cdedefad8e3f597390b77745eca58cc98756ce701be34d1e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|48a1a0f28c5a38e3cdedefad8e3f597390b77745eca58cc98756ce701be34d1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/dusky_sites.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90203, "scanner": "repobility-ast-engine", "fingerprint": "3574d0a82161cf32a8e9c1a2179a3f37d94d9f147d4bc330d4c010467a0ff095", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3574d0a82161cf32a8e9c1a2179a3f37d94d9f147d4bc330d4c010467a0ff095"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/wayclick/sounds/audio_slicer_for_wayclick.py"}, "region": {"startLine": 546}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90202, "scanner": "repobility-ast-engine", "fingerprint": "0ce05f83edee74b9b78a198cc19bcfe5f4478d043f446720ac0d7b468f77f753", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ce05f83edee74b9b78a198cc19bcfe5f4478d043f446720ac0d7b468f77f753"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/wayclick/sounds/audio_slicer_for_wayclick.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90200, "scanner": "repobility-ast-engine", "fingerprint": "3912632c8f1cf6ddc9b6b8b9df17413daf44d8b22dad8be48775c182dc2af456", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3912632c8f1cf6ddc9b6b8b9df17413daf44d8b22dad8be48775c182dc2af456"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/networking/02_openssh_setup.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90199, "scanner": "repobility-ast-engine", "fingerprint": "9db0b42da2337899d5745d15c151b25bb70e1a1c341996c305dcda64d61ea651", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9db0b42da2337899d5745d15c151b25bb70e1a1c341996c305dcda64d61ea651"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/audio/mono_audio_pipewire.py"}, "region": {"startLine": 582}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90198, "scanner": "repobility-ast-engine", "fingerprint": "41ab54137b39d2b682fb6bf6b1aacb08a8fa01456a3477a89ce735d4748d1cce", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41ab54137b39d2b682fb6bf6b1aacb08a8fa01456a3477a89ce735d4748d1cce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/services/tui_service_toggle.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90197, "scanner": "repobility-ast-engine", "fingerprint": "67c090f8959edcdd460ef24b904896a70ed4222a1ba9724bb39558f8828138ef", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67c090f8959edcdd460ef24b904896a70ed4222a1ba9724bb39558f8828138ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 339}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90196, "scanner": "repobility-ast-engine", "fingerprint": "b6ed8c67328ff9b5339a341cb95f2d9aeb90b8f8120ac16f6d1390be9ada9522", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6ed8c67328ff9b5339a341cb95f2d9aeb90b8f8120ac16f6d1390be9ada9522"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 1400}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90195, "scanner": "repobility-ast-engine", "fingerprint": "4f3cdc7b1d2c90e5beb5187cfbb74e0bab3a688386d7efb1f0680f519df6cc97", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f3cdc7b1d2c90e5beb5187cfbb74e0bab3a688386d7efb1f0680f519df6cc97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 1334}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90194, "scanner": "repobility-ast-engine", "fingerprint": "230e5a682c505dec2609a9924ef808b64cc0d4182fac77c9d2b0a4d97405c44b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|230e5a682c505dec2609a9924ef808b64cc0d4182fac77c9d2b0a4d97405c44b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 984}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90193, "scanner": "repobility-ast-engine", "fingerprint": "9456611945da8bd41d9320d10e3a151d27752adb2b9d8d2effc308887394b456", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9456611945da8bd41d9320d10e3a151d27752adb2b9d8d2effc308887394b456"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 445}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90192, "scanner": "repobility-ast-engine", "fingerprint": "54110ff69bc221dcce362d93e20075fd6f789b87fce7e37c67357ea1b569b9d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54110ff69bc221dcce362d93e20075fd6f789b87fce7e37c67357ea1b569b9d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 423}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90191, "scanner": "repobility-ast-engine", "fingerprint": "082fdbbe445760503204e0cf15698d34a763029a2a9eab397affc51d036a2bee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|082fdbbe445760503204e0cf15698d34a763029a2a9eab397affc51d036a2bee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 1100}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90190, "scanner": "repobility-ast-engine", "fingerprint": "460289ab16b09419c8c7c4baf823cd50d5429fe39a4d29f4a9e0e4084b34be64", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|460289ab16b09419c8c7c4baf823cd50d5429fe39a4d29f4a9e0e4084b34be64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 896}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90189, "scanner": "repobility-ast-engine", "fingerprint": "9583c5eda6bbfb709b95dae4fe4fc973b72ffd0ef335395391ca4c19c45b8feb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9583c5eda6bbfb709b95dae4fe4fc973b72ffd0ef335395391ca4c19c45b8feb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90162, "scanner": "repobility-ast-engine", "fingerprint": "97eefed2a364ee942c57aaf3f4cdac81b74be79226bb6165f2f435e7c011ccb9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97eefed2a364ee942c57aaf3f4cdac81b74be79226bb6165f2f435e7c011ccb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90161, "scanner": "repobility-ast-engine", "fingerprint": "5cda7b77fc98220b6883481d563b88e08bc235acc803d247b055105804b4138b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cda7b77fc98220b6883481d563b88e08bc235acc803d247b055105804b4138b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 90160, "scanner": "repobility-ast-engine", "fingerprint": "ea03f1745b180ee90c8f5f31a87911765a438341ecbb5bd6422d4370e3b85ec7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea03f1745b180ee90c8f5f31a87911765a438341ecbb5bd6422d4370e3b85ec7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 90151, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc7383f45c9304121926f07ec65b3b53b361ad37624ba328fc67fe6e626f80be", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "old", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|dc7383f45c9304121926f07ec65b3b53b361ad37624ba328fc67fe6e626f80be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/hypr/monitor/standalone/monitor_wizard_old.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 569 lines (recommend <300)"}, "properties": {"repobilityId": 90149, "scanner": "repobility-core", "fingerprint": "611a72c929050963b6f5dd8fd0b11949ac491ca74b44b0038a8068c41fe1a5c5", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|611a72c929050963b6f5dd8fd0b11949ac491ca74b44b0038a8068c41fe1a5c5"}}}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 90148, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_websites` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, for=1, if=3, nested_bonus=3."}, "properties": {"repobilityId": 90239, "scanner": "repobility-threat-engine", "fingerprint": "47c1d3ac7a8642b5040ad3976cdc2cf7d5d2b9964702436c63c4df21631d9a2e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_websites", "breakdown": {"if": 3, "for": 1, "else": 1, "except": 1, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|47c1d3ac7a8642b5040ad3976cdc2cf7d5d2b9964702436c63c4df21631d9a2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `esbuild` is minor version(s) behind (^0.24.2 -> 0.28.0)"}, "properties": {"repobilityId": 90217, "scanner": "repobility-dependency-currency", "fingerprint": "320c8ea87d34a33a970cd97353ecc0c83a6c31e304c0960c79b372b6d2332374", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "esbuild", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.28.0", "correlation_key": "fp|320c8ea87d34a33a970cd97353ecc0c83a6c31e304c0960c79b372b6d2332374", "current_version": "^0.24.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".vscode-oss/extensions/rakib13332.material-code-3.1.1/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@vscode/vsce` is minor version(s) behind (^3.7.1 -> 3.9.2)"}, "properties": {"repobilityId": 90216, "scanner": "repobility-dependency-currency", "fingerprint": "376b3f4bdeeab53857d2b482772241cde2753fe1c71181cf1fbaa6a4ab4274ce", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vscode/vsce", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.9.2", "correlation_key": "fp|376b3f4bdeeab53857d2b482772241cde2753fe1c71181cf1fbaa6a4ab4274ce", "current_version": "^3.7.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".vscode-oss/extensions/rakib13332.material-code-3.1.1/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@types/vscode` is minor version(s) behind (1.75.0 -> 1.120.0)"}, "properties": {"repobilityId": 90215, "scanner": "repobility-dependency-currency", "fingerprint": "abe04485a86e21ab7502dd0ac059c0de1a862d5b89a0ba2951ece991a6f796b2", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/vscode", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.120.0", "correlation_key": "fp|abe04485a86e21ab7502dd0ac059c0de1a862d5b89a0ba2951ece991a6f796b2", "current_version": "1.75.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".vscode-oss/extensions/rakib13332.material-code-3.1.1/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 90159, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d2442957edafab411cc27a9a69f231d88824b4e82ca2ffa4388b21ffc134c66", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "acquire_lock", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "user_scripts/hypr/monitor/screen_rotate.py", "correlation_key": "fp|1d2442957edafab411cc27a9a69f231d88824b4e82ca2ffa4388b21ffc134c66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/hypr/monitor/standalone/monitor_wizard_old.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90158, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eda19ea369d122d406c8c5237dd310b3faa694c6196ba0973da7da54fb0583b1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".config/firefox_extentions/matugenfox/matugenfox_host.py", "duplicate_line": 90, "correlation_key": "fp|eda19ea369d122d406c8c5237dd310b3faa694c6196ba0973da7da54fb0583b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/theme_matugen/firefox/matugenfox_host.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90157, "scanner": "repobility-ai-code-hygiene", "fingerprint": "59efbb166674605409462420281a077c25062ec2de792180acada530a273f1dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "user_scripts/mako_osd/dusky_glance/tui_mako.py", "duplicate_line": 13, "correlation_key": "fp|59efbb166674605409462420281a077c25062ec2de792180acada530a273f1dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/mako_osd/mako_tui/tui_mako.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90156, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da008b258d2a48d83df1fc1555d2e2be79b1b4eab623df338df461d8f0920f36", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "user_scripts/hypr/rules/tui_workspace_rules.py", "duplicate_line": 198, "correlation_key": "fp|da008b258d2a48d83df1fc1555d2e2be79b1b4eab623df338df461d8f0920f36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/hypr/workspace/tui_workspace_rules.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90155, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa66e5ac932034d6bcf56fff476c7940263b6d2234522154901f81e1a165b226", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "user_scripts/dusky_tui/python/engines/environment_variables.py", "duplicate_line": 120, "correlation_key": "fp|fa66e5ac932034d6bcf56fff476c7940263b6d2234522154901f81e1a165b226"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/dusky_tui/python/engines/flatdotconfig.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90154, "scanner": "repobility-ai-code-hygiene", "fingerprint": "42b7a87ce0bafa52696d3c441a5cabfc25eafc8613147a961b68360ca7949ec9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "user_scripts/dusky_system/control_center/lib/utility.py", "duplicate_line": 23, "correlation_key": "fp|42b7a87ce0bafa52696d3c441a5cabfc25eafc8613147a961b68360ca7949ec9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/dusky_system/control_center/new/utility.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90153, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd1df5fa97adb8599c5543bc0073e59d18c1ee2d8e50f8ed045e7cdaa64878f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "user_scripts/arch_setup_scripts/scripts/015_set_thunar_terminal.py", "duplicate_line": 13, "correlation_key": "fp|dd1df5fa97adb8599c5543bc0073e59d18c1ee2d8e50f8ed045e7cdaa64878f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/185_terminal_default.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90152, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8cde6ebce9bff08890f67ab17fbbc8d4cd67d530573966cfd9215e7867dcb24", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".config/firefox_extentions/matugenfox/extension/options.js", "duplicate_line": 21, "correlation_key": "fp|b8cde6ebce9bff08890f67ab17fbbc8d4cd67d530573966cfd9215e7867dcb24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/extension/popup.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 90150, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da830c590027ca8b8d8c3602707f65e4f386adc49cd72bb398354d406907b863", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "old", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|da830c590027ca8b8d8c3602707f65e4f386adc49cd72bb398354d406907b863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/hypr/monitor/standalone/monitor_wizard_old.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 90262, "scanner": "repobility-threat-engine", "fingerprint": "a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "aggregated_count": 1}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 90258, "scanner": "repobility-threat-engine", "fingerprint": "090067798577f9fee20e6a45d8e71bcc8dc9e76cb7c8b12540d1af0cc4958b4f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|090067798577f9fee20e6a45d8e71bcc8dc9e76cb7c8b12540d1af0cc4958b4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tools/.unsorted/randomstr.sh"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 90257, "scanner": "repobility-threat-engine", "fingerprint": "15f495043c606d8bb43718af9d234b3aa200cd6f81f22b332eb6dfde55b6974d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15f495043c606d8bb43718af9d234b3aa200cd6f81f22b332eb6dfde55b6974d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tools/.unsorted/argon2.sh"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 90256, "scanner": "repobility-threat-engine", "fingerprint": "e701f7cb99f707e75e4c613bf684bad8e30da700bffd04af759d5bd6c5d0e4dc", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(secrets.token_urlsafe(${1:-32})", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|1|print secrets.token_urlsafe 1:-32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tools/.unsorted/randomstr.sh"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 90255, "scanner": "repobility-threat-engine", "fingerprint": "b8b2e0ff9abeab57015138f375ffe0140c59a60beddd07b99cfa21f4eba37f90", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Cryptographic handling (password hashing, not hardcoded)", "evidence": {"match": "print(argon2.PasswordHasher()", "reason": "Cryptographic handling (password hashing, not hardcoded)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|1|print argon2.passwordhasher"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tools/.unsorted/argon2.sh"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 90254, "scanner": "repobility-threat-engine", "fingerprint": "2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 90253, "scanner": "repobility-threat-engine", "fingerprint": "c5102a6c07d57ac8a5ee1726da69d037bd78c796ae865dbfa5e4cd11b16d0dd1", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|102|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tts_stt/old/parakeet/transcribe_parakeet.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 90248, "scanner": "repobility-threat-engine", "fingerprint": "1d890d539f069e5c1d06723a89c54cb2ca3fc5652d4e9d8f9bab1f234c90d8fb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1d890d539f069e5c1d06723a89c54cb2ca3fc5652d4e9d8f9bab1f234c90d8fb", "aggregated_count": 2}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 90244, "scanner": "repobility-threat-engine", "fingerprint": "3223725708c4461d32845e2061c4ef50c60e6846d644e3d9cfaee178cbd6cc88", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3223725708c4461d32845e2061c4ef50c60e6846d644e3d9cfaee178cbd6cc88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/performance/ram_bandwidth.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 90243, "scanner": "repobility-threat-engine", "fingerprint": "821e4b4ee3db0c8cc983c7b20a388a5a3b1cdb7c4b9648f66ff516d261c3c785", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|821e4b4ee3db0c8cc983c7b20a388a5a3b1cdb7c4b9648f66ff516d261c3c785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/185_terminal_default.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 90242, "scanner": "repobility-threat-engine", "fingerprint": "a78629b884c33dc0733c0a829a608e9f637d8dd5dd2ac8e0c09762d6b0678841", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a78629b884c33dc0733c0a829a608e9f637d8dd5dd2ac8e0c09762d6b0678841"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/015_set_thunar_terminal.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 90241, "scanner": "repobility-threat-engine", "fingerprint": "0b77e8c6fcd532538bd798a9fc687b8bd81213c510293971dea937a37f57d6ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b77e8c6fcd532538bd798a9fc687b8bd81213c510293971dea937a37f57d6ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_iso_scripts/online/110_post_chroot.sh"}, "region": {"startLine": 174}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 49 more): Same pattern found in 49 additional files. Review if needed."}, "properties": {"repobilityId": 90240, "scanner": "repobility-threat-engine", "fingerprint": "9aed4cb22e2db511a16244f54b6926c5c3fcd13802e10813c8ac16ce2a86adec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 49 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "message_handler", "breakdown": {"if": 6, "elif": 5, "else": 2, "break": 1, "while": 1, "except": 1, "nested_bonus": 16}, "aggregated": true, "complexity": 32, "correlation_key": "fp|9aed4cb22e2db511a16244f54b6926c5c3fcd13802e10813c8ac16ce2a86adec", "aggregated_count": 49}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 90236, "scanner": "repobility-threat-engine", "fingerprint": "4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164"}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 90232, "scanner": "repobility-threat-engine", "fingerprint": "9d0a098c16e225c69a84520720c4f68523807cdb045e1915fd86a1914c7a786f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9d0a098c16e225c69a84520720c4f68523807cdb045e1915fd86a1914c7a786f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 90231, "scanner": "repobility-threat-engine", "fingerprint": "782b35fe2be2b25845698f37beaaef3524528d1bc7dfc5351c5dbeac247431c5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|782b35fe2be2b25845698f37beaaef3524528d1bc7dfc5351c5dbeac247431c5", "aggregated_count": 11}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 90230, "scanner": "repobility-threat-engine", "fingerprint": "79bdaf4592ff488958e3b6aa89821ace0658da83298a0bc2240c2903b09fb570", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79bdaf4592ff488958e3b6aa89821ace0658da83298a0bc2240c2903b09fb570"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/dusky_tui/python/engines/cmdline.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 90229, "scanner": "repobility-threat-engine", "fingerprint": "45087967acbda092998c3f1aec6a5a1d12d39765322bfe8b1c66b71f3991adae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|45087967acbda092998c3f1aec6a5a1d12d39765322bfe8b1c66b71f3991adae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/185_terminal_default.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 90228, "scanner": "repobility-threat-engine", "fingerprint": "e37f2f8426871d71e84c7395e263de7712d667d010a09801838be67ebc785402", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e37f2f8426871d71e84c7395e263de7712d667d010a09801838be67ebc785402"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 90227, "scanner": "repobility-threat-engine", "fingerprint": "73511d44b8361eefb9c933764519d3cf5dc2e974ce3bb6776bfaba9ba3044916", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|73511d44b8361eefb9c933764519d3cf5dc2e974ce3bb6776bfaba9ba3044916", "aggregated_count": 12}}}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/bun` is patch version(s) behind (^1.3.1 -> 1.3.14)"}, "properties": {"repobilityId": 90214, "scanner": "repobility-dependency-currency", "fingerprint": "f239b54ee4ea922f6e21cf949dd04efe8e2f75d775e74f5d5921e3e76b841859", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/bun", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.3.14", "correlation_key": "fp|f239b54ee4ea922f6e21cf949dd04efe8e2f75d775e74f5d5921e3e76b841859", "current_version": "^1.3.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".vscode-oss/extensions/rakib13332.material-code-3.1.1/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@vscode/sudo-prompt` is patch version(s) behind (^9.3.1 -> 9.3.2)"}, "properties": {"repobilityId": 90213, "scanner": "repobility-dependency-currency", "fingerprint": "1de2757665caa4973c6052bb0f3e7d04d0daad2899def8770b2b0f80edb980c4", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vscode/sudo-prompt", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.3.2", "correlation_key": "fp|1de2757665caa4973c6052bb0f3e7d04d0daad2899def8770b2b0f80edb980c4", "current_version": "^9.3.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".vscode-oss/extensions/rakib13332.material-code-3.1.1/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 90261, "scanner": "repobility-threat-engine", "fingerprint": "7e2100dd96c6b4a4c83a2476e2827abf91e57d263bab648261bd9fd774de2e3e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7e2100dd96c6b4a4c83a2476e2827abf91e57d263bab648261bd9fd774de2e3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tools/.unsorted/md5str.sh"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 90260, "scanner": "repobility-threat-engine", "fingerprint": "60541fcbe43566899f1b19fddcc70b7b09b189c296d5a4afd1ac643c3cba22eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|60541fcbe43566899f1b19fddcc70b7b09b189c296d5a4afd1ac643c3cba22eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tools/.unsorted/md5file.sh"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 90259, "scanner": "repobility-threat-engine", "fingerprint": "62465e60748c12fbbddcd8d5e69c90b61cd6efe72004cdc7d337cada981d91fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62465e60748c12fbbddcd8d5e69c90b61cd6efe72004cdc7d337cada981d91fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/tools/.unsorted/checksum.sh"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED104", "level": "error", "message": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "properties": {"repobilityId": 90250, "scanner": "repobility-threat-engine", "fingerprint": "6435fe487251735fcf681ce1ea5c8c34129391f046c8efb234008dbdd512b97e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "chmod-777", "owasp": "A05:2021", "cwe_ids": ["CWE-732", "CWE-276"], "languages": ["shell", "bash", "dockerfile"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 0, "observations_count": 0, "ai_coder_pattern_id": 47}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6435fe487251735fcf681ce1ea5c8c34129391f046c8efb234008dbdd512b97e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/ftp/ftp_setup_arch.sh"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED104", "level": "error", "message": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "properties": {"repobilityId": 90249, "scanner": "repobility-threat-engine", "fingerprint": "31512f768b5ddb304657736036e7feb53f9bf223007ecac3c1244d6b3733b713", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "chmod-777", "owasp": "A05:2021", "cwe_ids": ["CWE-732", "CWE-276"], "languages": ["shell", "bash", "dockerfile"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 0, "observations_count": 0, "ai_coder_pattern_id": 47}, "scanner": "repobility-threat-engine", "correlation_key": "fp|31512f768b5ddb304657736036e7feb53f9bf223007ecac3c1244d6b3733b713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/250_ftp_arch.sh"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 90247, "scanner": "repobility-threat-engine", "fingerprint": "def4c7f35c2880e7f70b43b319ee73f0640eec6fff9cb9651abda99e1d5b1bca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|def4c7f35c2880e7f70b43b319ee73f0640eec6fff9cb9651abda99e1d5b1bca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/mako_osd/osd_router/osd_router.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 90246, "scanner": "repobility-threat-engine", "fingerprint": "f9843459c03e8ec32549b6b7497b357e14f979bfffe827acd726cda003564abb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f9843459c03e8ec32549b6b7497b357e14f979bfffe827acd726cda003564abb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/hypr/monitor/screen_rotate.py"}, "region": {"startLine": 315}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 90245, "scanner": "repobility-threat-engine", "fingerprint": "0fed455fa45a80e376e3adce4b6af2548c86f8a336a9fa30af025c38217f85cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0fed455fa45a80e376e3adce4b6af2548c86f8a336a9fa30af025c38217f85cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/145_matugen_directories.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `message_handler` has cognitive complexity 32 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, elif=5, else=2, except=1, if=6, nested_bonus=16, while=1."}, "properties": {"repobilityId": 90237, "scanner": "repobility-threat-engine", "fingerprint": "acc33b220d6b7e5787fb0c8359ac492e4769414ca4e845bc2cb80740cc6767bb", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 32 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "message_handler", "breakdown": {"if": 6, "elif": 5, "else": 2, "break": 1, "while": 1, "except": 1, "nested_bonus": 16}, "complexity": 32, "correlation_key": "fp|acc33b220d6b7e5787fb0c8359ac492e4769414ca4e845bc2cb80740cc6767bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 90226, "scanner": "repobility-threat-engine", "fingerprint": "f3338f58ffb3eaf43286e2af67fbf58b387c6c10b56482d1052bf0623a0d2999", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f3338f58ffb3eaf43286e2af67fbf58b387c6c10b56482d1052bf0623a0d2999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/dusky_tui/python/engines/cmdline.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 90225, "scanner": "repobility-threat-engine", "fingerprint": "4db7661deac458ef609ceede54dd3196a05da94fed7fe278de68941e4a11e38c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4db7661deac458ef609ceede54dd3196a05da94fed7fe278de68941e4a11e38c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/185_terminal_default.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 90224, "scanner": "repobility-threat-engine", "fingerprint": "59ea1f5752ff1f1b374d6f25429e4e34b7eba13f6776c5e77df110eed4b25a9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|59ea1f5752ff1f1b374d6f25429e4e34b7eba13f6776c5e77df110eed4b25a9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 90223, "scanner": "repobility-threat-engine", "fingerprint": "26e9bfaf4bd415433c1f77d828e0c27a02a24756723942fbe103622b64c7b5b2", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'scale\\s*=\\s*([0-9.]+|\"auto\"|\\'auto\\')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|148|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/hypr/monitor/adjust_scale.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 90222, "scanner": "repobility-threat-engine", "fingerprint": "e26bfcfa7d265909f07d5865fb25c8eb6c83f17e78e7e1d848e40a659c5858a9", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'fingers\\s*=\\s*(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|98|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/dusky_tui/python/engines/trackpad.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 90221, "scanner": "repobility-threat-engine", "fingerprint": "271650145fc34d789fd373c7b3e26bfdae8c98ae61b1c6ba36831bb2e2bced29", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'@-moz-document\\s+domain\\(\"([^\"]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|89|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".config/firefox_extentions/matugenfox/matugenfox_host.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "package.json dep `material-colors` pulled from URL/Git"}, "properties": {"repobilityId": 90212, "scanner": "repobility-supply-chain", "fingerprint": "acbe468f83c52a8908113a8e2f6c98d7a258a2f53c37f44938e816bc508e2bae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|acbe468f83c52a8908113a8e2f6c98d7a258a2f53c37f44938e816bc508e2bae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".vscode-oss/extensions/rakib13332.material-code-3.1.1/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.show_only_favorites` used but never assigned in __init__"}, "properties": {"repobilityId": 90188, "scanner": "repobility-ast-engine", "fingerprint": "8a243774c183d1140c0935bb6d8a52674b04831583e15b2bc1e1e62cd437bd62", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a243774c183d1140c0935bb6d8a52674b04831583e15b2bc1e1e62cd437bd62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 910}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.apply_filename_visibility` used but never assigned in __init__"}, "properties": {"repobilityId": 90187, "scanner": "repobility-ast-engine", "fingerprint": "448e80ed84fdda7046a4b7003b8a9718ae7e97ca3c609a708e5042b08120800b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|448e80ed84fdda7046a4b7003b8a9718ae7e97ca3c609a708e5042b08120800b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 628}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._save_app_settings` used but never assigned in __init__"}, "properties": {"repobilityId": 90186, "scanner": "repobility-ast-engine", "fingerprint": "0f373e81b290dae45cf1b7acc968f3884b2a6a8c0c75b400f066d0a49c66b9be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f373e81b290dae45cf1b7acc968f3884b2a6a8c0c75b400f066d0a49c66b9be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 626}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.trigger_action` used but never assigned in __init__"}, "properties": {"repobilityId": 90185, "scanner": "repobility-ast-engine", "fingerprint": "18458055c84ee982fffb67f6d8742165980ab8bafa8c39de470d77c5fe5af995", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18458055c84ee982fffb67f6d8742165980ab8bafa8c39de470d77c5fe5af995"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 528}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.set_view_mode` used but never assigned in __init__"}, "properties": {"repobilityId": 90184, "scanner": "repobility-ast-engine", "fingerprint": "9ac49ebb3dd77ad8096942369ac8326eb59592fd460c627309bec716c24450b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ac49ebb3dd77ad8096942369ac8326eb59592fd460c627309bec716c24450b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 510}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.set_view_mode` used but never assigned in __init__"}, "properties": {"repobilityId": 90183, "scanner": "repobility-ast-engine", "fingerprint": "e69eee3cf13ac26c9ba290d0c4a4a0439e721caec9b2e6cd665cff6626f7a0b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e69eee3cf13ac26c9ba290d0c4a4a0439e721caec9b2e6cd665cff6626f7a0b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 504}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._create_loading_state_placeholder` used but never assigned in __init__"}, "properties": {"repobilityId": 90182, "scanner": "repobility-ast-engine", "fingerprint": "79a02f2b10108ac7a3b639e21b49c259c8445b4f44635b88d23dc16211493cdf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|79a02f2b10108ac7a3b639e21b49c259c8445b4f44635b88d23dc16211493cdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 585}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._create_empty_state_placeholder` used but never assigned in __init__"}, "properties": {"repobilityId": 90181, "scanner": "repobility-ast-engine", "fingerprint": "10b5e3a2c82c0c35d51429a35b51dff2356587624e5047d31ed32752adefb53e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10b5e3a2c82c0c35d51429a35b51dff2356587624e5047d31ed32752adefb53e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 584}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.refresh_ui` used but never assigned in __init__"}, "properties": {"repobilityId": 90180, "scanner": "repobility-ast-engine", "fingerprint": "4336096f94f8b7abd9bbd4c28b3e64c9b6a5140bf05d37464d4296c3cbdd4d86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4336096f94f8b7abd9bbd4c28b3e64c9b6a5140bf05d37464d4296c3cbdd4d86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 590}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_flowbox_button_press` used but never assigned in __init__"}, "properties": {"repobilityId": 90179, "scanner": "repobility-ast-engine", "fingerprint": "8559182d6203db3544bc581378e324855ac1ed0cdb195e73964f0f035e5d14da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8559182d6203db3544bc581378e324855ac1ed0cdb195e73964f0f035e5d14da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 579}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_selection_changed` used but never assigned in __init__"}, "properties": {"repobilityId": 90178, "scanner": "repobility-ast-engine", "fingerprint": "db5e494da81d8dd00008ccba9e0ff95b35accf6755d29c3c7f0adc2ba8961ed2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db5e494da81d8dd00008ccba9e0ff95b35accf6755d29c3c7f0adc2ba8961ed2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 578}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_child_activated` used but never assigned in __init__"}, "properties": {"repobilityId": 90177, "scanner": "repobility-ast-engine", "fingerprint": "eb33052952e71073b6829ddb462c299a8d1f41dcba9f90e3a611a21ad1de1adb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb33052952e71073b6829ddb462c299a8d1f41dcba9f90e3a611a21ad1de1adb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 577}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.filter_flowbox` used but never assigned in __init__"}, "properties": {"repobilityId": 90176, "scanner": "repobility-ast-engine", "fingerprint": "f5dce859af55c18379931ff88d910b7e9480f521ab4d4d8c4f7b9eb94e2a8611", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5dce859af55c18379931ff88d910b7e9480f521ab4d4d8c4f7b9eb94e2a8611"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 576}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.sort_flowbox` used but never assigned in __init__"}, "properties": {"repobilityId": 90175, "scanner": "repobility-ast-engine", "fingerprint": "106f5af68dae1c560d0d8ba1dfeb368c2fad35b42fcd7b35deac488ea7d1d1d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|106f5af68dae1c560d0d8ba1dfeb368c2fad35b42fcd7b35deac488ea7d1d1d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 575}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.show_shortcuts_popover` used but never assigned in __init__"}, "properties": {"repobilityId": 90174, "scanner": "repobility-ast-engine", "fingerprint": "21921cd0f77529eacf213d060a00f06eb060c0f497b5f18dbf09b28a3ed6cf56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21921cd0f77529eacf213d060a00f06eb060c0f497b5f18dbf09b28a3ed6cf56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 546}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.show_settings_popover` used but never assigned in __init__"}, "properties": {"repobilityId": 90173, "scanner": "repobility-ast-engine", "fingerprint": "e80b149438900e8ee2bfcd27a30593f1187488cac2d9129913d487fa1e0ee826", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e80b149438900e8ee2bfcd27a30593f1187488cac2d9129913d487fa1e0ee826"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 537}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_search_changed` used but never assigned in __init__"}, "properties": {"repobilityId": 90172, "scanner": "repobility-ast-engine", "fingerprint": "f3b7871ae02200000bf4f8ae7372ebd9300dd6b2452cffcd3bbca159710f4b18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3b7871ae02200000bf4f8ae7372ebd9300dd6b2452cffcd3bbca159710f4b18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 493}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.setup_css` used but never assigned in __init__"}, "properties": {"repobilityId": 90171, "scanner": "repobility-ast-engine", "fingerprint": "96bb4a8ee539c4e2dc1f1cc768ad15d4b63eed089546b65a7019f914dbede8d1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96bb4a8ee539c4e2dc1f1cc768ad15d4b63eed089546b65a7019f914dbede8d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 478}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_key_press` used but never assigned in __init__"}, "properties": {"repobilityId": 90170, "scanner": "repobility-ast-engine", "fingerprint": "dd8b160a96affbbc88fe6e39dfb7af65d524916e93082592691227b9800ccd49", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd8b160a96affbbc88fe6e39dfb7af65d524916e93082592691227b9800ccd49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 476}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_window_destroy` used but never assigned in __init__"}, "properties": {"repobilityId": 90169, "scanner": "repobility-ast-engine", "fingerprint": "dd9753fbca7ceda9d5ba422123ffefb085f58669fd5ec73db54d61c0202c236b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd9753fbca7ceda9d5ba422123ffefb085f58669fd5ec73db54d61c0202c236b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 475}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.show_only_favorites` used but never assigned in __init__"}, "properties": {"repobilityId": 90168, "scanner": "repobility-ast-engine", "fingerprint": "4259029e25a71cc8c622419637a73063a72a4aaa7d8144e2e26d2d590171697e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4259029e25a71cc8c622419637a73063a72a4aaa7d8144e2e26d2d590171697e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 512}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._update_visibility_and_selection` used but never assigned in __init__"}, "properties": {"repobilityId": 90167, "scanner": "repobility-ast-engine", "fingerprint": "37c8afdb47fa7750a0accb7d468f34d89e3d69f8a30ca4d0bb95836e3c780d5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37c8afdb47fa7750a0accb7d468f34d89e3d69f8a30ca4d0bb95836e3c780d5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 466}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.show_only_favorites` used but never assigned in __init__"}, "properties": {"repobilityId": 90166, "scanner": "repobility-ast-engine", "fingerprint": "af170ff9555f95a0e3f5c6de57116a72d49d04124ad5ddc8dde4d4105b8d4ed8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af170ff9555f95a0e3f5c6de57116a72d49d04124ad5ddc8dde4d4105b8d4ed8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 457}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.show_only_favorites` used but never assigned in __init__"}, "properties": {"repobilityId": 90165, "scanner": "repobility-ast-engine", "fingerprint": "e5a0cf3fe917a493b2a0975c6e71a6c2f42a3648d2d5aa666f54ff0db861a8ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5a0cf3fe917a493b2a0975c6e71a6c2f42a3648d2d5aa666f54ff0db861a8ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 455}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.show_only_favorites` used but never assigned in __init__"}, "properties": {"repobilityId": 90164, "scanner": "repobility-ast-engine", "fingerprint": "8291e2d9fc11a0553caa40f2e6dd5ca7a04e97203307e297ad5f8beb22feda50", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8291e2d9fc11a0553caa40f2e6dd5ca7a04e97203307e297ad5f8beb22feda50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 426}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 90147, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 90266, "scanner": "gitleaks", "fingerprint": "a5428f1dc7a8bbe178e48bc09ffffa8b2c20e033b49c9650640aa984ab9fbec4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "key=\"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|22|key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/kernel/tui_kernal.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 90265, "scanner": "gitleaks", "fingerprint": "83a01d03caa8a7f2f5bd55466dd41168fb48f03bed37c602b07ac5bb8399d185", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "SPOTIFY_AUR_KEY=\"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|spotify_aur_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/arch_setup_scripts/scripts/405_spicetify_matugen_setup.sh"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 90201, "scanner": "repobility-ast-engine", "fingerprint": "0ce6a6aadcd8f1218f31b2887051d08a663ddecabe45fa81a353d498663f3d51", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ce6a6aadcd8f1218f31b2887051d08a663ddecabe45fa81a353d498663f3d51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/mako_osd/osd_router/osd_router.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 90163, "scanner": "repobility-ast-engine", "fingerprint": "3429fabedb5961c58ef08234c4121bb0883d5adde65493e77adc2bb9212e90d2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3429fabedb5961c58ef08234c4121bb0883d5adde65493e77adc2bb9212e90d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "user_scripts/images/wallpaper_selector.py"}, "region": {"startLine": 111}}}]}]}]}