{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR013", "name": "Dockerfile ADD downloads remote content", "shortDescription": {"text": "Dockerfile ADD downloads remote content"}, "fullDescription": {"text": "ADD can fetch remote URLs without checksum verification. This makes builds dependent on mutable network content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `resolve_proxy_geo_with_ip` has cognitive complexity 8 (SonarSource scale)", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `resolve_proxy_geo_with_ip` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, an"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED119", "name": "Dockerfile `ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-${T", "shortDescription": {"text": "Dockerfile `ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-${TARGETARCH}`"}, "fullDescription": {"text": "Dockerfile `ADD <url>` downloads a remote artifact into the image with no integrity check. If the host or DNS is compromised between layers \u2014 or if the URL serves a different file later \u2014 malicious content gets baked into the image."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `cloakhq/cloakbrowser:latest` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `cloakhq/cloakbrowser:latest` not pinned by digest"}, "fullDescription": {"text": "`FROM cloakhq/cloakbrowser:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._make_world` used but never assigned in __init__", "shortDescription": {"text": "`self._make_world` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_evaluate_caches_context_id` of class `TestSyncIsolatedWorld` reads `self._make_world`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_accepts_http_and_https", "shortDescription": {"text": "Phantom test coverage: test_accepts_http_and_https"}, "fullDescription": {"text": "Test function `test_accepts_http_and_https` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `locale` used but not imported", "shortDescription": {"text": "Missing import: `locale` used but not imported"}, "fullDescription": {"text": "The file uses `locale.something(...)` but never imports `locale`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/547"}, "properties": {"repository": "CloakHQ/CloakBrowser", "repoUrl": "https://github.com/CloakHQ/CloakBrowser.git", "branch": "main"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 35538, "scanner": "repobility-docker", "fingerprint": "33c62806c549a8378b1553ce00f33556c41a3c7052de3ed6cfb66e25f4beb24e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "cloakhq/cloakbrowser:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|33c62806c549a8378b1553ce00f33556c41a3c7052de3ed6cfb66e25f4beb24e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR013", "level": "warning", "message": {"text": "Dockerfile ADD downloads remote content"}, "properties": {"repobilityId": 35537, "scanner": "repobility-docker", "fingerprint": "168778ceb0ae520f295a5bb5fb36c13e5e9266e53b38b053566162b6481d4ad1", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ADD instruction references a remote URL.", "evidence": {"rule_id": "DKR013", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|168778ceb0ae520f295a5bb5fb36c13e5e9266e53b38b053566162b6481d4ad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 35536, "scanner": "repobility-docker", "fingerprint": "7ab6922ba324d6d5736319ebcf58b4f6126ab0c50fa9b7fda72334e582e86dfb", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "cloakhq/cloakbrowser:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7ab6922ba324d6d5736319ebcf58b4f6126ab0c50fa9b7fda72334e582e86dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 35535, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 35534, "scanner": "repobility-docker", "fingerprint": "bbddb30f89178c7f394f661014c4463818fa0d7143e3346dcf37c2b53e571e10", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|bbddb30f89178c7f394f661014c4463818fa0d7143e3346dcf37c2b53e571e10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 35527, "scanner": "repobility-threat-engine", "fingerprint": "5d0f7338dcedfff9885aeda854d481f19485afeb56de509b55e91601d7995c61", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "KEYS[lower];\n    const wrong = neighbors[Math.floor(Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5d0f7338dcedfff9885aeda854d481f19485afeb56de509b55e91601d7995c61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/keyboard.ts"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 35526, "scanner": "repobility-threat-engine", "fingerprint": "dbedfa86054e24154a6d740450dbb8ca46d5fd49ecde6213ac1d25e6349a5172", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * (max - min);\n}\n\n/** Random integer in [min, max] (inclusiv", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dbedfa86054e24154a6d740450dbb8ca46d5fd49ecde6213ac1d25e6349a5172"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/config.ts"}, "region": {"startLine": 233}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 35525, "scanner": "repobility-threat-engine", "fingerprint": "e214f11db0010e80b9aa506da57201134ebf53f6d1e613d17dfbd5443c54391c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "KEYS[lower];\n    const wrong = neighbors[Math.floor(Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e214f11db0010e80b9aa506da57201134ebf53f6d1e613d17dfbd5443c54391c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human-puppeteer/keyboard.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 35517, "scanner": "repobility-threat-engine", "fingerprint": "784ed6950f09225787be276f228563017a914936220e929510a7ed7f0bc7dc4c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        el = page.locator(selector).first\n        return await el.bounding_box(timeout=max(1, t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|784ed6950f09225787be276f228563017a914936220e929510a7ed7f0bc7dc4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/scroll_async.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 35516, "scanner": "repobility-threat-engine", "fingerprint": "19ea871c81aeebdab236989ebc72eeadef0c468f32d02527787632736157f1a5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        el = page.locator(selector).first\n        return el.bounding_box(timeout=max(1, timeout", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|19ea871c81aeebdab236989ebc72eeadef0c468f32d02527787632736157f1a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/scroll.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35495, "scanner": "repobility-ast-engine", "fingerprint": "1e41255e1bec69e1ea560fa680874a69785c12855a905d1b1413bd91f7052786", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e41255e1bec69e1ea560fa680874a69785c12855a905d1b1413bd91f7052786"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35494, "scanner": "repobility-ast-engine", "fingerprint": "9c7e962c7fc004275fbf5f1c7cc2ec4e1f2d3949d66b68084942043bbe4abdc3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c7e962c7fc004275fbf5f1c7cc2ec4e1f2d3949d66b68084942043bbe4abdc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 682}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35493, "scanner": "repobility-ast-engine", "fingerprint": "60b8939954961ba72bd53ce3353cd1ba3c0f1b160d081bb320fb3c34d6f0bc82", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60b8939954961ba72bd53ce3353cd1ba3c0f1b160d081bb320fb3c34d6f0bc82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 444}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35492, "scanner": "repobility-ast-engine", "fingerprint": "94694b075b1071649fa84f99939e202b88ffc9c1e52eda98e8f768a2285592ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94694b075b1071649fa84f99939e202b88ffc9c1e52eda98e8f768a2285592ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35491, "scanner": "repobility-ast-engine", "fingerprint": "753450857c2fc056e8540d350506484c8d433efcf90edf89a2be0827c35e4a84", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|753450857c2fc056e8540d350506484c8d433efcf90edf89a2be0827c35e4a84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35490, "scanner": "repobility-ast-engine", "fingerprint": "b5b371ffd3f5bb90a99bc085f09baec231a8984469a626da91f8f80350bc7e64", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5b371ffd3f5bb90a99bc085f09baec231a8984469a626da91f8f80350bc7e64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2489}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35489, "scanner": "repobility-ast-engine", "fingerprint": "8aa3d3957a97cc591d3dc002f2edded463b40306732b9bb7465245f3f3e6b688", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8aa3d3957a97cc591d3dc002f2edded463b40306732b9bb7465245f3f3e6b688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2256}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35488, "scanner": "repobility-ast-engine", "fingerprint": "7aa7d394d5343918675b1a48d31c63d8d55da359ae78989de4b2459463150a3f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7aa7d394d5343918675b1a48d31c63d8d55da359ae78989de4b2459463150a3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1956}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35487, "scanner": "repobility-ast-engine", "fingerprint": "cda65095de228fbe3b132f33bbcd471f63f91061d1b883ef4c48b0a18e7d4875", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cda65095de228fbe3b132f33bbcd471f63f91061d1b883ef4c48b0a18e7d4875"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1939}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35486, "scanner": "repobility-ast-engine", "fingerprint": "24f7f2476b3cfee4e05dd38a0c778f9b289af1d9049fa75aa6a1e468401193c7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24f7f2476b3cfee4e05dd38a0c778f9b289af1d9049fa75aa6a1e468401193c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1587}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35485, "scanner": "repobility-ast-engine", "fingerprint": "7a195176562b26bc747cbc8958dbd0db6cab25593f9af696bfc4d4820548033b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a195176562b26bc747cbc8958dbd0db6cab25593f9af696bfc4d4820548033b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1354}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35484, "scanner": "repobility-ast-engine", "fingerprint": "a6431f1b8dec378eaa4d1dbeb14bf2f2d1c7aaaab04a4d7ec573c8beed11ebf8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6431f1b8dec378eaa4d1dbeb14bf2f2d1c7aaaab04a4d7ec573c8beed11ebf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1056}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35483, "scanner": "repobility-ast-engine", "fingerprint": "9a282faab59ba4e3f7353a0f44d5090c516d1d142839867fec00f957922fe471", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a282faab59ba4e3f7353a0f44d5090c516d1d142839867fec00f957922fe471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1039}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35482, "scanner": "repobility-ast-engine", "fingerprint": "8d601366e20bdc145891932ef39c623d4535c643962b6292aec1b32e3ee94d49", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d601366e20bdc145891932ef39c623d4535c643962b6292aec1b32e3ee94d49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2047}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35481, "scanner": "repobility-ast-engine", "fingerprint": "b5d70a6303645ceceaf6c0479e2d88650f950d15981918d84a3268318951042b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5d70a6303645ceceaf6c0479e2d88650f950d15981918d84a3268318951042b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1154}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35480, "scanner": "repobility-ast-engine", "fingerprint": "fdc3dd100eb35c0374a9a7eba899e8f4f5a3de3eb43727af819e357390d2cb2b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fdc3dd100eb35c0374a9a7eba899e8f4f5a3de3eb43727af819e357390d2cb2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35479, "scanner": "repobility-ast-engine", "fingerprint": "2266e81f7f305f947f32acc3c896f50fe8e49e68a2dee424b951395b475e4429", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2266e81f7f305f947f32acc3c896f50fe8e49e68a2dee424b951395b475e4429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35478, "scanner": "repobility-ast-engine", "fingerprint": "4c284c16cc97e8a985659ef299b9a9f33fcc650b60bf58368e32d42c736b5fd1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c284c16cc97e8a985659ef299b9a9f33fcc650b60bf58368e32d42c736b5fd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35477, "scanner": "repobility-ast-engine", "fingerprint": "211a162b52d9396c638186675b2d232a301c414b14c890a1cfb3493c06638a23", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|211a162b52d9396c638186675b2d232a301c414b14c890a1cfb3493c06638a23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35476, "scanner": "repobility-ast-engine", "fingerprint": "7ac0ae507df20d9d8584f71d1900a1f7cfe5fea16a283a481cc171eafeda4565", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ac0ae507df20d9d8584f71d1900a1f7cfe5fea16a283a481cc171eafeda4565"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35475, "scanner": "repobility-ast-engine", "fingerprint": "3533f1ffdae43382bc95aaaf292b191662a503a12f3c47f89ed71cf7d00201fb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3533f1ffdae43382bc95aaaf292b191662a503a12f3c47f89ed71cf7d00201fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/__main__.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35474, "scanner": "repobility-ast-engine", "fingerprint": "2488dc0a4ab3c74bc38b36d3f70e8ce8ed80e577a607c1e1de4ab57b557f06f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2488dc0a4ab3c74bc38b36d3f70e8ce8ed80e577a607c1e1de4ab57b557f06f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35428, "scanner": "repobility-ast-engine", "fingerprint": "f8aa136191f2059938f576fb3b9af879df8c11f28230b85a6122c266ee8bdfbc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8aa136191f2059938f576fb3b9af879df8c11f28230b85a6122c266ee8bdfbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35427, "scanner": "repobility-ast-engine", "fingerprint": "134f57f7ae9b66a8b7e53e926edf83740035c2d1e07b4334cf280691eabfafb0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|134f57f7ae9b66a8b7e53e926edf83740035c2d1e07b4334cf280691eabfafb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 35426, "scanner": "repobility-ast-engine", "fingerprint": "5247746e374b1f89cdb57acb1b243f25c9f685b3a72418e2c620d818a4153a04", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5247746e374b1f89cdb57acb1b243f25c9f685b3a72418e2c620d818a4153a04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `resolve_proxy_geo_with_ip` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=2, if=4, nested_bonus=1, ternary=1."}, "properties": {"repobilityId": 35510, "scanner": "repobility-threat-engine", "fingerprint": "b794fe24bc07a92a8c71abff841e3203672b5edf65eb66116241e0f579fd1732", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "resolve_proxy_geo_with_ip", "breakdown": {"if": 4, "except": 2, "ternary": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|b794fe24bc07a92a8c71abff841e3203672b5edf65eb66116241e0f579fd1732"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_resolve_exit_ip` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, except=2, for=1, if=1, nested_bonus=4, or=1, ternary=1."}, "properties": {"repobilityId": 35509, "scanner": "repobility-threat-engine", "fingerprint": "e7b73fa9223ba517ffb24db4530a418d72ed2f99a1be1e23edca80577189f2aa", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_resolve_exit_ip", "breakdown": {"if": 1, "or": 1, "for": 1, "except": 2, "ternary": 1, "continue": 1, "nested_bonus": 4}, "complexity": 11, "correlation_key": "fp|e7b73fa9223ba517ffb24db4530a418d72ed2f99a1be1e23edca80577189f2aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_effective_version` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=3, nested_bonus=8."}, "properties": {"repobilityId": 35508, "scanner": "repobility-threat-engine", "fingerprint": "04508acd91eac83db4ba6cac1a8fc49514d07a64963fa208705bd442f57111a2", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_effective_version", "breakdown": {"if": 3, "for": 1, "except": 1, "nested_bonus": 8}, "complexity": 13, "correlation_key": "fp|04508acd91eac83db4ba6cac1a8fc49514d07a64963fa208705bd442f57111a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e5cc4f4a50fde9a7597daf725b1fd20c82676fed526a24661edbacc7a89dcc8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/scroll.ts", "duplicate_line": 5, "correlation_key": "fp|8e5cc4f4a50fde9a7597daf725b1fd20c82676fed526a24661edbacc7a89dcc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/scroll.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c1211b9862b8e8853fdec5b8f179839607c14c51b017b908827dba364b3e713", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/keyboard.ts", "duplicate_line": 5, "correlation_key": "fp|3c1211b9862b8e8853fdec5b8f179839607c14c51b017b908827dba364b3e713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/keyboard.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8857b3cd634b663793af7e3b9beca2dcae1019440af00a8633d72a43ea92d72", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/index.ts", "duplicate_line": 35, "correlation_key": "fp|f8857b3cd634b663793af7e3b9beca2dcae1019440af00a8633d72a43ea92d72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/index.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7e139eb1e36a24e86ae559269e13aad014818bc7aa4bd16968f59daddefa716", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/index.ts", "duplicate_line": 446, "correlation_key": "fp|c7e139eb1e36a24e86ae559269e13aad014818bc7aa4bd16968f59daddefa716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/elementhandle.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35415, "scanner": "repobility-ai-code-hygiene", "fingerprint": "861819ea1139986cc5e5afdf48196e647b4cedc94a2494c07b2b95f09b76573e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/scroll.py", "duplicate_line": 67, "correlation_key": "fp|861819ea1139986cc5e5afdf48196e647b4cedc94a2494c07b2b95f09b76573e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/scroll_async.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35414, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4980e2878902cf755a1c3d577e4919706bf7078097d29d8786d7477e0d6bb2bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/mouse.py", "duplicate_line": 45, "correlation_key": "fp|4980e2878902cf755a1c3d577e4919706bf7078097d29d8786d7477e0d6bb2bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/mouse_async.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2af51869bf270e57ccb56f225b97d898024e20aebb56f65f6766ce95f2fa0d6e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/actionability.py", "duplicate_line": 60, "correlation_key": "fp|2af51869bf270e57ccb56f225b97d898024e20aebb56f65f6766ce95f2fa0d6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/actionability_async.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 35532, "scanner": "repobility-threat-engine", "fingerprint": "72dd90c057b4dd38de51014518b482c9afa85e4a37030a9eca8acf19f6e5e7cb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|72dd90c057b4dd38de51014518b482c9afa85e4a37030a9eca8acf19f6e5e7cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/proxy.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 35531, "scanner": "repobility-threat-engine", "fingerprint": "35990d48f4e0b77ad1131d082a7569ef6e0671bf694febf92b644bcbff0443a8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35990d48f4e0b77ad1131d082a7569ef6e0671bf694febf92b644bcbff0443a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/playwright.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 35530, "scanner": "repobility-threat-engine", "fingerprint": "00731aab7b3dd103034ea4419d918956f7b1dd984cd43c2d7641f9517c0b72dd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|00731aab7b3dd103034ea4419d918956f7b1dd984cd43c2d7641f9517c0b72dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/actionability.ts"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 35529, "scanner": "repobility-threat-engine", "fingerprint": "3cd6687afd64f5ae96c96993eb38d28604b98efc12b7150ad81d90df3dd6454f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3cd6687afd64f5ae96c96993eb38d28604b98efc12b7150ad81d90df3dd6454f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/mouse.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 35528, "scanner": "repobility-threat-engine", "fingerprint": "6ee02675e172ed27b459274a87e9343112fc21c719ea06796ae4221e57eda8b7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ee02675e172ed27b459274a87e9343112fc21c719ea06796ae4221e57eda8b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/actionability.ts"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 35524, "scanner": "repobility-threat-engine", "fingerprint": "e7eab5ab734af4d37c0f39148bdc187d68c4ee3a5578790af2803bf23beedf2a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7eab5ab734af4d37c0f39148bdc187d68c4ee3a5578790af2803bf23beedf2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/puppeteer.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 35523, "scanner": "repobility-threat-engine", "fingerprint": "a64286b9194a732e1a8bbb3a6a87186838d8a8573b5351fb2dc0c52799b695fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a64286b9194a732e1a8bbb3a6a87186838d8a8573b5351fb2dc0c52799b695fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/playwright.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 35522, "scanner": "repobility-threat-engine", "fingerprint": "6bde5f0d5b9ed91f91374e4b430c509ee10cb876acd17a24ecd9de6ac35f1af3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6bde5f0d5b9ed91f91374e4b430c509ee10cb876acd17a24ecd9de6ac35f1af3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/examples/stealth-test.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 35521, "scanner": "repobility-threat-engine", "fingerprint": "ea93f5492ff921e9618c4e30a2631c7b1a2bef829e99f8007e5face821b69969", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ea93f5492ff921e9618c4e30a2631c7b1a2bef829e99f8007e5face821b69969", "aggregated_count": 6}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 35520, "scanner": "repobility-threat-engine", "fingerprint": "2702e9d1bf39a7792e64165d35d907a71e33a7c5aa184883202567e57cc12cd6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2702e9d1bf39a7792e64165d35d907a71e33a7c5aa184883202567e57cc12cd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/examples/persistent-context.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 35519, "scanner": "repobility-threat-engine", "fingerprint": "3fea4d474bce2e726fc1345b261947cc17568d55a6c95e6bc696281e92693fd7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3fea4d474bce2e726fc1345b261947cc17568d55a6c95e6bc696281e92693fd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/examples/basic-puppeteer.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 35518, "scanner": "repobility-threat-engine", "fingerprint": "d21c9a4223ceef2ccf740b023b870befbcc084314354541e334cbe84b9045f74", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d21c9a4223ceef2ccf740b023b870befbcc084314354541e334cbe84b9045f74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/examples/basic-playwright.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 35515, "scanner": "repobility-threat-engine", "fingerprint": "ea33e7d8985cbb9cd551a17f9760a1ec6b21444a40aa038cc421b900442be396", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea33e7d8985cbb9cd551a17f9760a1ec6b21444a40aa038cc421b900442be396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/config.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 35513, "scanner": "repobility-threat-engine", "fingerprint": "cd3346d6b7376fdc43090be830c9c60dc2124be0df4733cf2481dd8d83cf967d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd3346d6b7376fdc43090be830c9c60dc2124be0df4733cf2481dd8d83cf967d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/selenium_example.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 35512, "scanner": "repobility-threat-engine", "fingerprint": "8996ba1a196f17bd9e2a62d624d717211b66246455ede82ead134fcbd994ba76", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8996ba1a196f17bd9e2a62d624d717211b66246455ede82ead134fcbd994ba76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 35511, "scanner": "repobility-threat-engine", "fingerprint": "1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get_effective_version", "breakdown": {"if": 3, "for": 1, "except": 1, "nested_bonus": 8}, "aggregated": true, "complexity": 13, "correlation_key": "fp|1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "aggregated_count": 14}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 35507, "scanner": "repobility-threat-engine", "fingerprint": "0d94e6494da13bf6407a48a6881510c6e822d09b2f89f44c81d7b5b1f3b58007", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0d94e6494da13bf6407a48a6881510c6e822d09b2f89f44c81d7b5b1f3b58007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 35506, "scanner": "repobility-threat-engine", "fingerprint": "a32caf51197b06ac411e9406f3347b9123d3fa4c309c7cc8104d3d0c0638aad5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a32caf51197b06ac411e9406f3347b9123d3fa4c309c7cc8104d3d0c0638aad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 35503, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 35533, "scanner": "repobility-docker", "fingerprint": "18dfd49f7c2b31a24c554e21e284630116137c4aadba77a5e0d0384a6d3a7f1a", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|18dfd49f7c2b31a24c554e21e284630116137c4aadba77a5e0d0384a6d3a7f1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 35514, "scanner": "repobility-threat-engine", "fingerprint": "c5aa6e8c68aabf362cdc6b7565b109ad8fa0dc3b249ee8c6762c101673fc49c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "merged.update(overrides)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c5aa6e8c68aabf362cdc6b7565b109ad8fa0dc3b249ee8c6762c101673fc49c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/config.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 35505, "scanner": "repobility-threat-engine", "fingerprint": "7b8075ad78159ff8264d9581c29d4adae91a73f835954aae457ec65b455b6b9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b8075ad78159ff8264d9581c29d4adae91a73f835954aae457ec65b455b6b9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 35504, "scanner": "repobility-threat-engine", "fingerprint": "38e719c523c88e188d7dc5b1241b3db8f294fc997233f1a017fc0b2e5ff2bf1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|38e719c523c88e188d7dc5b1241b3db8f294fc997233f1a017fc0b2e5ff2bf1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 35502, "scanner": "repobility-threat-engine", "fingerprint": "c017bbda1e9741605850aca02e29cb5ad062f32d4ff352f6ff31217bdb6a8cfa", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n  s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c017bbda1e9741605850aca02e29cb5ad062f32d4ff352f6ff31217bdb6a8cfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/proxy.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 35501, "scanner": "repobility-threat-engine", "fingerprint": "24ea97bcc420e8946bcdba7d00e6dbeefc66d9924500e7884ace0f1ad6176aa5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|24ea97bcc420e8946bcdba7d00e6dbeefc66d9924500e7884ace0f1ad6176aa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/config.ts"}, "region": {"startLine": 138}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 35500, "scanner": "repobility-threat-engine", "fingerprint": "8a0afaae1ec8a859acd4133b09918a3a482ebfbb3ce23053d044adf90d674b0e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8a0afaae1ec8a859acd4133b09918a3a482ebfbb3ce23053d044adf90d674b0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 35499, "scanner": "repobility-threat-engine", "fingerprint": "81c1a9e52d6a6fb56d7e3659943b453226267785d5e845282e7ed4db0b40186d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|81c1a9e52d6a6fb56d7e3659943b453226267785d5e845282e7ed4db0b40186d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/__main__.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED119", "level": "error", "message": {"text": "Dockerfile `ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-${TARGETARCH}`"}, "properties": {"repobilityId": 35498, "scanner": "repobility-supply-chain", "fingerprint": "2a573ecef8022c88a40ae2a67e2ad1ab2dd519ebbf32a4631d4cf955aa9c7f93", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-add-remote-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829", "CWE-494"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2a573ecef8022c88a40ae2a67e2ad1ab2dd519ebbf32a4631d4cf955aa9c7f93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `cloakhq/cloakbrowser:latest` not pinned by digest"}, "properties": {"repobilityId": 35497, "scanner": "repobility-supply-chain", "fingerprint": "974e7ed028f85510a2e0298c7bf1d2d142fbb54479718d3d5ce62ea81644efc2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|974e7ed028f85510a2e0298c7bf1d2d142fbb54479718d3d5ce62ea81644efc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.12-slim` not pinned by digest"}, "properties": {"repobilityId": 35496, "scanner": "repobility-supply-chain", "fingerprint": "86501238955cd076654cf2551739b8a793de47eb8bc9db89cba7bc4fe0befa2d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86501238955cd076654cf2551739b8a793de47eb8bc9db89cba7bc4fe0befa2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_world` used but never assigned in __init__"}, "properties": {"repobilityId": 35473, "scanner": "repobility-ast-engine", "fingerprint": "29d161dbfaf9d9232877b67cb3083e4ad2a5b38eeb8fc555bd16729f675573b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29d161dbfaf9d9232877b67cb3083e4ad2a5b38eeb8fc555bd16729f675573b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stealth_unit.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_world` used but never assigned in __init__"}, "properties": {"repobilityId": 35472, "scanner": "repobility-ast-engine", "fingerprint": "6b3a420ef9321e19d13ba2873b243f3d0e562e231f0080b2699cd7914b42b469", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b3a420ef9321e19d13ba2873b243f3d0e562e231f0080b2699cd7914b42b469"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stealth_unit.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35471, "scanner": "repobility-ast-engine", "fingerprint": "1573eb644bf7510a35eda0a0c9f03a55f4fc67b6416ccd83974471673311d03e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1573eb644bf7510a35eda0a0c9f03a55f4fc67b6416ccd83974471673311d03e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 425}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35470, "scanner": "repobility-ast-engine", "fingerprint": "13a78f6a4ae6ca484b82538429d0319e9af9e2ad5f4cf753196c5f5e2ce27035", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13a78f6a4ae6ca484b82538429d0319e9af9e2ad5f4cf753196c5f5e2ce27035"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 413}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35469, "scanner": "repobility-ast-engine", "fingerprint": "6f498c82fcad780dc48d2cbbcd1416ea19b4508f620b274417542b78a6e98349", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f498c82fcad780dc48d2cbbcd1416ea19b4508f620b274417542b78a6e98349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 401}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35468, "scanner": "repobility-ast-engine", "fingerprint": "d776ecd287f4064dd228d3022530c366d07ddf9b852a483f838aef9a06c3e880", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d776ecd287f4064dd228d3022530c366d07ddf9b852a483f838aef9a06c3e880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 391}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35467, "scanner": "repobility-ast-engine", "fingerprint": "b25eff6e0b809d013eb6bfdd3a8d3d2065cb2f8b7fec4cc2df591ed5699d1162", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b25eff6e0b809d013eb6bfdd3a8d3d2065cb2f8b7fec4cc2df591ed5699d1162"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35466, "scanner": "repobility-ast-engine", "fingerprint": "397657ee0338322109f363e3ca9ebb96aa9678018f6befef306b769aad4c3eec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|397657ee0338322109f363e3ca9ebb96aa9678018f6befef306b769aad4c3eec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 325}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35465, "scanner": "repobility-ast-engine", "fingerprint": "3e0063ad9051a48f873b771bd9c7d73ab6d86eaa2045a1dcb06b898b0c889511", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e0063ad9051a48f873b771bd9c7d73ab6d86eaa2045a1dcb06b898b0c889511"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 319}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35464, "scanner": "repobility-ast-engine", "fingerprint": "f7fd077eb6de6d86fdd729072dd842b748c934692cfcdea5b8d1e263f00a66f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7fd077eb6de6d86fdd729072dd842b748c934692cfcdea5b8d1e263f00a66f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 312}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 35463, "scanner": "repobility-ast-engine", "fingerprint": "9eda504fd71e79dbd51ca57508099626f0a2761bd65f15ab8c3b9207a9313d19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9eda504fd71e79dbd51ca57508099626f0a2761bd65f15ab8c3b9207a9313d19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 35462, "scanner": "repobility-ast-engine", "fingerprint": "3f9fd029cfb7b8605ad0aa383a06d65797d344484ecad340b131d08b146d6601", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f9fd029cfb7b8605ad0aa383a06d65797d344484ecad340b131d08b146d6601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 284}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 35461, "scanner": "repobility-ast-engine", "fingerprint": "e8e513de1312fb6fad982738fdb717ba9469054b09e663c388b6a6c5b52f1919", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8e513de1312fb6fad982738fdb717ba9469054b09e663c388b6a6c5b52f1919"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 35460, "scanner": "repobility-ast-engine", "fingerprint": "5020c3f86b87bf91f6e39c358fa9e9605479403b5b3dcdaa116b11218d3aab33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5020c3f86b87bf91f6e39c358fa9e9605479403b5b3dcdaa116b11218d3aab33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 35459, "scanner": "repobility-ast-engine", "fingerprint": "5d8769ea38b87b451f9c128b0ca1f967e933ad78d6adb1ef465f052e348cc010", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d8769ea38b87b451f9c128b0ca1f967e933ad78d6adb1ef465f052e348cc010"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 35458, "scanner": "repobility-ast-engine", "fingerprint": "7c758067de3850c1f142d24fb40c0920177f8202f03cd8a98c2ad3967de7a6c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c758067de3850c1f142d24fb40c0920177f8202f03cd8a98c2ad3967de7a6c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 35457, "scanner": "repobility-ast-engine", "fingerprint": "66cba31ec64e7aaa312a40a98fd5b434cf56e9ade1e9e3546c01c9d8fd884d2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|66cba31ec64e7aaa312a40a98fd5b434cf56e9ade1e9e3546c01c9d8fd884d2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 35456, "scanner": "repobility-ast-engine", "fingerprint": "df2918e65a6b6181c103259725e28d2bb75d863117505df0e95ec5a79dc40e99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df2918e65a6b6181c103259725e28d2bb75d863117505df0e95ec5a79dc40e99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 35455, "scanner": "repobility-ast-engine", "fingerprint": "2560b9e5b10fa2c3a768506deb9d9f922d25825591f030ca7f7b0edcc9716582", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2560b9e5b10fa2c3a768506deb9d9f922d25825591f030ca7f7b0edcc9716582"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 35454, "scanner": "repobility-ast-engine", "fingerprint": "c7f73fe932da3082b021d42db8368cbf2b0b61c9f1d6075155eac97abaf2036a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7f73fe932da3082b021d42db8368cbf2b0b61c9f1d6075155eac97abaf2036a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 35453, "scanner": "repobility-ast-engine", "fingerprint": "da6d9dae8b84945e3a2ee1f0228875154abf31b382238eea4f6d6230b288d454", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da6d9dae8b84945e3a2ee1f0228875154abf31b382238eea4f6d6230b288d454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 35452, "scanner": "repobility-ast-engine", "fingerprint": "2be45f11c17b3d7423aefa6a7ab58a16293c36178fd125b249d42564aa1bb9e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2be45f11c17b3d7423aefa6a7ab58a16293c36178fd125b249d42564aa1bb9e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 35451, "scanner": "repobility-ast-engine", "fingerprint": "8d8fd858c80cf9bfba6b6ad1cc3b998c18b3451cd779a054f77405036230ec6a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d8fd858c80cf9bfba6b6ad1cc3b998c18b3451cd779a054f77405036230ec6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 35450, "scanner": "repobility-ast-engine", "fingerprint": "c5b3d4b67f6ff962b097c4ae551cc9a95224c7dbf2b9c3dd91919904d0f7c396", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5b3d4b67f6ff962b097c4ae551cc9a95224c7dbf2b9c3dd91919904d0f7c396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 35449, "scanner": "repobility-ast-engine", "fingerprint": "157c7ddba2d226ec1effe916ab1420e77e47d786999258f15b11180ea957b554", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|157c7ddba2d226ec1effe916ab1420e77e47d786999258f15b11180ea957b554"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_accepts_http_and_https"}, "properties": {"repobilityId": 35448, "scanner": "repobility-ast-engine", "fingerprint": "78967e8dcd1f0109ff7590eefffc77e460e55bae2e887d1cd8043f9d88bafecd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78967e8dcd1f0109ff7590eefffc77e460e55bae2e887d1cd8043f9d88bafecd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lambda_security.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_rejects_non_http_schemes"}, "properties": {"repobilityId": 35447, "scanner": "repobility-ast-engine", "fingerprint": "0653f27bf5fc9c0e1335f59948675213b1a36d4164b21953b2337b48129c6434", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0653f27bf5fc9c0e1335f59948675213b1a36d4164b21953b2337b48129c6434"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lambda_security.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_resolve_geo_raises_when_geoip2_missing"}, "properties": {"repobilityId": 35445, "scanner": "repobility-ast-engine", "fingerprint": "418857b751b5ec74ec3176041be35c329020f0f0a17925d3b85c258a1d3ac74f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|418857b751b5ec74ec3176041be35c329020f0f0a17925d3b85c258a1d3ac74f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_geoip.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unsupported_raises"}, "properties": {"repobilityId": 35444, "scanner": "repobility-ast-engine", "fingerprint": "5fb853cb5d6edc612c0a961cd387b1ba644414ce261f021950f939a9d9d85d47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5fb853cb5d6edc612c0a961cd387b1ba644414ce261f021950f939a9d9d85d47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_geoip_http_dict_does_not_inline_creds"}, "properties": {"repobilityId": 35443, "scanner": "repobility-ast-engine", "fingerprint": "1e133ab69b9cf79e1610a3a0522a8afbd1728da83488a4698ae8fda424439584", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e133ab69b9cf79e1610a3a0522a8afbd1728da83488a4698ae8fda424439584"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proxy.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_geoip_socks5_dict_no_auth_uses_server"}, "properties": {"repobilityId": 35442, "scanner": "repobility-ast-engine", "fingerprint": "5312a6f35530f99050e9326d281804201b9a320127443eb556880eb8b28be2a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5312a6f35530f99050e9326d281804201b9a320127443eb556880eb8b28be2a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proxy.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_resolve_backend_invalid_env_raises"}, "properties": {"repobilityId": 35441, "scanner": "repobility-ast-engine", "fingerprint": "4447ff3f41916f4f9aba359ac2cce8a7012b00e268017074157f233bcd92c278", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4447ff3f41916f4f9aba359ac2cce8a7012b00e268017074157f233bcd92c278"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_backend.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_resolve_backend_invalid_raises"}, "properties": {"repobilityId": 35440, "scanner": "repobility-ast-engine", "fingerprint": "ffd78ffb4b47ad375bf620895c97821b34ade13dbccbd3cc64b5910a38733650", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ffd78ffb4b47ad375bf620895c97821b34ade13dbccbd3cc64b5910a38733650"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_backend.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_scroll_to_element_forwards_timeout"}, "properties": {"repobilityId": 35439, "scanner": "repobility-ast-engine", "fingerprint": "537565be0077740a3be06a8a567722b2c683c70e407dcacfdb2b29004dd41100", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|537565be0077740a3be06a8a567722b2c683c70e407dcacfdb2b29004dd41100"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 1408}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_element_box_custom_timeout"}, "properties": {"repobilityId": 35438, "scanner": "repobility-ast-engine", "fingerprint": "186a4dd472e197e435edeee958da782d674fcfd83e90b43a42a35d4eafd0f2ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|186a4dd472e197e435edeee958da782d674fcfd83e90b43a42a35d4eafd0f2ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 1395}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_element_box_default_timeout"}, "properties": {"repobilityId": 35437, "scanner": "repobility-ast-engine", "fingerprint": "fbd4cada550a14ab38d559fa2c009a08dee469321ce99d410879062523a4c197", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fbd4cada550a14ab38d559fa2c009a08dee469321ce99d410879062523a4c197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 1382}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_no_error_on_cyrillic"}, "properties": {"repobilityId": 35436, "scanner": "repobility-ast-engine", "fingerprint": "1fee340f8416ed5f000e4c8dd4e0cb4195f4de7f95b9a17797edbfd1e2af25ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fee340f8416ed5f000e4c8dd4e0cb4195f4de7f95b9a17797edbfd1e2af25ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 565}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_press_clicks_when_not_focused"}, "properties": {"repobilityId": 35435, "scanner": "repobility-ast-engine", "fingerprint": "bd78358cbac041ac7517e52afa4dce7df5463f366d98845be62e6feceb4a0c45", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd78358cbac041ac7517e52afa4dce7df5463f366d98845be62e6feceb4a0c45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_press_skips_click_when_focused"}, "properties": {"repobilityId": 35434, "scanner": "repobility-ast-engine", "fingerprint": "54675d3bcafae7a35eaa057b7b7e6145c4e62333de053edb9a06b44cfa9adc29", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54675d3bcafae7a35eaa057b7b7e6145c4e62333de053edb9a06b44cfa9adc29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_preset_raises"}, "properties": {"repobilityId": 35433, "scanner": "repobility-ast-engine", "fingerprint": "588dc36279dbdfdad187bb7e8b1690e48ae5254aeb06fcbf716bbedf64a5948b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|588dc36279dbdfdad187bb7e8b1690e48ae5254aeb06fcbf716bbedf64a5948b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_path_traversal_blocked"}, "properties": {"repobilityId": 35432, "scanner": "repobility-ast-engine", "fingerprint": "2813ff408a742455f94f9cb1caf2e6a301839b43a25b75b113bd717c7804ed21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2813ff408a742455f94f9cb1caf2e6a301839b43a25b75b113bd717c7804ed21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_extract.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_path_traversal_blocked"}, "properties": {"repobilityId": 35431, "scanner": "repobility-ast-engine", "fingerprint": "55326150108866620fe64105226f936151b7a530032968b0894fbb9350a6860e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55326150108866620fe64105226f936151b7a530032968b0894fbb9350a6860e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_extract.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_creepjs"}, "properties": {"repobilityId": 35430, "scanner": "repobility-ast-engine", "fingerprint": "608bdec2dfa8c79d607b566c68792e04bce7b3a2fa189238cef14ad4a1beb0ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|608bdec2dfa8c79d607b566c68792e04bce7b3a2fa189238cef14ad4a1beb0ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/fingerprint_scan_test.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fingerprint_scan"}, "properties": {"repobilityId": 35429, "scanner": "repobility-ast-engine", "fingerprint": "a5768eea136b5820dbe63422e5fa1ab76ae9bc0be9ef166245980e66a358ba43", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5768eea136b5820dbe63422e5fa1ab76ae9bc0be9ef166245980e66a358ba43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/fingerprint_scan_test.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_recaptcha"}, "properties": {"repobilityId": 35425, "scanner": "repobility-ast-engine", "fingerprint": "c84fc502a16015e24de1d4514f4c876063036850d3bf4b37148cc748cffd8076", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c84fc502a16015e24de1d4514f4c876063036850d3bf4b37148cc748cffd8076"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fingerprintjs"}, "properties": {"repobilityId": 35424, "scanner": "repobility-ast-engine", "fingerprint": "bc1b1c98037f0e76874bd9517766d9e1cdd248c77e5c6bcfbf955162a1386590", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc1b1c98037f0e76874bd9517766d9e1cdd248c77e5c6bcfbf955162a1386590"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_deviceandbrowserinfo"}, "properties": {"repobilityId": 35423, "scanner": "repobility-ast-engine", "fingerprint": "e72182970ea00acd97a683cedc30a738da357f6457b940229a0b87427748aa1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e72182970ea00acd97a683cedc30a738da357f6457b940229a0b87427748aa1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_browserscan"}, "properties": {"repobilityId": 35422, "scanner": "repobility-ast-engine", "fingerprint": "4c5d4043961e2d00c6584a9391bc6385307c42de040ababd172bbf79b7cbfa0a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c5d4043961e2d00c6584a9391bc6385307c42de040ababd172bbf79b7cbfa0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_bot_incolumitas"}, "properties": {"repobilityId": 35421, "scanner": "repobility-ast-engine", "fingerprint": "8157d9d1f8e6947c4921053298d9c3b633f3779737756298615dc6cabc1c42e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8157d9d1f8e6947c4921053298d9c3b633f3779737756298615dc6cabc1c42e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_bot_sannysoft"}, "properties": {"repobilityId": 35420, "scanner": "repobility-ast-engine", "fingerprint": "b88069e23f7bfe462c3165e0ef3eeeb838cd07efc1634c092f20e440de402a02", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b88069e23f7bfe462c3165e0ef3eeeb838cd07efc1634c092f20e440de402a02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `locale` used but not imported"}, "properties": {"repobilityId": 35446, "scanner": "repobility-ast-engine", "fingerprint": "c2fa1e75adb86c7cac793a62e2550a3aa47b19b9c062dea05f366f398bb660a7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c2fa1e75adb86c7cac793a62e2550a3aa47b19b9c062dea05f366f398bb660a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_geoip.py"}, "region": {"startLine": 62}}}]}]}]}