{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/437"}, "properties": {"repository": "apache/poi", "repoUrl": "https://github.com/apache/poi.git", "branch": "trunk"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 22935, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 22932, "scanner": "repobility-threat-engine", "fingerprint": "5e5bf22c5ae1ff9cf86b84c29c586428ad0c6054764d557f3b359015cb5f6273", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "entry.getName()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|69|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipArchiveFakeEntry.java"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 22931, "scanner": "repobility-threat-engine", "fingerprint": "75757887c3d79fc71dc643a9729d01c5cc65154ba4b7a51e5ce04416f606c722", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "entry.getName()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|263|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java"}, "region": {"startLine": 263}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 22930, "scanner": "repobility-threat-engine", "fingerprint": "c16e89107a9cfac2a2ec2cc31d07d823e751ac1943e107dff470f9fc220ee4b4", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Entry.getName()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|434|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-ooxml/src/main/java/org/apache/poi/openxml4j/opc/ZipPackage.java"}, "region": {"startLine": 434}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22965, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba221ffb5a696da286802d17782387af6eae38a0ae07ad79aaec825311360743", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|ba221ffb5a696da286802d17782387af6eae38a0ae07ad79aaec825311360743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/util/ExcelAntWorkbookUtil.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22964, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a1b845d42d5cf44d248fd3fed0c985423d57e8a24691f4e497a7385537032ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|1a1b845d42d5cf44d248fd3fed0c985423d57e8a24691f4e497a7385537032ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/util/ExcelAntEvaluationResult.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22963, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e12bbc7ad8a2bc53bec921c72453fe232c265009022c6c25d4049595d836f5c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|9e12bbc7ad8a2bc53bec921c72453fe232c265009022c6c25d4049595d836f5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/IExcelAntWorkbookHandler.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22962, "scanner": "repobility-ai-code-hygiene", "fingerprint": "28ad3830a1e9122b8526ce543ccb60d49fe7255c9895599d4810d467425ca456", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|28ad3830a1e9122b8526ce543ccb60d49fe7255c9895599d4810d467425ca456"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/IExcelAntWorkbookHandler.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22961, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79b4c5ef4a2500603e36d37dc3048dd0d89056c71e3f256caeac131999744485", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntPrecision.java", "duplicate_line": 4, "correlation_key": "fp|79b4c5ef4a2500603e36d37dc3048dd0d89056c71e3f256caeac131999744485"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntUserDefinedFunction.java"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22960, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89b7a3d92b4c66cac7760cceaf31af6ca15cc9d9c47fe8809174762da2f1c98f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|89b7a3d92b4c66cac7760cceaf31af6ca15cc9d9c47fe8809174762da2f1c98f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntUserDefinedFunction.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22959, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9cfc175dc88516add19bfef7d26833e620432df596a7d18d087c888f1cf8f83c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|9cfc175dc88516add19bfef7d26833e620432df596a7d18d087c888f1cf8f83c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntUserDefinedFunction.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22958, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e82db244e55f1515e58e461332f2a70072feb741c7aef8f20f5f49cc6076cfce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|e82db244e55f1515e58e461332f2a70072feb741c7aef8f20f5f49cc6076cfce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntTest.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22957, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72ff24b9c1f4d592b8507721d9468e1e8fe867b5866613e7580085f8dfd8f713", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|72ff24b9c1f4d592b8507721d9468e1e8fe867b5866613e7580085f8dfd8f713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntTest.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22956, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c1f076b2d99d580127a3684b78df2ed8b76c9bc0e2f95da40045908ef4a3d6f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|1c1f076b2d99d580127a3684b78df2ed8b76c9bc0e2f95da40045908ef4a3d6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntTask.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22955, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5cba1274957d2addb4640e597d565187b37b2cd54f7a15cc705d4a107394b3e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|5cba1274957d2addb4640e597d565187b37b2cd54f7a15cc705d4a107394b3e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntTask.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22954, "scanner": "repobility-ai-code-hygiene", "fingerprint": "814bad304826a3782349d52b01a03432a0824074f8f6e217e7205bdb708efc45", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetDoubleCell.java", "duplicate_line": 4, "correlation_key": "fp|814bad304826a3782349d52b01a03432a0824074f8f6e217e7205bdb708efc45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetStringCell.java"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22953, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d44a035619a675e69d9248c7a33e744c41aa532fc0412748a21f91c76313a5f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|d44a035619a675e69d9248c7a33e744c41aa532fc0412748a21f91c76313a5f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetStringCell.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22952, "scanner": "repobility-ai-code-hygiene", "fingerprint": "52e7ad3a2bbc5ad1e1b84e84bec6682c7d0ad5fe68a0256c6c4f993edb620eed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|52e7ad3a2bbc5ad1e1b84e84bec6682c7d0ad5fe68a0256c6c4f993edb620eed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetStringCell.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22951, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bc31d5d3f7e847274dbd27a0d718acf8967ec14da09c9d9b4c424af5efbfa271", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetDoubleCell.java", "duplicate_line": 4, "correlation_key": "fp|bc31d5d3f7e847274dbd27a0d718acf8967ec14da09c9d9b4c424af5efbfa271"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetFormulaCell.java"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22950, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d9c3a1af914a13991ef844ad8a65a60880e53793a9e860e03415bc85f62d7a82", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|d9c3a1af914a13991ef844ad8a65a60880e53793a9e860e03415bc85f62d7a82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetFormulaCell.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22949, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a2bb2d836d1f5ba909e1e6a897411f278481fa5c6ffb8d34d279c731987ff07f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|a2bb2d836d1f5ba909e1e6a897411f278481fa5c6ffb8d34d279c731987ff07f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetFormulaCell.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22948, "scanner": "repobility-ai-code-hygiene", "fingerprint": "259686888d0d6cca3748db44d1357de253bd4b9a37fae051ec18f57877ec5620", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|259686888d0d6cca3748db44d1357de253bd4b9a37fae051ec18f57877ec5620"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetDoubleCell.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22947, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97b2063812bf266641f0b4ffe3c8bd8b94caa11ab2b2734b88aaaba2ac85787f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|97b2063812bf266641f0b4ffe3c8bd8b94caa11ab2b2734b88aaaba2ac85787f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSetDoubleCell.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22946, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3b23fef6cbda78ed0bcbd3c1cdf4cb3e73692c4c483ee61403fea44cd63bbf1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntHandlerTask.java", "duplicate_line": 4, "correlation_key": "fp|e3b23fef6cbda78ed0bcbd3c1cdf4cb3e73692c4c483ee61403fea44cd63bbf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSet.java"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22945, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b340a2e87ffe13deaa404e39591167dd6f17111c6cc766b74a19bfd89ca0f73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|1b340a2e87ffe13deaa404e39591167dd6f17111c6cc766b74a19bfd89ca0f73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSet.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22944, "scanner": "repobility-ai-code-hygiene", "fingerprint": "511a8f05ea34d20397ecc0a374d3bf5cb4880ae4b56bfa4712b8d8f40e014b09", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|511a8f05ea34d20397ecc0a374d3bf5cb4880ae4b56bfa4712b8d8f40e014b09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntSet.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22943, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c9aed10c23a212ad95fd083281554af202d4be284c2654d485f316304f87af5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|5c9aed10c23a212ad95fd083281554af202d4be284c2654d485f316304f87af5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntPrecision.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22942, "scanner": "repobility-ai-code-hygiene", "fingerprint": "95d5c6f34dfcb7ff6edcb9e77c616550202071979ca789879acb01ae1a36ed30", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|95d5c6f34dfcb7ff6edcb9e77c616550202071979ca789879acb01ae1a36ed30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntPrecision.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22941, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37f77386f023e2a7dde83951f282e1bfa7ef3993c745a238a8e8858f3b55f324", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java", "duplicate_line": 3, "correlation_key": "fp|37f77386f023e2a7dde83951f282e1bfa7ef3993c745a238a8e8858f3b55f324"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntHandlerTask.java"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22940, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7361d68860946765a7060b35f2363de29f445a00866663761097f58127795cbb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|7361d68860946765a7060b35f2363de29f445a00866663761097f58127795cbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntHandlerTask.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22939, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb832020bd25ff9756b32ff444b6694e0448f83f2ecae696ce8161da5f797958", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|fb832020bd25ff9756b32ff444b6694e0448f83f2ecae696ce8161da5f797958"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-excelant/src/main/java/org/apache/poi/ss/excelant/ExcelAntEvaluateCell.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22938, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e673294c487ef3ac01065fb471ce06162bc4c6c4629623d99d1003d9ec9ca78", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|5e673294c487ef3ac01065fb471ce06162bc4c6c4629623d99d1003d9ec9ca78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-examples/src/main/ruby/java/org/apache/poi/RubyOutputStream.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22937, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4bfc0345562df35a361af405c6dc647cac365d0de9e7856b220c2f5c649c4eab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|4bfc0345562df35a361af405c6dc647cac365d0de9e7856b220c2f5c649c4eab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-examples/src/main/ruby/cpp/RubyIO.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22936, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc3d4f90223ed93c47a882667b06ddd647f3b6507bfc02d6ca5c594edbe67516", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "osgi/src/main/java/org/apache/poi/osgi/Activator.java", "duplicate_line": 1, "correlation_key": "fp|cc3d4f90223ed93c47a882667b06ddd647f3b6507bfc02d6ca5c594edbe67516"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-examples/src/main/java9/module-info.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 22934, "scanner": "repobility-threat-engine", "fingerprint": "b443bca6feec959d691946e9c6e4f72b0a9be9a6478c6f0db5e6d60326418248", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": "document.write(N", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|44|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-fuzz/src/main/java/org/apache/poi/fuzz/POIHPSFFuzzer.java"}, "region": {"startLine": 44}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 22464, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "SEC012", "level": "none", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 22933, "scanner": "repobility-threat-engine", "fingerprint": "44c4dc127f73f3e0861bd3c604b4ce8018a99eccbb542492630b7d7b57ef89a9", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|44c4dc127f73f3e0861bd3c604b4ce8018a99eccbb542492630b7d7b57ef89a9"}}}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 22929, "scanner": "repobility-threat-engine", "fingerprint": "cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691"}}}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 22928, "scanner": "repobility-threat-engine", "fingerprint": "7c6e57fb9f22d29bcb2764c08630fd4b681038748afda386bb6c780840a7aba3", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|88|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-examples/src/main/java/org/apache/poi/examples/xssf/streaming/SavePasswordProtectedXlsx.java"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 22927, "scanner": "repobility-threat-engine", "fingerprint": "1f5667a5a34d79809c914e87ce349ef8f1ccf6dcb732fa74a7474b5360ce05df", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(Input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|51|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-ooxml/src/main/java/org/apache/poi/ooxml/util/PackageHelper.java"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 22926, "scanner": "repobility-threat-engine", "fingerprint": "d7ae62ecb195f043685f70534540d7769692fc681999f0ff8f17ccb7e11f4cfa", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(Input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|429|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-ooxml/src/main/java/org/apache/poi/openxml4j/opc/OPCPackage.java"}, "region": {"startLine": 429}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22925, "scanner": "repobility-threat-engine", "fingerprint": "5fe7f5ab58f38679d43be9a010f9bd6cc932e77366b617d7794110715cd86d8e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "HttpURLConnection)new URI(url).toURL().openConnection(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5fe7f5ab58f38679d43be9a010f9bd6cc932e77366b617d7794110715cd86d8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/services/TimeStampSimpleHttpClient.java"}, "region": {"startLine": 212}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22924, "scanner": "repobility-threat-engine", "fingerprint": "30aa9069637a8cac8579f940d2b348c95b0433392cef3415a8d090c75e3fa801", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|30aa9069637a8cac8579f940d2b348c95b0433392cef3415a8d090c75e3fa801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java"}, "region": {"startLine": 239}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22923, "scanner": "repobility-threat-engine", "fingerprint": "ac0550e9805c371ecc6b2f400a46d5ed3cb0ccbbff02ee3a48715470a1e87e47", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac0550e9805c371ecc6b2f400a46d5ed3cb0ccbbff02ee3a48715470a1e87e47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java"}, "region": {"startLine": 506}}}]}]}]}