{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `pcapy-ng` has no version pin: Unpinned pip requirement means every fresh install may resol", "shortDescription": {"text": "[MINED124] requirements.txt: `pcapy-ng` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible inst"}, "fullDescription": {"text": "Replace `pcapy-ng` with `pcapy-ng==<version>` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `write` has cognitive complexity 8 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `write` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `python:3` not pinned by digest: `FROM python:3` resolves the tag at build time. The registry", "shortDescription": {"text": "[MINED118] Dockerfile FROM `python:3` not pinned by digest: `FROM python:3` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin t"}, "fullDescription": {"text": "Replace with: `FROM python:3@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.path`, but", "shortDescription": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the met"}, "fullDescription": {"text": "Initialize `self.path = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC009", "name": "Compose service bind-mounts a sensitive host path", "shortDescription": {"text": "Compose service bind-mounts a sensitive host path"}, "fullDescription": {"text": "Mount only the exact file or directory required, prefer read-only mode, and avoid host system paths."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED127", "name": "[MINED127] Cryptominer signature: `supportxmr`: Source contains a known cryptominer signature (`supportxmr`). Could be a", "shortDescription": {"text": "[MINED127] Cryptominer signature: `supportxmr`: Source contains a known cryptominer signature (`supportxmr`). Could be a deliberate malicious payload, a compromised dependency, or a copy-paste from a tutorial \u2014 but it warrants immediate inv"}, "fullDescription": {"text": "Verify the file's provenance \u2014 when was it added, by whom, in what PR. Search the repo for related indicators (binary blobs, outbound network calls, base64-encoded shell scripts)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/210"}, "properties": {"repository": "stamparm/maltrail", "repoUrl": "https://github.com/stamparm/maltrail", "branch": "master"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pcapy-ng` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 49148, "scanner": "repobility-supply-chain", "fingerprint": "4d72bab5a853e4473c461d5078313e9e42b1e90b90a65346cbcf8b3535c2bb3c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d72bab5a853e4473c461d5078313e9e42b1e90b90a65346cbcf8b3535c2bb3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49147, "scanner": "repobility-ast-engine", "fingerprint": "a8b1f4bbd137308089facbbe2f5ecf2c83aac0ef566026d301ded091ed0ef388", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8b1f4bbd137308089facbbe2f5ecf2c83aac0ef566026d301ded091ed0ef388"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49146, "scanner": "repobility-ast-engine", "fingerprint": "636ad6d1bed6370bd6a73b4913832dbd5eb11969cd8168d419c7789a9ac4e696", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|636ad6d1bed6370bd6a73b4913832dbd5eb11969cd8168d419c7789a9ac4e696"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49145, "scanner": "repobility-ast-engine", "fingerprint": "337cb88d27c61bb4338e626e8349bc41dd5d47514b47bc457f9bdac2a0d05227", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|337cb88d27c61bb4338e626e8349bc41dd5d47514b47bc457f9bdac2a0d05227"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/settings.py"}, "region": {"startLine": 447}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49144, "scanner": "repobility-ast-engine", "fingerprint": "fd10934c20eac48ad0585e35fe88c93e345c8d901f8ffbec4eaef8ada98a753b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd10934c20eac48ad0585e35fe88c93e345c8d901f8ffbec4eaef8ada98a753b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49143, "scanner": "repobility-ast-engine", "fingerprint": "e5863863c42eb485af29e161f314de341c2392fa743ab7eff5c133f9d5083f5b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5863863c42eb485af29e161f314de341c2392fa743ab7eff5c133f9d5083f5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 377}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49142, "scanner": "repobility-ast-engine", "fingerprint": "1330417d33255f4cc47c27bc4694964f368c83722e31edec2f3287267833e64f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1330417d33255f4cc47c27bc4694964f368c83722e31edec2f3287267833e64f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49141, "scanner": "repobility-ast-engine", "fingerprint": "9937623bcbeb150f2fe0e5a953bfee2b0eeafcd2b7eab94775bd7defd7b4d8aa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9937623bcbeb150f2fe0e5a953bfee2b0eeafcd2b7eab94775bd7defd7b4d8aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49140, "scanner": "repobility-ast-engine", "fingerprint": "44239ff8bd57c629b3e4af4d352bd9b99d45048407f79cb59d24e51d77e88493", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|44239ff8bd57c629b3e4af4d352bd9b99d45048407f79cb59d24e51d77e88493"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49139, "scanner": "repobility-ast-engine", "fingerprint": "1392f8d4069bf2d9b1b8d2b4f7c60dd0430717f405b14061934c6d2cd901d3ba", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1392f8d4069bf2d9b1b8d2b4f7c60dd0430717f405b14061934c6d2cd901d3ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 344}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49138, "scanner": "repobility-ast-engine", "fingerprint": "e0e16f2b019a2df1bbbdfcce4579145903d9309985737faf8c05001a0b92af44", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0e16f2b019a2df1bbbdfcce4579145903d9309985737faf8c05001a0b92af44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49137, "scanner": "repobility-ast-engine", "fingerprint": "83cf85486cc9a53726d8d2a32945b9f53382d3152bdf989dffe9b5f6b68d73de", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83cf85486cc9a53726d8d2a32945b9f53382d3152bdf989dffe9b5f6b68d73de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/log.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49136, "scanner": "repobility-ast-engine", "fingerprint": "54ef598a7dfd887bb03a0de1398b20a0480fb5e4f1c7cc273b7b1d40a30da932", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54ef598a7dfd887bb03a0de1398b20a0480fb5e4f1c7cc273b7b1d40a30da932"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49135, "scanner": "repobility-ast-engine", "fingerprint": "2c2fa1cd64344be25329e50cdd6c4d94196c1f5209c0a23f60c7785157b6104d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c2fa1cd64344be25329e50cdd6c4d94196c1f5209c0a23f60c7785157b6104d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 820}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49134, "scanner": "repobility-ast-engine", "fingerprint": "6e8b7a7c7d06b6ffa6cf08781340b697dd6bc9cf6a843d3b52e221a4d8739aba", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e8b7a7c7d06b6ffa6cf08781340b697dd6bc9cf6a843d3b52e221a4d8739aba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 598}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49133, "scanner": "repobility-ast-engine", "fingerprint": "a5a761d0c492ce27ba26342ea0beb2b862f8c15bbbb1e90790ca5482eb425ed0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5a761d0c492ce27ba26342ea0beb2b862f8c15bbbb1e90790ca5482eb425ed0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 406}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49132, "scanner": "repobility-ast-engine", "fingerprint": "2a73c837bf9e9f3bc4a40ea8bfd2f382bbe4aded14c299e1104850fd9558a87f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a73c837bf9e9f3bc4a40ea8bfd2f382bbe4aded14c299e1104850fd9558a87f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 490}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49131, "scanner": "repobility-ast-engine", "fingerprint": "017a3e47979aaedc9bacdc0bd62dec7306cbf7e33bf12ca3ec7bc0255876e4d3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|017a3e47979aaedc9bacdc0bd62dec7306cbf7e33bf12ca3ec7bc0255876e4d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 448}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49130, "scanner": "repobility-ast-engine", "fingerprint": "040987c510241f2a81bbf8531bb5e1a238d0c7d50eab676a42af8722fd7b5d7a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|040987c510241f2a81bbf8531bb5e1a238d0c7d50eab676a42af8722fd7b5d7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49129, "scanner": "repobility-ast-engine", "fingerprint": "f8e1ee45ff75aef769d1bbe8bd7f33db56a269edce90d67d76e5474a141b24e5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8e1ee45ff75aef769d1bbe8bd7f33db56a269edce90d67d76e5474a141b24e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49128, "scanner": "repobility-ast-engine", "fingerprint": "ab3e6991ccc2c3fdc8b981d79de36641ae6c814d9a2cef5e05171ba1b21dcc20", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab3e6991ccc2c3fdc8b981d79de36641ae6c814d9a2cef5e05171ba1b21dcc20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 862}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49102, "scanner": "repobility-ast-engine", "fingerprint": "e52f0281b4771e6f59f357bec841e4bbeb60bfa77572fb6d66ed7c17e90dd674", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e52f0281b4771e6f59f357bec841e4bbeb60bfa77572fb6d66ed7c17e90dd674"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/datatype.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49101, "scanner": "repobility-ast-engine", "fingerprint": "efd029ce53b5ec0d25305fb8ec2781f40ee730586f446a0d81bff68b1f4e100d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efd029ce53b5ec0d25305fb8ec2781f40ee730586f446a0d81bff68b1f4e100d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sensor.py"}, "region": {"startLine": 1076}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49100, "scanner": "repobility-ast-engine", "fingerprint": "9ca3fc9871563097168faabc6b572f5475f9771f7f69676fd3d8873ccfc14f51", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ca3fc9871563097168faabc6b572f5475f9771f7f69676fd3d8873ccfc14f51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sensor.py"}, "region": {"startLine": 1106}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49099, "scanner": "repobility-ast-engine", "fingerprint": "a5e6fd703361a258d7c0bd7b925c61788e0145979241db6cc8ee521008970806", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5e6fd703361a258d7c0bd7b925c61788e0145979241db6cc8ee521008970806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sensor.py"}, "region": {"startLine": 1017}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49098, "scanner": "repobility-ast-engine", "fingerprint": "8fcfbc2e3066f0bdae43b04701b09b34bd68968d9ba8c5ea05eec0327c2ecf47", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8fcfbc2e3066f0bdae43b04701b09b34bd68968d9ba8c5ea05eec0327c2ecf47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sensor.py"}, "region": {"startLine": 882}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 49094, "scanner": "repobility-threat-engine", "fingerprint": "cd83b8db4a917b98a4da69ab2e46492b3908f40521baab1361b1d9e58be18005", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "DEBUG = True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cd83b8db4a917b98a4da69ab2e46492b3908f40521baab1361b1d9e58be18005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 49088, "scanner": "repobility-threat-engine", "fingerprint": "a2317c8a2163240c2202ee5223fd7dbaac9d4d2fbc777e011bcf7e6d716791a5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a2317c8a2163240c2202ee5223fd7dbaac9d4d2fbc777e011bcf7e6d716791a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 6588, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6587, "scanner": "repobility-docker", "fingerprint": "22bbac4b9661e68b021d26ae4797735fd8f311048a44b7cb6638ab0163ec78a4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|22bbac4b9661e68b021d26ae4797735fd8f311048a44b7cb6638ab0163ec78a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 6585, "scanner": "repobility-threat-engine", "fingerprint": "510a545f3238ab140a3937baaa4d9e42c2c01ca2b1f73f22f261926d4931a2a8", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "Math.random()", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|html/js/main.js|1981|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "html/js/main.js"}, "region": {"startLine": 1981}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 6583, "scanner": "repobility-threat-engine", "fingerprint": "9d306cb4331d41ce25978cff2bdbfff7af06cc958e28c1436b5a48d3b7cfb603", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch(err) {\n    }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9d306cb4331d41ce25978cff2bdbfff7af06cc958e28c1436b5a48d3b7cfb603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "html/js/main.js"}, "region": {"startLine": 373}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 6582, "scanner": "repobility-threat-engine", "fingerprint": "b1544794b3fee0cd0added2fb17bfb40d01c473ac12efb43f64d6507c2323675", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch(err) {\n    }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b1544794b3fee0cd0added2fb17bfb40d01c473ac12efb43f64d6507c2323675"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "html/js/errorhandler.js"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 6581, "scanner": "repobility-threat-engine", "fingerprint": "3d8bdc59c0bca9d34c1676b100bc932432911f2ae65fe97460f744053f5e5d4c", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|core/common.py|191|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6579, "scanner": "repobility-threat-engine", "fingerprint": "6d762510a5e2a71ce8363d79a45d8892f592bfb18479a973209130fd6a9115d2", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6d762510a5e2a71ce8363d79a45d8892f592bfb18479a973209130fd6a9115d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 247}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6578, "scanner": "repobility-threat-engine", "fingerprint": "44e4dbf98b88b0ef6859c60b111478b90fd0db7fc5d9b3599003fe98c250f430", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|44e4dbf98b88b0ef6859c60b111478b90fd0db7fc5d9b3599003fe98c250f430"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6577, "scanner": "repobility-threat-engine", "fingerprint": "f9709b48125cea2c73fda4f0d0bae5bb15f88a8e097b0f722eb4c4c647b45e03", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f9709b48125cea2c73fda4f0d0bae5bb15f88a8e097b0f722eb4c4c647b45e03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sensor.py"}, "region": {"startLine": 1063}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 49093, "scanner": "repobility-threat-engine", "fingerprint": "15dbe1ad818b9edc99d7ee75b6e5717974517759235a9be7d9ec100f140995a3", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "' Script: ' + url + ' Line: '", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|15dbe1ad818b9edc99d7ee75b6e5717974517759235a9be7d9ec100f140995a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "html/js/errorhandler.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `write` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=4, nested_bonus=1, recursion=1, ternary=1."}, "properties": {"repobilityId": 49079, "scanner": "repobility-threat-engine", "fingerprint": "c71c2f7b481c8eb82a5206f793d3546d782f39390f249caffa58d3788cd7d971", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "write", "breakdown": {"if": 4, "for": 1, "ternary": 1, "recursion": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|c71c2f7b481c8eb82a5206f793d3546d782f39390f249caffa58d3788cd7d971"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/colorized.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `expand_range` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, if=3, nested_bonus=5, while=2."}, "properties": {"repobilityId": 49078, "scanner": "repobility-threat-engine", "fingerprint": "25f477bed9d20f07afb7c5a2607ac0638e7132d2cf070e7c556103d5edc60c43", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "expand_range", "breakdown": {"if": 3, "elif": 1, "else": 1, "while": 2, "nested_bonus": 5}, "complexity": 12, "correlation_key": "fp|25f477bed9d20f07afb7c5a2607ac0638e7132d2cf070e7c556103d5edc60c43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/addr.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 6591, "scanner": "repobility-docker", "fingerprint": "18e11c9197867a51a09d2027a6b3073aa67ed849c769d4cd2a198fcbf436a75b", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|18e11c9197867a51a09d2027a6b3073aa67ed849c769d4cd2a198fcbf436a75b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/docker-compose.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 6589, "scanner": "repobility-docker", "fingerprint": "35946a2a62c37dd39085daf32aeb128735fbe31da8557ca76bfab4410bb9a367", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|35946a2a62c37dd39085daf32aeb128735fbe31da8557ca76bfab4410bb9a367"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/docker-compose.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC005", "level": "note", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 6576, "scanner": "repobility-threat-engine", "fingerprint": "72c2a5b35a464db66723af91ea8e5967666e3ff3c64d53993afe9bfcb74cb7ec", "category": "injection", "severity": "low", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Command is a hardcoded string literal \u2014 lower risk", "evidence": {"match": "subprocess.check_output(\"sysctl hw\", shell=True", "reason": "Command is a hardcoded string literal \u2014 lower risk", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "code|injection|core/settings.py|192|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/settings.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "SEC005", "level": "note", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 6575, "scanner": "repobility-threat-engine", "fingerprint": "52b8e43384a4871cffd6af94910ef7084c07dbb631d38c832e7f70282ca50f30", "category": "injection", "severity": "low", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Command is a hardcoded string literal \u2014 lower risk", "evidence": {"match": "subprocess.check_output(\"grep -c ^processor /proc/cpuinfo\", stderr=subprocess.STDOUT, shell=True", "reason": "Command is a hardcoded string literal \u2014 lower risk", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "code|injection|sensor.py|1072|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sensor.py"}, "region": {"startLine": 1072}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6571, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d04523a2a79e6e690250046584a008467957ace5ddad57a2bc4afb24878d2d3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "trails/feeds/openphish.py", "duplicate_line": 11, "correlation_key": "fp|3d04523a2a79e6e690250046584a008467957ace5ddad57a2bc4afb24878d2d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trails/feeds/ransomwaretrackerurl.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6570, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cac51fd42f3501bdee67d93f15927ebcbd9a85f0ce69995a30c7ffec9c35bdb2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "trails/feeds/ransomwaretrackerdns.py", "duplicate_line": 7, "correlation_key": "fp|cac51fd42f3501bdee67d93f15927ebcbd9a85f0ce69995a30c7ffec9c35bdb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trails/feeds/ransomwaretrackerip.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 49089, "scanner": "repobility-threat-engine", "fingerprint": "47c993d3dc6b4ef16d6fb80cbd3da772cc6cc9b77baf4598249ce27c37453be1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47c993d3dc6b4ef16d6fb80cbd3da772cc6cc9b77baf4598249ce27c37453be1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/enums.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 49087, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49086, "scanner": "repobility-threat-engine", "fingerprint": "44a0a031da8c756496b536e5d2e626f00140b7c59b7d00a65b459acc6447580b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|44a0a031da8c756496b536e5d2e626f00140b7c59b7d00a65b459acc6447580b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trails/feeds/ciarmy.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49085, "scanner": "repobility-threat-engine", "fingerprint": "4725466f1b4a66cd623429b93ae7fd461a9bd5efc12e8913a446596316d90b7f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4725466f1b4a66cd623429b93ae7fd461a9bd5efc12e8913a446596316d90b7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trails/feeds/bruteforceblocker.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49084, "scanner": "repobility-threat-engine", "fingerprint": "f668c27f8237f3a19d0fb08682f68b4527b27b6877e3dda10230913da94feb02", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f668c27f8237f3a19d0fb08682f68b4527b27b6877e3dda10230913da94feb02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 49081, "scanner": "repobility-threat-engine", "fingerprint": "94788d2fc96d60b37971e8a2e1600ce225881eda253654cbff5e03de9189cc6a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "expand_range", "breakdown": {"if": 3, "elif": 1, "else": 1, "while": 2, "nested_bonus": 5}, "aggregated": true, "complexity": 12, "correlation_key": "fp|94788d2fc96d60b37971e8a2e1600ce225881eda253654cbff5e03de9189cc6a", "aggregated_count": 23}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 49077, "scanner": "repobility-threat-engine", "fingerprint": "b39288e529a4ab712a2d60436a688220bb6b374d59b0f4dce7184c9dc7729483", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b39288e529a4ab712a2d60436a688220bb6b374d59b0f4dce7184c9dc7729483", "aggregated_count": 2}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 49076, "scanner": "repobility-threat-engine", "fingerprint": "85249798ac0cdb25d7dfab8b1db0e2c98e0c8f204549b97e67fe33f2a01d639d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85249798ac0cdb25d7dfab8b1db0e2c98e0c8f204549b97e67fe33f2a01d639d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/enums.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 49075, "scanner": "repobility-threat-engine", "fingerprint": "b12f0b56e6562aa620ef22c38da2c5d87b1bb2d1088928eceb3a49b23eebaad4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b12f0b56e6562aa620ef22c38da2c5d87b1bb2d1088928eceb3a49b23eebaad4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 49074, "scanner": "repobility-threat-engine", "fingerprint": "367f3cc33e7412fb6db1792c8b30d44e4fd76544ca44c25e84025dd6889d1312", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|367f3cc33e7412fb6db1792c8b30d44e4fd76544ca44c25e84025dd6889d1312"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/__init__.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 6580, "scanner": "repobility-threat-engine", "fingerprint": "4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 6574, "scanner": "repobility-threat-engine", "fingerprint": "1ef99798c36a3e7203870a9a2f3f468dd09ffaa91a31227305d7523fc32af9f1", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(\"[x] unable to retrieve data from '%s'\" % config.UPDATE_SERVER)", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|core/update.py|9|print x unable to retrieve data from s config.update_server"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/update.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 6573, "scanner": "repobility-threat-engine", "fingerprint": "9cd19ece93d1cb2ec3c52c28238103c34f579a381a1d4e50204044706ac91159", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(\"[i] using '%s' for log storage\" % config.LOG_DIR)", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|core/log.py|4|print i using s for log storage config.log_dir"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/log.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 6572, "scanner": "repobility-threat-engine", "fingerprint": "2fd9b6f86812cb6618b4400f2aa8f477abc4a7c8ef44269e37380d2eea77284d", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(\"[i] setting capture filter '%s'\" % config.CAPTURE_FILTER)", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|sensor.py|105|print i setting capture filter s config.capture_filter"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sensor.py"}, "region": {"startLine": 1059}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49150, "scanner": "repobility-supply-chain", "fingerprint": "b5633c346de96fea1ce614e5bd230109f47a3828178da09b620ec585491d9534", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b5633c346de96fea1ce614e5bd230109f47a3828178da09b620ec585491d9534"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker-release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3` not pinned by digest: `FROM python:3` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49149, "scanner": "repobility-supply-chain", "fingerprint": "eef29578d78d4df4e4309599b0a233a4222ff20a9a7b389c66981a7bd6350ad5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eef29578d78d4df4e4309599b0a233a4222ff20a9a7b389c66981a7bd6350ad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49127, "scanner": "repobility-ast-engine", "fingerprint": "f758c0101571955fc8b0941b11170b6a7c209689a2d67b307f615ef6c264a57c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f758c0101571955fc8b0941b11170b6a7c209689a2d67b307f615ef6c264a57c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49126, "scanner": "repobility-ast-engine", "fingerprint": "f0e451225585d1b25428c94c5573ee0dab40d3f78d0b242410c1e3ca42743e77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f0e451225585d1b25428c94c5573ee0dab40d3f78d0b242410c1e3ca42743e77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49125, "scanner": "repobility-ast-engine", "fingerprint": "dde977b7eb1dc2c77a8c25626e1e4a798a838717e577ae629deea18115bfc3d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dde977b7eb1dc2c77a8c25626e1e4a798a838717e577ae629deea18115bfc3d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49124, "scanner": "repobility-ast-engine", "fingerprint": "cf71e0fd03456b10bf1dfb0be74e68ced56c573c52b695a19866cab042e8d8c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf71e0fd03456b10bf1dfb0be74e68ced56c573c52b695a19866cab042e8d8c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49123, "scanner": "repobility-ast-engine", "fingerprint": "6360365d70ed2d309b1313fabd569f861596d0a11dce5a0b0a65cd68eaefde6d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6360365d70ed2d309b1313fabd569f861596d0a11dce5a0b0a65cd68eaefde6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49122, "scanner": "repobility-ast-engine", "fingerprint": "ed99dbd2c768db4d8be051930b1d8f9188955e83ce272a050a2f11c0758e89e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed99dbd2c768db4d8be051930b1d8f9188955e83ce272a050a2f11c0758e89e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_response` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49121, "scanner": "repobility-ast-engine", "fingerprint": "c48df20e0232d768d06db5973540e6eed5217ab5499fd4bb8eb258625176fb4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c48df20e0232d768d06db5973540e6eed5217ab5499fd4bb8eb258625176fb4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.wfile` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.wfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49120, "scanner": "repobility-ast-engine", "fingerprint": "1aaaa40c8596c7b789abbfe126aba1062421b251ec9ffc1bfb24f798fb4cd84d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1aaaa40c8596c7b789abbfe126aba1062421b251ec9ffc1bfb24f798fb4cd84d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.headers` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49119, "scanner": "repobility-ast-engine", "fingerprint": "c567eea46b38e6b11feb3c8ad211668b288fa5f1a61d9b9b8080392d4d3af96c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c567eea46b38e6b11feb3c8ad211668b288fa5f1a61d9b9b8080392d4d3af96c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._format` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self._format`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49118, "scanner": "repobility-ast-engine", "fingerprint": "d459f211b930a333662db0fa42983435069df98bc839664fc095cea19a1d2274", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d459f211b930a333662db0fa42983435069df98bc839664fc095cea19a1d2274"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49117, "scanner": "repobility-ast-engine", "fingerprint": "e8582a6074f5818beaabc407aed69871febce31a72f07e76d16f56589a7d6bee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8582a6074f5818beaabc407aed69871febce31a72f07e76d16f56589a7d6bee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49116, "scanner": "repobility-ast-engine", "fingerprint": "699404673f0491f2eacc4f6fd7f1a2dcdfdd99afce2b7221ddbafc1cecf43bc0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|699404673f0491f2eacc4f6fd7f1a2dcdfdd99afce2b7221ddbafc1cecf43bc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49115, "scanner": "repobility-ast-engine", "fingerprint": "27273dbc8785b09e72253592dcdc59bbeaed9e6915e6c03b50001dc10c9dd5bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27273dbc8785b09e72253592dcdc59bbeaed9e6915e6c03b50001dc10c9dd5bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49114, "scanner": "repobility-ast-engine", "fingerprint": "c7c5afc0f8fa836fc2937ca8fb3e978f1649b482938d966d5b694db684e207ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7c5afc0f8fa836fc2937ca8fb3e978f1649b482938d966d5b694db684e207ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_response` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49113, "scanner": "repobility-ast-engine", "fingerprint": "2dddb5fcf67df263b54524169ac0d03e764d44dc4701b7cffe909a3d890889a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2dddb5fcf67df263b54524169ac0d03e764d44dc4701b7cffe909a3d890889a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.headers` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49112, "scanner": "repobility-ast-engine", "fingerprint": "4d37a4f7a71dec63467ab1816e13e3b934d3b6edbcf309166a1f2266ae9e06f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d37a4f7a71dec63467ab1816e13e3b934d3b6edbcf309166a1f2266ae9e06f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.wfile` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.wfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49111, "scanner": "repobility-ast-engine", "fingerprint": "897d3fba9279c504be55782b366abfe75e298efd550188b21c6e99d593d57af9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|897d3fba9279c504be55782b366abfe75e298efd550188b21c6e99d593d57af9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49110, "scanner": "repobility-ast-engine", "fingerprint": "0b768c3acf5d830d927ae2058be66c44df0f9d1c150e94179320beb2830b398c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b768c3acf5d830d927ae2058be66c44df0f9d1c150e94179320beb2830b398c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49109, "scanner": "repobility-ast-engine", "fingerprint": "72b0199403fb2bb63410de214aedf788340685ae47415fdba4971659803ca83a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72b0199403fb2bb63410de214aedf788340685ae47415fdba4971659803ca83a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_response` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49108, "scanner": "repobility-ast-engine", "fingerprint": "2c70e5c47e8cfcba29c53b4b61bf5f561717ca6da0bbd8ba7c204554cbf59720", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c70e5c47e8cfcba29c53b4b61bf5f561717ca6da0bbd8ba7c204554cbf59720"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.data`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49107, "scanner": "repobility-ast-engine", "fingerprint": "9e0b76346cf3293108a2a2f64ecce4c21474fe5ff22567aef6277644ed0f6bf0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e0b76346cf3293108a2a2f64ecce4c21474fe5ff22567aef6277644ed0f6bf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49106, "scanner": "repobility-ast-engine", "fingerprint": "9aaf2abfdc210f9f9da7b11eba7322499afa6b2944b7540f6c0fecada596ece5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9aaf2abfdc210f9f9da7b11eba7322499afa6b2944b7540f6c0fecada596ece5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49105, "scanner": "repobility-ast-engine", "fingerprint": "9b0d533d01e7ae013362988350a72bffca6302b6771a558a120bbab4b93576a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b0d533d01e7ae013362988350a72bffca6302b6771a558a120bbab4b93576a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.end_headers` used but never assigned in __init__: Method `do_GET` of class `ReqHandler` reads `self.end_headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49104, "scanner": "repobility-ast-engine", "fingerprint": "9a14b04e7ba5032ab02e5553e0adae95c8489ede7ecfbb70fd70e72b32a5adfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a14b04e7ba5032ab02e5553e0adae95c8489ede7ecfbb70fd70e72b32a5adfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.socket` used but never assigned in __init__: Method `server_bind` of class `ThreadingServer` reads `self.socket`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 49103, "scanner": "repobility-ast-engine", "fingerprint": "2d77865d88f9537e3d1fb3a802a6e4936fe7de0515676c3f51bdda1e8e406da2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d77865d88f9537e3d1fb3a802a6e4936fe7de0515676c3f51bdda1e8e406da2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/httpd.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 49097, "scanner": "repobility-threat-engine", "fingerprint": "677113e7d29241ab81f3648873175ec3f4cd3596b1a6aac60c1a63083745d815", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"\\?(__r=[\\w.]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|trails/feeds/fareit.py|23|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trails/feeds/fareit.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 49096, "scanner": "repobility-threat-engine", "fingerprint": "f39ea6d716ca5cf34bd05977aacf21399de68966881c3e1e0a9d57188ec83a1c", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"\\?(__r=[\\w.]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|23|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trails/feeds/cybercrimetracker.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 49095, "scanner": "repobility-threat-engine", "fingerprint": "bbc0da0a6c22fffef2890893581efb88834ce90dbc2a7d26aa3feca56c7b922f", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"\\?(__r=[\\w.]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|trails/feeds/atmos.py|23|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trails/feeds/atmos.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 49092, "scanner": "repobility-threat-engine", "fingerprint": "2868df14878ac07ddbee95bb975746cb3a742f1fd15ed8cc08dd07339cc3867a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2868df14878ac07ddbee95bb975746cb3a742f1fd15ed8cc08dd07339cc3867a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 49091, "scanner": "repobility-threat-engine", "fingerprint": "66b851b515cf4350a3a41ba08d9b2ba21df2b59bdcc1d5c44fe5befb6ec96d04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66b851b515cf4350a3a41ba08d9b2ba21df2b59bdcc1d5c44fe5befb6ec96d04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/parallel.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 49090, "scanner": "repobility-threat-engine", "fingerprint": "ce278995e73b7c8ae4e12830313ed927ab3770f81c95b6cd657d530f3b5ccd96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "trails.update(_)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ce278995e73b7c8ae4e12830313ed927ab3770f81c95b6cd657d530f3b5ccd96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/parallel.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 49083, "scanner": "repobility-threat-engine", "fingerprint": "e748e8f0ba9fa6f28f31062d826f98709e9cfd8b3d403665c9b837db3cba0b86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e748e8f0ba9fa6f28f31062d826f98709e9cfd8b3d403665c9b837db3cba0b86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 49082, "scanner": "repobility-threat-engine", "fingerprint": "3ce80cc10e0cf58fa969da4f19c59518201d92ff1b71893b3584c62167ac17b8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3ce80cc10e0cf58fa969da4f19c59518201d92ff1b71893b3584c62167ac17b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `process` has cognitive complexity 45 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=5, for=1, if=8, nested_bonus=27, or=1, recursion=1, ternary=2."}, "properties": {"repobilityId": 49080, "scanner": "repobility-threat-engine", "fingerprint": "11324f66fd020940579ddeb9df397df9218c25d2758b576cefafc23564a8f503", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 45 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "process", "breakdown": {"if": 8, "or": 1, "for": 1, "else": 5, "ternary": 2, "recursion": 1, "nested_bonus": 27}, "complexity": 45, "correlation_key": "fp|11324f66fd020940579ddeb9df397df9218c25d2758b576cefafc23564a8f503"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/common.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "DKC009", "level": "error", "message": {"text": "Compose service bind-mounts a sensitive host path"}, "properties": {"repobilityId": 6590, "scanner": "repobility-docker", "fingerprint": "e58d8c05a726a58f29b031c98196a084dfbe62c98fd4431d0fff447c7a9ff517", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Bind mount source points at a sensitive host path.", "evidence": {"source": "/etc/localtime", "rule_id": "DKC009", "scanner": "repobility-docker", "service": "server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|e58d8c05a726a58f29b031c98196a084dfbe62c98fd4431d0fff447c7a9ff517"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/docker-compose.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 6586, "scanner": "repobility-docker", "fingerprint": "986a767de732e078ac1af17cd964d854e49b6b3c4a860f6e079ee18ef3c69ee1", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|986a767de732e078ac1af17cd964d854e49b6b3c4a860f6e079ee18ef3c69ee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 6584, "scanner": "repobility-threat-engine", "fingerprint": "9eaf2c58ff101db5d3a621f2715ab90e253d139908ebdda2756de70426a9daa5", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(SEARCH_TIP_URL.replace(\"${query}\", query", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|html/js/main.js|1013|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "html/js/main.js"}, "region": {"startLine": 1013}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 6569, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED127", "level": "error", "message": {"text": "[MINED127] Cryptominer signature: `supportxmr`: Source contains a known cryptominer signature (`supportxmr`). Could be a deliberate malicious payload, a compromised dependency, or a copy-paste from a tutorial \u2014 but it warrants immediate investigation. Mining pool URLs in production code are almost never legitimate."}, "properties": {"repobilityId": 49152, "scanner": "repobility-supply-chain", "fingerprint": "e492c4ba9d0529135c0e03cc5e9a4be855625ffb2fed0ee448aabdbb3a794d7c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "cryptominer-signature", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e492c4ba9d0529135c0e03cc5e9a4be855625ffb2fed0ee448aabdbb3a794d7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "html/js/demo.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED127", "level": "error", "message": {"text": "[MINED127] Cryptominer signature: `xmrig`: Source contains a known cryptominer signature (`xmrig`). Could be a deliberate malicious payload, a compromised dependency, or a copy-paste from a tutorial \u2014 but it warrants immediate investigation. Mining pool URLs in production code are almost never legitimate."}, "properties": {"repobilityId": 49151, "scanner": "repobility-supply-chain", "fingerprint": "15f3e936ec0642a8bb2ecdfba72dfff12f6b24ca485ced8c5075f5c4b8316eb2", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "cryptominer-signature", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15f3e936ec0642a8bb2ecdfba72dfff12f6b24ca485ced8c5075f5c4b8316eb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "html/js/demo.js"}, "region": {"startLine": 223}}}]}]}]}