{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/162"}, "properties": {"repository": "https://github.com/CommandCodeAI/BaseAI.git", "repoUrl": "https://github.com/CommandCodeAI/BaseAI.git", "branch": "main"}, "results": [{"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 4607, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27535, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e076e31e04843422e994628b966e9879f71460468ffa467f792874bc17812a44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|e076e31e04843422e994628b966e9879f71460468ffa467f792874bc17812a44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/ui/icons/img.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27534, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef52d65f7568d011b33b71db7b66ab8083c72e1c522599f030644774e5c3d2d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconUsage.tsx", "duplicate_line": 1, "correlation_key": "fp|ef52d65f7568d011b33b71db7b66ab8083c72e1c522599f030644774e5c3d2d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/ui/iconists/icon-usage.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27533, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d55875e6af1339fabd23135510e89479bed75f8a76267c8a554a279abc5277f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconSettings.tsx", "duplicate_line": 1, "correlation_key": "fp|0d55875e6af1339fabd23135510e89479bed75f8a76267c8a554a279abc5277f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/ui/iconists/icon-settings.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27532, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ebe88c0b088699b999a94af588c2e10eebd0bea2c454b3f7028d684cc8f20b9d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconPipe.tsx", "duplicate_line": 1, "correlation_key": "fp|ebe88c0b088699b999a94af588c2e10eebd0bea2c454b3f7028d684cc8f20b9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/ui/iconists/icon-pipe.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27531, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77327b97ef9998c6a531e85545282b3000cae9a66d24e849230c28f33bb973cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconApi.tsx", "duplicate_line": 1, "correlation_key": "fp|77327b97ef9998c6a531e85545282b3000cae9a66d24e849230c28f33bb973cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/ui/iconists/icon-api.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27530, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7bd2e577dbc54158514dfad859f2cb2450b723d844a13fd0a6d91fec82d803eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/Button.tsx", "duplicate_line": 3, "correlation_key": "fp|7bd2e577dbc54158514dfad859f2cb2450b723d844a13fd0a6d91fec82d803eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/ui/button.tsx"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27529, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac4590bc573e4e5cb8ed44dc2c20293763fee89bfff42dc2f5c6810079135e94", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/mdx/Error.tsx", "duplicate_line": 19, "correlation_key": "fp|ac4590bc573e4e5cb8ed44dc2c20293763fee89bfff42dc2f5c6810079135e94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/mdx/Warn.tsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27528, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b85e0217a2adec82ce87b6db5541a180d468b9b92aa631232d96e1915646764", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/mdx/Error.tsx", "duplicate_line": 19, "correlation_key": "fp|9b85e0217a2adec82ce87b6db5541a180d468b9b92aa631232d96e1915646764"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/mdx/Note.tsx"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1de1113da658d7c8e33bad790f578c3b8463fb5dbcf508af015ed98248f8b2f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|f1de1113da658d7c8e33bad790f578c3b8463fb5dbcf508af015ed98248f8b2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/icon-up.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24a834ee692ca97024e7df4fe1860be2615b2fee26c16bcb73180deba0cabee4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|24a834ee692ca97024e7df4fe1860be2615b2fee26c16bcb73180deba0cabee4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/icon-down.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94a0a4f64cc4448fe5c754b072e55eda371a71be0be0a30c1de7ca8814244e24", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|94a0a4f64cc4448fe5c754b072e55eda371a71be0be0a30c1de7ca8814244e24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconVersions.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f991d3ad446ca47bcca22fc90cee4429744586bdb3ed1adcde8c4783c50f7cb2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconJsonMode.tsx", "duplicate_line": 4, "correlation_key": "fp|f991d3ad446ca47bcca22fc90cee4429744586bdb3ed1adcde8c4783c50f7cb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconVersions.tsx"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc6561c195f172959d13adaa8bfb8bdfc47a4a7d7bf3fc2aa0f2a6ab1c88b1ff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconFewShot.tsx", "duplicate_line": 3, "correlation_key": "fp|dc6561c195f172959d13adaa8bfb8bdfc47a4a7d7bf3fc2aa0f2a6ab1c88b1ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconVersions.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "351f863ed4a3c2da0df57db8b9df9b73f52d0169bf6595071d936fdf6db5fd7c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|351f863ed4a3c2da0df57db8b9df9b73f52d0169bf6595071d936fdf6db5fd7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconStream.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27521, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d8bef66d693cdf29e0bbdd6e070994a109280d4cea6a764fcc3372bb6acece38", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconJsonMode.tsx", "duplicate_line": 4, "correlation_key": "fp|d8bef66d693cdf29e0bbdd6e070994a109280d4cea6a764fcc3372bb6acece38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconStream.tsx"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27520, "scanner": "repobility-ai-code-hygiene", "fingerprint": "98f91f2390b0e112faba89a610269cde6be42de15a5e2b2ac2dc15f50eae935a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconFewShot.tsx", "duplicate_line": 3, "correlation_key": "fp|98f91f2390b0e112faba89a610269cde6be42de15a5e2b2ac2dc15f50eae935a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconStream.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27519, "scanner": "repobility-ai-code-hygiene", "fingerprint": "95ad8236748f93915fe1c2f5e03da7899b10c8a0b6ca39b38f19a4edbd9215dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|95ad8236748f93915fe1c2f5e03da7899b10c8a0b6ca39b38f19a4edbd9215dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconOrg.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27518, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0d09efc0742ef61cb6aa5918b604b75373a0eade54d07ba8e80cf7d3bbb7d83", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconFewShot.tsx", "duplicate_line": 3, "correlation_key": "fp|e0d09efc0742ef61cb6aa5918b604b75373a0eade54d07ba8e80cf7d3bbb7d83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconModeration.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4619, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b4e9aaf981438e03ea1c12f8447f810ef3bf28f6d75d1144b34d94132b392abf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|b4e9aaf981438e03ea1c12f8447f810ef3bf28f6d75d1144b34d94132b392abf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconLogs.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4618, "scanner": "repobility-ai-code-hygiene", "fingerprint": "341ff742ccc7d831125770e55cc88952cc0bafbf07be2285037ad9064eda089f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconJsonMode.tsx", "duplicate_line": 4, "correlation_key": "fp|341ff742ccc7d831125770e55cc88952cc0bafbf07be2285037ad9064eda089f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconLogs.tsx"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4617, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ceed1d1f39dd3b0aa88354a9ba40db5e811276f6f665855d97311d847c798b08", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconFewShot.tsx", "duplicate_line": 3, "correlation_key": "fp|ceed1d1f39dd3b0aa88354a9ba40db5e811276f6f665855d97311d847c798b08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconLogs.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4616, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8bef9cb86ad81d7d2d791060c84c5b3cf40f194a836849a8d4b97ebc54da79b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|f8bef9cb86ad81d7d2d791060c84c5b3cf40f194a836849a8d4b97ebc54da79b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconKeyset.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4615, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6ace5087f12ac2ee7f98575f4eeeb55f70ac547a2e483f8e8097757abaff4d73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconExamples.tsx", "duplicate_line": 3, "correlation_key": "fp|6ace5087f12ac2ee7f98575f4eeeb55f70ac547a2e483f8e8097757abaff4d73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconJsonMode.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4614, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38d6c4790864553db64ab99c4a67ba1b426d610e6fc3a5cbc0b8d1089f454a6a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/icons/IconFewShot.tsx", "duplicate_line": 3, "correlation_key": "fp|38d6c4790864553db64ab99c4a67ba1b426d610e6fc3a5cbc0b8d1089f454a6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/icons/IconJsonMode.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4613, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ec1cf7bcb7c1582fdd68c65cbda91b15ca69ae9061e060e40f80f0ac6442b64", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/home/webgl-2024-09-29.tsx", "duplicate_line": 14, "correlation_key": "fp|1ec1cf7bcb7c1582fdd68c65cbda91b15ca69ae9061e060e40f80f0ac6442b64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/home/webgl.tsx"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4612, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08cd706c79c752adf5336815386f2c5b3cddb9e770155880614237f3bcfde2d3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/home/webgl-2024-09-29-fast.tsx", "duplicate_line": 9, "correlation_key": "fp|08cd706c79c752adf5336815386f2c5b3cddb9e770155880614237f3bcfde2d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/home/webgl.tsx"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4611, "scanner": "repobility-ai-code-hygiene", "fingerprint": "86b582973a10dcf4700b39b568f99a93e269f21abd60a986012849021a6f8a96", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/home/webgl-2024-09-29-fast.tsx", "duplicate_line": 1, "correlation_key": "fp|86b582973a10dcf4700b39b568f99a93e269f21abd60a986012849021a6f8a96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/home/webgl-fast-scaled-1.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4610, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aca828ecdc6be12118e0910e338e28401397bf707d6db95a8d14b0a1079f366d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/components/home/webgl-2024-09-29-fast.tsx", "duplicate_line": 1, "correlation_key": "fp|aca828ecdc6be12118e0910e338e28401397bf707d6db95a8d14b0a1079f366d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/components/home/webgl-2024-09-29.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4609, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37eb27c278190fdbadb61eef2d0874d9ecedd159c22a0529a997d0753e364705", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/app/learn/[section]/[slug]/layout.tsx", "duplicate_line": 25, "correlation_key": "fp|37eb27c278190fdbadb61eef2d0874d9ecedd159c22a0529a997d0753e364705"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/app/learn/layout.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4608, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d1ca0b10bc931b91473c27de9e782be461672eed39cacf3b6c800a04a3b4d7e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/baseai.dev/src/app/learn/[section]/[slug]/layout.tsx", "duplicate_line": 22, "correlation_key": "fp|6d1ca0b10bc931b91473c27de9e782be461672eed39cacf3b6c800a04a3b4d7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/app/learn/[section]/layout.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 27539, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27538, "scanner": "repobility-threat-engine", "fingerprint": "07a95987e88e644c8891828eaebfcfca88ca2b50ec9c7eecd2ed2f651465e269", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|07a95987e88e644c8891828eaebfcfca88ca2b50ec9c7eecd2ed2f651465e269"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/pipes/pipes.ts"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27537, "scanner": "repobility-threat-engine", "fingerprint": "efa28bf4c7ff231cc7d7fa0db5197b57ae8d6e5e8772f9e649eebbd6c1fd3e4c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|efa28bf4c7ff231cc7d7fa0db5197b57ae8d6e5e8772f9e649eebbd6c1fd3e4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/baseai/src/dev/middleware/debug-base.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27536, "scanner": "repobility-threat-engine", "fingerprint": "ebd6bbdffb753e4da7ad4f5a2c8a050104f06b75c606700b3638e39f98ff6991", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ebd6bbdffb753e4da7ad4f5a2c8a050104f06b75c606700b3638e39f98ff6991"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/baseai.dev/src/app/api/og/route.tsx"}, "region": {"startLine": 7}}}]}]}]}