{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-jg22-mg44-37j8", "name": "aiohttp: GHSA-jg22-mg44-37j8", "shortDescription": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "fullDescription": {"text": "AIOHTTP is Vulnerable to Deserialization of Untrusted Data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hg6j-4rv6-33pg", "name": "aiohttp: GHSA-hg6j-4rv6-33pg", "shortDescription": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "fullDescription": {"text": "AIOHTTP is vulnerable to cross-origin redirect with per-request cookies"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `update_msgs` has cognitive complexity 8 (SonarSource scale). Cognitive co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `update_msgs` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion al"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED079", "name": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk.", "shortDescription": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-193 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 1 more): Same pattern found in 1 additional files. Review if need", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED036] Python Os System Call (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 23 more): Same pattern found in 23 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 45 more): Same pattern found in 45 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 45 more): Same pattern found in 45 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 49 more): Same pattern found in 49 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 49 more): Same pattern found in 49 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage runs as root", "shortDescription": {"text": "Docker final stage runs as root"}, "fullDescription": {"text": "The final runtime stage explicitly uses root. A compromised app process would have root inside the container."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `ubuntu:24.04` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `ubuntu:24.04` not pinned by digest"}, "fullDescription": {"text": "`FROM ubuntu:24.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_ned_batch", "shortDescription": {"text": "Phantom test coverage: test_ned_batch"}, "fullDescription": {"text": "Test function `test_ned_batch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.stream` used but never assigned in __init__", "shortDescription": {"text": "`self.stream` used but never assigned in __init__"}, "fullDescription": {"text": "Method `doRollover` of class `SwaglogRotatingFileHandler` reads `self.stream`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED102", "name": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command i", "shortDescription": {"text": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command injection. An attacker controlling any interpolated value can execute arbitrary shell commands."}, "fullDescription": {"text": "Use the list form of subprocess (e.g. subprocess.run([\"cmd\", arg1, arg2])) with shell=False. Never combine shell=True with string interpolation."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CI_ARTIFACTS_DEPLOY_KEY` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CI_ARTIFACTS_DEPLOY_KEY` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_ARTIFACTS_DEPLOY_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `platform` used but not imported", "shortDescription": {"text": "Missing import: `platform` used but not imported"}, "fullDescription": {"text": "The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/875"}, "properties": {"repository": "commaai/openpilot", "repoUrl": "https://github.com/commaai/openpilot", "branch": "master"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 80196, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 80195, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-jg22-mg44-37j8", "level": "warning", "message": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "properties": {"repobilityId": 80194, "scanner": "osv-scanner", "fingerprint": "f360dcc0eba31763fb048fbf952ff9aaacd93fae36b950018274d5457fa1322d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34993"], "package": "aiohttp", "rule_id": "GHSA-jg22-mg44-37j8", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34993|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hg6j-4rv6-33pg", "level": "warning", "message": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "properties": {"repobilityId": 80193, "scanner": "osv-scanner", "fingerprint": "2da1f8cf81a5e62587e98e266536e6b0ec96ebc178f00a59702cebb0a7957e28", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47265"], "package": "aiohttp", "rule_id": "GHSA-hg6j-4rv6-33pg", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-47265|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 80189, "scanner": "repobility-docker", "fingerprint": "d12c6163f8204648904e9de29a6d75e2a6eea0b7874c0f463e6094821487f35a", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d12c6163f8204648904e9de29a6d75e2a6eea0b7874c0f463e6094821487f35a", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.openpilot"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 80182, "scanner": "repobility-threat-engine", "fingerprint": "ff8c38d2dbbd2b5e594c0b66fe6033e800540ca5d081c7d997d145c2ee2d6461", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|147|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/cabana/streams/replaystream.cc"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 80181, "scanner": "repobility-threat-engine", "fingerprint": "f406b37fb9197a9f95338d7a5c24bf1096593c5103ad2b88d1fc851bffe0b5d4", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|111|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/cabana/detailwidget.cc"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 80180, "scanner": "repobility-threat-engine", "fingerprint": "f151171f7c1225f11560a5b2451ed4802b7802cf1d63e752baf0c51d61aa4648", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|tools/cabana/cabana.cc|87|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/cabana/cabana.cc"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 80177, "scanner": "repobility-threat-engine", "fingerprint": "e9905c2619a79dd5bb974890be6fb4c8634639ebf0f36645bb664644e73c64ae", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|tools/plotjuggler/juggle.py|62|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/plotjuggler/juggle.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 80176, "scanner": "repobility-threat-engine", "fingerprint": "325a58cda0b52ea436c8cb4022940297f2bf569380ef3a279181b574393cb701", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|38|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/updated/casync/tar.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 80168, "scanner": "repobility-threat-engine", "fingerprint": "dce49985a8aa687a9a7c3dcbad2a9b407a1c2a229fb48ffb7b74e13e964cf0c9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n          level = line.split('Signal level=')[1]\n          rss = int(level.split(' ')[0])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dce49985a8aa687a9a7c3dcbad2a9b407a1c2a229fb48ffb7b74e13e964cf0c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/tici/iwlist.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 80150, "scanner": "repobility-threat-engine", "fingerprint": "5f0e6240de300ac84820eef2ba0ebfbec92247fe06bfcbb7e3a928dc8103aaff", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def device_address(self) -> int:\n    raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5f0e6240de300ac84820eef2ba0ebfbec92247fe06bfcbb7e3a928dc8103aaff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/sensord/sensors/i2c_sensor.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 80149, "scanner": "repobility-threat-engine", "fingerprint": "9f2b6df4754f5096ad432f86d4972585d20c689932c18c83174bd954dfd10587", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def get_sim_lpa(self) -> LPABase:\n    raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9f2b6df4754f5096ad432f86d4972585d20c689932c18c83174bd954dfd10587"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/base.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 80148, "scanner": "repobility-threat-engine", "fingerprint": "0df8df6c8c58d32c1a9ed50eac7c1d64c4a9dd682b8658a7d529fc74e00122bd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def add_point(self, x: float, y: float) -> None:\n    raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0df8df6c8c58d32c1a9ed50eac7c1d64c4a9dd682b8658a7d529fc74e00122bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/locationd/helpers.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 80141, "scanner": "repobility-threat-engine", "fingerprint": "2da1542b6e43b1d99eab1dcf7ecbcf2d17a85d5780ebc4ff6811adeb967c46d2", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"{}\" target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|13|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/print_docs_diff.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 80140, "scanner": "repobility-threat-engine", "fingerprint": "2462743766da4161e04901ee9c7f681263a47c20a29a5c94ddcc8f77916a7582", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|44|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/get_model_metadata.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 80139, "scanner": "repobility-threat-engine", "fingerprint": "2f82a6a363b7c240e2a937d2dd75ce900ab525cc6862761e5fb5ac92195fb610", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|33|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/dmonitoringmodeld.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 80138, "scanner": "repobility-threat-engine", "fingerprint": "ad8071019c9157e6c61a32a157d53ce2fd42a57320a6b117cbf0a0b1349bb029", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|22|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/print_docs_diff.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 80123, "scanner": "repobility-threat-engine", "fingerprint": "0f4617a0c119362ff342ed6f309735b57840f4a59da58bef29bf3d345441ffc1", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n      pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0f4617a0c119362ff342ed6f309735b57840f4a59da58bef29bf3d345441ffc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/mici/layouts/settings/firehose.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 80122, "scanner": "repobility-threat-engine", "fingerprint": "2b2580f16ca502bdad0c4bab73ca519afff473a5cbcbf4eef6640d1b838f462b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n      pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2b2580f16ca502bdad0c4bab73ca519afff473a5cbcbf4eef6640d1b838f462b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/helpers.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 80121, "scanner": "repobility-threat-engine", "fingerprint": "0033490a9a95a9b4d41e01fdefdea08b5f7b2fb15101ce77b11f9505dcbf9d84", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0033490a9a95a9b4d41e01fdefdea08b5f7b2fb15101ce77b11f9505dcbf9d84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/car/card.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 80104, "scanner": "repobility-threat-engine", "fingerprint": "81802b382554001aa9bfbd6b0050fae1ea0ee426b4b17d4090fe643eacd44775", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f\"sudo chmod a+", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|common/utils.py|40|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/utils.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 80068, "scanner": "repobility-agent-runtime", "fingerprint": "82c1a6e1963794f47450702d48dd4e8dc495a6a04ca87f4181fd9a0c7c554238", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|82c1a6e1963794f47450702d48dd4e8dc495a6a04ca87f4181fd9a0c7c554238"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/webrtc/webrtcd.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80037, "scanner": "repobility-ast-engine", "fingerprint": "119fa2f06545a030fc7ceec4a0b5aa48381eee568193787c8c53c4ee3b3dcad0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|119fa2f06545a030fc7ceec4a0b5aa48381eee568193787c8c53c4ee3b3dcad0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ui/mici_updater.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80036, "scanner": "repobility-ast-engine", "fingerprint": "7a07c88f4dc3d51890af8716a000880c0ce797f4b3cd0ca8ff76c22bb4042024", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a07c88f4dc3d51890af8716a000880c0ce797f4b3cd0ca8ff76c22bb4042024"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/webrtc/webrtcd.py"}, "region": {"startLine": 378}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80035, "scanner": "repobility-ast-engine", "fingerprint": "618629964b282ccbce4cdf330029e5f8a35503528f6d813430ec25cc79e80907", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|618629964b282ccbce4cdf330029e5f8a35503528f6d813430ec25cc79e80907"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/loggerd/uploader.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80033, "scanner": "repobility-ast-engine", "fingerprint": "b3e49ac9c2eb8e1ba6a4b01aa55685025e6608b92bdd2bf4315d001fcf89121c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3e49ac9c2eb8e1ba6a4b01aa55685025e6608b92bdd2bf4315d001fcf89121c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/qcomgpsd/nmeaport.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80032, "scanner": "repobility-ast-engine", "fingerprint": "17ea814d314176e43860786d6eb4a0c0daa6f56895f063bee689134804abef73", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|17ea814d314176e43860786d6eb4a0c0daa6f56895f063bee689134804abef73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/updated/updated.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80031, "scanner": "repobility-ast-engine", "fingerprint": "4837d6d7f188ea60d92ec8a7fec31bdaae28a1338c2f5b1265559969786e939a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4837d6d7f188ea60d92ec8a7fec31bdaae28a1338c2f5b1265559969786e939a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/base.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80030, "scanner": "repobility-ast-engine", "fingerprint": "08479d3df445063dbcb1466e7bb08ff34879d814cc413bdac846d831e014778a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08479d3df445063dbcb1466e7bb08ff34879d814cc413bdac846d831e014778a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cereal/messaging/tests/test_pub_sub_master.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80007, "scanner": "repobility-ast-engine", "fingerprint": "a4261d8e422b76085299a8026ec0f65957f38d8b213f4e6e0424956329273c70", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a4261d8e422b76085299a8026ec0f65957f38d8b213f4e6e0424956329273c70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/widgets/ssh_key.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80006, "scanner": "repobility-ast-engine", "fingerprint": "7c5f83892f21a5e44185c8421d95af7222b3be3e5fa8fd3cd411e836a3114d9a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c5f83892f21a5e44185c8421d95af7222b3be3e5fa8fd3cd411e836a3114d9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/model_replay.py"}, "region": {"startLine": 303}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80005, "scanner": "repobility-ast-engine", "fingerprint": "01e8d4faecd1cd5e9d9b3d7ae6df02c5b9aaa8d6d17401e1ce303b32d07c3c71", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01e8d4faecd1cd5e9d9b3d7ae6df02c5b9aaa8d6d17401e1ce303b32d07c3c71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/model_replay.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80004, "scanner": "repobility-ast-engine", "fingerprint": "ee309c91a5cc605747cd5172d44354cd33d4597c7dbbc4ec907aacb8f975e44a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee309c91a5cc605747cd5172d44354cd33d4597c7dbbc4ec907aacb8f975e44a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/model_replay.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80003, "scanner": "repobility-ast-engine", "fingerprint": "ea4f3c8e07b7c3d65b89712e4133f63d2ac44b6fcddc4a4812c1453ce3627c96", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea4f3c8e07b7c3d65b89712e4133f63d2ac44b6fcddc4a4812c1453ce3627c96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/model_replay.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80002, "scanner": "repobility-ast-engine", "fingerprint": "500e54f1c99dd6c3aeb00cdf55dbf1dd4a3b83bdc4803ac0d5b4d9496fef5968", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|500e54f1c99dd6c3aeb00cdf55dbf1dd4a3b83bdc4803ac0d5b4d9496fef5968"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/regen_all.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 80000, "scanner": "repobility-ast-engine", "fingerprint": "729bcfb65b3314f661189a82e5e7da03e62134749a6df728aa5ab084732a9189", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|729bcfb65b3314f661189a82e5e7da03e62134749a6df728aa5ab084732a9189"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/test_processes.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79999, "scanner": "repobility-ast-engine", "fingerprint": "6f4d6461ffbd36763ddee8e8915d8d9252b6b2152a1d8ae7590821bb26cd17dd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f4d6461ffbd36763ddee8e8915d8d9252b6b2152a1d8ae7590821bb26cd17dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/test_processes.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79996, "scanner": "repobility-ast-engine", "fingerprint": "1ba2948094e0bd8edae3136dc4821d57d514308f84c8dc5452d980dec6e6c24e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ba2948094e0bd8edae3136dc4821d57d514308f84c8dc5452d980dec6e6c24e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/test_updated.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79990, "scanner": "repobility-ast-engine", "fingerprint": "c819e80211d849b132c018bad403f182d71de5913f239b5581c9bbd54bd3369c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c819e80211d849b132c018bad403f182d71de5913f239b5581c9bbd54bd3369c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/max_lat_accel.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79989, "scanner": "repobility-ast-engine", "fingerprint": "857f95a0db7018d2b793bfcdc65997f05e1a6f8b1f55b7680a4725b54785f931", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|857f95a0db7018d2b793bfcdc65997f05e1a6f8b1f55b7680a4725b54785f931"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/test_fw_query_on_routes.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79988, "scanner": "repobility-ast-engine", "fingerprint": "54d9950fb086caff6dc0117c5c092fdd51f82d6b3852d5535c12fec5b3b9958b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54d9950fb086caff6dc0117c5c092fdd51f82d6b3852d5535c12fec5b3b9958b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/filter_log_message.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79987, "scanner": "repobility-ast-engine", "fingerprint": "42ce33e6e74d1973d275d4ba240dd32c3f36bf46208003192a82ca2713111104", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42ce33e6e74d1973d275d4ba240dd32c3f36bf46208003192a82ca2713111104"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/gpio.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79986, "scanner": "repobility-ast-engine", "fingerprint": "28107b57b5b2d4f3478a15d41fb2d5570b853cf8f26a9162b3f9377156d42096", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28107b57b5b2d4f3478a15d41fb2d5570b853cf8f26a9162b3f9377156d42096"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/gpio.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79985, "scanner": "repobility-ast-engine", "fingerprint": "73f1175428401d6dc6e077a2c8193365d495a0336a8dc7f6682ed99a8b3bf2f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|73f1175428401d6dc6e077a2c8193365d495a0336a8dc7f6682ed99a8b3bf2f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/gpio.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79984, "scanner": "repobility-ast-engine", "fingerprint": "8cd4b2c385b7f51f42acccbbd58c0fe78f549c860b88b22d7bbde45ca3a0b28c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cd4b2c385b7f51f42acccbbd58c0fe78f549c860b88b22d7bbde45ca3a0b28c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/gpio.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79983, "scanner": "repobility-ast-engine", "fingerprint": "d5069b064df6d4d2687f43cb2619c4a222dc9f5284bfda28179cb331d1d58104", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5069b064df6d4d2687f43cb2619c4a222dc9f5284bfda28179cb331d1d58104"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/utils.py"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79982, "scanner": "repobility-ast-engine", "fingerprint": "02eb1dee116118b98df55f52ecdcad8e1c64220aa95e83b328ca21472ac92b31", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02eb1dee116118b98df55f52ecdcad8e1c64220aa95e83b328ca21472ac92b31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/utils.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 79945, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c5e22afa7b84f63b3e83ed3973f183e445a615ca1f1c52ae13e7256d9c287ad0", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "temp", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|c5e22afa7b84f63b3e83ed3973f183e445a615ca1f1c52ae13e7256d9c287ad0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/live_cpu_and_temp.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 80191, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 80188, "scanner": "repobility-threat-engine", "fingerprint": "1929dcc485ae227042d75eb3a505abc00c6b37c90a3ed9191b4a622462996222", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(filename):\n    if input(f\"File '{filename}' exists. Overwrite? (y/N): \").lower() not", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1929dcc485ae227042d75eb3a505abc00c6b37c90a3ed9191b4a622462996222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/scripts/extract_audio.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `update_msgs` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, continue=1, for=2, if=1, nested_bonus=1, or=2."}, "properties": {"repobilityId": 80071, "scanner": "repobility-threat-engine", "fingerprint": "d88bf4b8302e7ea7466f00cd28ce765bc2ac5341b78050d8e6b9a87793a91586", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "update_msgs", "breakdown": {"if": 1, "or": 2, "and": 1, "for": 2, "continue": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|d88bf4b8302e7ea7466f00cd28ce765bc2ac5341b78050d8e6b9a87793a91586"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cereal/messaging/__init__.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `recv_sock` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, else=1, if=3, nested_bonus=2, while=1."}, "properties": {"repobilityId": 80070, "scanner": "repobility-threat-engine", "fingerprint": "4e1b1abd7849baadbaa7c4e12f3cef93e6dca9adc36d38f6ab45bfde8bb718f9", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "recv_sock", "breakdown": {"if": 3, "else": 1, "break": 1, "while": 1, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|4e1b1abd7849baadbaa7c4e12f3cef93e6dca9adc36d38f6ab45bfde8bb718f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cereal/messaging/__init__.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, nested_bonus=2, or=2, ternary=5."}, "properties": {"repobilityId": 80069, "scanner": "repobility-threat-engine", "fingerprint": "7d7f79d0df1925e4a495973d5294f8539b53aed3c80e5fd0a965e240ad9cd5d8", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__init__", "breakdown": {"or": 2, "for": 1, "except": 1, "ternary": 5, "nested_bonus": 2}, "complexity": 11, "correlation_key": "fp|7d7f79d0df1925e4a495973d5294f8539b53aed3c80e5fd0a965e240ad9cd5d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cereal/messaging/__init__.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79955, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d329d6804ac18df0eb98d55eb72034f08421e09b8e8ac1d281136bf3ed1489a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "selfdrive/pandad/panda.h", "duplicate_line": 1, "correlation_key": "fp|3d329d6804ac18df0eb98d55eb72034f08421e09b8e8ac1d281136bf3ed1489a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/cabana/panda.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79954, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c03f8ea984af85f3f9a111995740652ea728061be82913c4e0f2935a67545f7c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "system/ui/mici_setup.py", "duplicate_line": 389, "correlation_key": "fp|c03f8ea984af85f3f9a111995740652ea728061be82913c4e0f2935a67545f7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ui/tici_setup.py"}, "region": {"startLine": 276}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79953, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1aa286d9cd443bf1d06b84e14030d3fb7a773e086da72d391c5d69b23f4642cc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "selfdrive/ui/translations/potools.py", "duplicate_line": 29, "correlation_key": "fp|1aa286d9cd443bf1d06b84e14030d3fb7a773e086da72d391c5d69b23f4642cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ui/lib/multilang.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79952, "scanner": "repobility-ai-code-hygiene", "fingerprint": "66e3731307a2645f523f5ed4bcab9d9ff61f4e092bf6cc9ee070375f5cf1fe37", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "system/sensord/sensors/lsm6ds3_accel.py", "duplicate_line": 25, "correlation_key": "fp|66e3731307a2645f523f5ed4bcab9d9ff61f4e092bf6cc9ee070375f5cf1fe37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/sensord/sensors/lsm6ds3_gyro.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79951, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35e660f0d983acef63422d24b2ee27d562a71dc4f2ba224874d422aa0a0046f3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "selfdrive/ui/mici/onroad/model_renderer.py", "duplicate_line": 11, "correlation_key": "fp|35e660f0d983acef63422d24b2ee27d562a71dc4f2ba224874d422aa0a0046f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/onroad/model_renderer.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79950, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c18cb8ac02ff307c79a54949f2813a16ef9538c927cae02d5ad9b9ca490d4db", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "selfdrive/ui/mici/onroad/cameraview.py", "duplicate_line": 11, "correlation_key": "fp|0c18cb8ac02ff307c79a54949f2813a16ef9538c927cae02d5ad9b9ca490d4db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/onroad/cameraview.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79949, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdc0f4c7b1811bb97818debb3ba08d999475a52107b102b88aaaad1ac60fd9f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "selfdrive/ui/mici/onroad/augmented_road_view.py", "duplicate_line": 173, "correlation_key": "fp|cdc0f4c7b1811bb97818debb3ba08d999475a52107b102b88aaaad1ac60fd9f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/onroad/augmented_road_view.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79948, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c08ee391b1ae6aa48cc2af77fa324a328264123025618bddb4394db709f947d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "selfdrive/ui/mici/onroad/alert_renderer.py", "duplicate_line": 92, "correlation_key": "fp|c08ee391b1ae6aa48cc2af77fa324a328264123025618bddb4394db709f947d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/onroad/alert_renderer.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79947, "scanner": "repobility-ai-code-hygiene", "fingerprint": "385388a5a25f8558c9263d1453728e517f4f4fbffecdae18ca79f3c52e166358", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "selfdrive/car/card.py", "duplicate_line": 179, "correlation_key": "fp|385388a5a25f8558c9263d1453728e517f4f4fbffecdae18ca79f3c52e166358"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/selfdrived/selfdrived.py"}, "region": {"startLine": 405}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79946, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f23afe5ce15d8b2c9f95580d56f5dc67efced84e23a94edcaa5baa676510c52e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "selfdrive/debug/car/clear_dtc.py", "duplicate_line": 10, "correlation_key": "fp|f23afe5ce15d8b2c9f95580d56f5dc67efced84e23a94edcaa5baa676510c52e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/read_dtc_status.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 79944, "scanner": "repobility-ai-code-hygiene", "fingerprint": "673a47e8e47956f5e87aca55ce59821b667ba914b65c579b77f45f34f8b4713d", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "temp", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|673a47e8e47956f5e87aca55ce59821b667ba914b65c579b77f45f34f8b4713d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/sensord/sensors/lsm6ds3_temp.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 79943, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eaee4c0605419e186c23982fa30820599dfbddc954d4a0a20d0fb3fa2fed27bb", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "temp", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|eaee4c0605419e186c23982fa30820599dfbddc954d4a0a20d0fb3fa2fed27bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/live_cpu_and_temp.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 80187, "scanner": "repobility-threat-engine", "fingerprint": "6c874b764f3c120c1f55d7fe41c8e22cc1176faefb57960e450c5feaae46b6c2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c874b764f3c120c1f55d7fe41c8e22cc1176faefb57960e450c5feaae46b6c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/profiling/palanteer/setup.sh"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 80183, "scanner": "repobility-threat-engine", "fingerprint": "f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 80179, "scanner": "repobility-threat-engine", "fingerprint": "5aeb8ce085da923228b2c8d298748cb3200677a328cac740d2224fcb1a2a85c9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5aeb8ce085da923228b2c8d298748cb3200677a328cac740d2224fcb1a2a85c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/bodyteleop/static/js/webrtc.js"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED079", "level": "none", "message": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "properties": {"repobilityId": 80175, "scanner": "repobility-threat-engine", "fingerprint": "1b3ef44623ba1e353e34f9740ee87c5b7713154a230d16710c03b8b0aaf2965b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "off-by-one-slice", "owasp": null, "cwe_ids": ["CWE-193"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348121+00:00", "triaged_in_corpus": 12, "observations_count": 6443, "ai_coder_pattern_id": 19}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b3ef44623ba1e353e34f9740ee87c5b7713154a230d16710c03b8b0aaf2965b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ui/widgets/inputbox.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 80174, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 80173, "scanner": "repobility-threat-engine", "fingerprint": "be8b1a6a7a22bfa7252d4615afa135b9e4ad370530902f8470231d50d251dec1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|be8b1a6a7a22bfa7252d4615afa135b9e4ad370530902f8470231d50d251dec1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/replay/filereader.cc"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 80172, "scanner": "repobility-threat-engine", "fingerprint": "27a6918b793b5e98c99b637b60eb1155058657cea9ff22bbf8d676f3143c6419", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|27a6918b793b5e98c99b637b60eb1155058657cea9ff22bbf8d676f3143c6419"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/bodyteleop/web.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 80171, "scanner": "repobility-threat-engine", "fingerprint": "8b8fbfe21d4df76e6a9c1fa98d5a0b583e237a2aba13664933f25a8ad2ca2fd7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b8fbfe21d4df76e6a9c1fa98d5a0b583e237a2aba13664933f25a8ad2ca2fd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ubloxd/glonass.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED034", "level": "none", "message": {"text": "[MINED034] Python Subprocess Shell True (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 80167, "scanner": "repobility-threat-engine", "fingerprint": "882fc9bb2b7ae2d00162768bb872d9d69de4ab49a9b7608cf9b17fc5f3e73cfd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|882fc9bb2b7ae2d00162768bb872d9d69de4ab49a9b7608cf9b17fc5f3e73cfd", "aggregated_count": 2}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 80163, "scanner": "repobility-threat-engine", "fingerprint": "0739686e430239ba7b3236e9a44720c49fcd4d7e277864d5ec8ae18a37e048b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0739686e430239ba7b3236e9a44720c49fcd4d7e277864d5ec8ae18a37e048b0", "aggregated_count": 5}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 80162, "scanner": "repobility-threat-engine", "fingerprint": "0155835bc6935d2801dd311861e6a35faf5a651b1012b299fa0fbbe7a5861254", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0155835bc6935d2801dd311861e6a35faf5a651b1012b299fa0fbbe7a5861254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/loggerd/uploader.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 80161, "scanner": "repobility-threat-engine", "fingerprint": "e73c1f5ab97ada49a071b401691e32aa08a334c1154ce09565d91de15cea6996", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e73c1f5ab97ada49a071b401691e32aa08a334c1154ce09565d91de15cea6996"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/tici/agnos.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 80160, "scanner": "repobility-threat-engine", "fingerprint": "a2b3b77329d79998e2b3209bb5051a0d5e54c59e83104f22c52c61a971b49aaa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2b3b77329d79998e2b3209bb5051a0d5e54c59e83104f22c52c61a971b49aaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/widgets/ssh_key.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 80159, "scanner": "repobility-threat-engine", "fingerprint": "786c402d6370e4b20e5de8e1668086eeb34a73c9557b72e071ac80b5a366f9d1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|786c402d6370e4b20e5de8e1668086eeb34a73c9557b72e071ac80b5a366f9d1"}}}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 80158, "scanner": "repobility-threat-engine", "fingerprint": "5206f5a7b2ba8e1875cfb44f49ca474357f65e85e1c068b2d0b1920c37b917ce", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|5206f5a7b2ba8e1875cfb44f49ca474357f65e85e1c068b2d0b1920c37b917ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/tici/agnos.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 80157, "scanner": "repobility-threat-engine", "fingerprint": "d3d554a2b3f33f77b10fa418309a876748c99be4042c0298b9568647ab16814b", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|d3d554a2b3f33f77b10fa418309a876748c99be4042c0298b9568647ab16814b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/widgets/ssh_key.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 80154, "scanner": "repobility-threat-engine", "fingerprint": "745aeba9703d8b8aa9b9db918e8efa8eda5496cb00189cf0a9ded15317e6a078", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|745aeba9703d8b8aa9b9db918e8efa8eda5496cb00189cf0a9ded15317e6a078"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/onroad/driver_state.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 80137, "scanner": "repobility-threat-engine", "fingerprint": "d8a1fc07a1c258ba13717684aae3b30113d096c116840d232274f49803adb20f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d8a1fc07a1c258ba13717684aae3b30113d096c116840d232274f49803adb20f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/scripts/extract_audio.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 80136, "scanner": "repobility-threat-engine", "fingerprint": "5690248490b7fbc8af9aa15fdfafc291325ae7f9fd555167e35beb30fee64306", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5690248490b7fbc8af9aa15fdfafc291325ae7f9fd555167e35beb30fee64306"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/esim.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 80135, "scanner": "repobility-threat-engine", "fingerprint": "ff5b6b0514b4632fec3bd3e7e558c89c7d1755bdd59a294f829e4cd2001d0efb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ff5b6b0514b4632fec3bd3e7e558c89c7d1755bdd59a294f829e4cd2001d0efb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/car/hyundai_enable_radar_points.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 80134, "scanner": "repobility-threat-engine", "fingerprint": "f7555f285d61c1370919144291b5efa5408e2337b7c6df4c4145a508a38d1dfc", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"Setting \\\"{config.name}\\\" to {config.value}:\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|8|print f setting config.name to config.value :"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/tici/amplifier.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 80133, "scanner": "repobility-threat-engine", "fingerprint": "d94235379a355ea0b622dcac975a4bbe4e4927b230047020ba384c204bdc6c51", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"current config: 0x{current_config.hex()", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|11|print f current config: 0x current_config.hex"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/car/hyundai_enable_radar_points.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 80132, "scanner": "repobility-threat-engine", "fingerprint": "c81308b37363f066dadf6e86cdcb75ef7290b7f8d4a9844c34a46bc698e9cbd6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c81308b37363f066dadf6e86cdcb75ef7290b7f8d4a9844c34a46bc698e9cbd6", "aggregated_count": 7}}}, {"ruleId": "SEC035", "level": "none", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 80128, "scanner": "repobility-threat-engine", "fingerprint": "0fa1f864063ea447e11d1cd4dcf64f383fc1779c1e2b958022ab8b0318d4f51c", "category": "resource_exhaustion", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0fa1f864063ea447e11d1cd4dcf64f383fc1779c1e2b958022ab8b0318d4f51c"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 80124, "scanner": "repobility-threat-engine", "fingerprint": "8a4bd872da419130753367ef5a61efa729f221dd8f26dbedd7003551d50a5f41", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a4bd872da419130753367ef5a61efa729f221dd8f26dbedd7003551d50a5f41"}}}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 80120, "scanner": "repobility-threat-engine", "fingerprint": "cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691"}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 80116, "scanner": "repobility-threat-engine", "fingerprint": "4815d8ca82f348ac5b7d811e6d804c508d67fc04e7f057b9020dd55f38bcd019", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4815d8ca82f348ac5b7d811e6d804c508d67fc04e7f057b9020dd55f38bcd019"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ui/widgets/keyboard.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 80115, "scanner": "repobility-threat-engine", "fingerprint": "bcc3378015f84c3de33172ee391aeddad44c981b356906443e5c011e64a53d57", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bcc3378015f84c3de33172ee391aeddad44c981b356906443e5c011e64a53d57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/assets/fonts/process.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 80113, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "MINED036", "level": "none", "message": {"text": "[MINED036] Python Os System Call (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 80109, "scanner": "repobility-threat-engine", "fingerprint": "55b0fa009c96a5f72aa4f1dffb7c061a90097db9f0b8c7be7df60162f7c255ba", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|55b0fa009c96a5f72aa4f1dffb7c061a90097db9f0b8c7be7df60162f7c255ba", "aggregated_count": 2}}}, {"ruleId": "SEC005", "level": "none", "message": {"text": "[SEC005] Command Injection Risk (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 80105, "scanner": "repobility-threat-engine", "fingerprint": "29647708d111908c3cbc306cba8a800725965d39d0af6a7fa39e5cfc0e80a28d", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|29647708d111908c3cbc306cba8a800725965d39d0af6a7fa39e5cfc0e80a28d"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 80098, "scanner": "repobility-threat-engine", "fingerprint": "ab8da9b5986ecd12b37a79c2996b8e50407d9cea73fb774fd0a38602f68fdc76", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ab8da9b5986ecd12b37a79c2996b8e50407d9cea73fb774fd0a38602f68fdc76", "aggregated_count": 1}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 80097, "scanner": "repobility-threat-engine", "fingerprint": "c63a241360db200db96db6378d3e220aaabce4d11ed9ef38267f7cc72e11f126", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c63a241360db200db96db6378d3e220aaabce4d11ed9ef38267f7cc72e11f126"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/base.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 80096, "scanner": "repobility-threat-engine", "fingerprint": "2bb16fffef906dfcceac6ecad2a33bb2a8bd0b887ab1fe9ba022acb7f687587f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2bb16fffef906dfcceac6ecad2a33bb2a8bd0b887ab1fe9ba022acb7f687587f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/mici/layouts/settings/firehose.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 80095, "scanner": "repobility-threat-engine", "fingerprint": "392bc2423ef2a903b7ccf12211de4917cf35b2c330b261b43a90fca13790bf1c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|392bc2423ef2a903b7ccf12211de4917cf35b2c330b261b43a90fca13790bf1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/timeout.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 80094, "scanner": "repobility-threat-engine", "fingerprint": "24cb949de0b3987330b23bb4f90e26bdc816ebe1ec34ae36e009f771500d6e3d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|24cb949de0b3987330b23bb4f90e26bdc816ebe1ec34ae36e009f771500d6e3d", "aggregated_count": 1}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 80093, "scanner": "repobility-threat-engine", "fingerprint": "b600daedbaba541abc856203b2819da95daca60405cd39139005cb109c83ab48", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b600daedbaba541abc856203b2819da95daca60405cd39139005cb109c83ab48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/manager/process.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 80092, "scanner": "repobility-threat-engine", "fingerprint": "58d932fa9ce9f46cb16eaf3c764086c4c7f397d2403f6eda4c51b120415aa2be", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|58d932fa9ce9f46cb16eaf3c764086c4c7f397d2403f6eda4c51b120415aa2be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/utils.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 80091, "scanner": "repobility-threat-engine", "fingerprint": "aaa1c5d3218d885afd7bc321b3e6060b38b097b3ed1200717eaca9795b223903", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aaa1c5d3218d885afd7bc321b3e6060b38b097b3ed1200717eaca9795b223903"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/swaglog.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 80089, "scanner": "repobility-threat-engine", "fingerprint": "142f7aedb7a9436cd459ad936899043ddc6e468368c1340ea7a18add42976f51", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|142f7aedb7a9436cd459ad936899043ddc6e468368c1340ea7a18add42976f51", "aggregated_count": 23}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 45 more): Same pattern found in 45 additional files. Review if needed."}, "properties": {"repobilityId": 80085, "scanner": "repobility-threat-engine", "fingerprint": "1129ab4f52ac299e8d72bb096716a495edddf4d4646266045eca46ebbf71a5b6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 45 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1129ab4f52ac299e8d72bb096716a495edddf4d4646266045eca46ebbf71a5b6", "aggregated_count": 45}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 80084, "scanner": "repobility-threat-engine", "fingerprint": "7cd81e426f1925c8e59f0d767d98f27cb501ab2ccff1f728a376a284a7d7c2a9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7cd81e426f1925c8e59f0d767d98f27cb501ab2ccff1f728a376a284a7d7c2a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/spinner.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 80083, "scanner": "repobility-threat-engine", "fingerprint": "358d56ba52ddf260e9f9bb98e03543bde6040c7ffbee964982c4ab3a4084d4bb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|358d56ba52ddf260e9f9bb98e03543bde6040c7ffbee964982c4ab3a4084d4bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/prefix.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 80082, "scanner": "repobility-threat-engine", "fingerprint": "cb4f0085daadbdc457a27bb1f13394266ddd6c2ab52e5d2c8955d2172492d7d2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb4f0085daadbdc457a27bb1f13394266ddd6c2ab52e5d2c8955d2172492d7d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/markdown.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 49 more): Same pattern found in 49 additional files. Review if needed."}, "properties": {"repobilityId": 80081, "scanner": "repobility-threat-engine", "fingerprint": "3b424b75c482e5c8e51d23fc250319f16f37d09e9ca4ad2d9095d46730b6c87e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 49 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 49 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3b424b75c482e5c8e51d23fc250319f16f37d09e9ca4ad2d9095d46730b6c87e"}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 80077, "scanner": "repobility-threat-engine", "fingerprint": "db566bf3b3b3f8f01ca18adc97519817de750eae1557c3bfd2b91b25f74dba02", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|db566bf3b3b3f8f01ca18adc97519817de750eae1557c3bfd2b91b25f74dba02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cereal/messaging/socketmaster.cc"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 80076, "scanner": "repobility-threat-engine", "fingerprint": "cfba63bb0e00eb297f8dd4361d30ad3aed812d36b37db1dde1917c3b4b31aec6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cfba63bb0e00eb297f8dd4361d30ad3aed812d36b37db1dde1917c3b4b31aec6", "aggregated_count": 19}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 80075, "scanner": "repobility-threat-engine", "fingerprint": "85ad1e5f487888b4d78b757abe76fa6adedda168b0d302931f38a6b9eafa8d7e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85ad1e5f487888b4d78b757abe76fa6adedda168b0d302931f38a6b9eafa8d7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/loggerd/encoderd.cc"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 80074, "scanner": "repobility-threat-engine", "fingerprint": "7b7e07e0dee3e49c1b612e03298043c2c5c18171db3462161e76cb57dedab01c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b7e07e0dee3e49c1b612e03298043c2c5c18171db3462161e76cb57dedab01c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/loggerd/encoder/encoder.cc"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 80073, "scanner": "repobility-threat-engine", "fingerprint": "93853b5e0875d86950952968287da26404a45348669bbded7b00c3fca1b28e5f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|93853b5e0875d86950952968287da26404a45348669bbded7b00c3fca1b28e5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cereal/messaging/bridge.cc"}, "region": {"startLine": 34}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 161 more): Same pattern found in 161 additional files. Review if needed."}, "properties": {"repobilityId": 80072, "scanner": "repobility-threat-engine", "fingerprint": "52315dccc20dcf0d8669c07f40f8be1cafb57c70dd082d48531915965efeaf30", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 161 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "__init__", "breakdown": {"or": 2, "for": 1, "except": 1, "ternary": 5, "nested_bonus": 2}, "aggregated": true, "complexity": 11, "correlation_key": "fp|52315dccc20dcf0d8669c07f40f8be1cafb57c70dd082d48531915965efeaf30", "aggregated_count": 161}}}, {"ruleId": "DKR001", "level": "error", "message": {"text": "Docker final stage runs as root"}, "properties": {"repobilityId": 80190, "scanner": "repobility-docker", "fingerprint": "7cb1c7d6322492381165c004f19bd85fbcb278adb07a425ea1932069612bb61e", "category": "docker", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Final Dockerfile USER resolves to root.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_user": "root", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7cb1c7d6322492381165c004f19bd85fbcb278adb07a425ea1932069612bb61e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.openpilot"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 80186, "scanner": "repobility-threat-engine", "fingerprint": "ac289a447b9cd91780f5ba16c93c2bff8572d11009f74290e5895a876176173e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(function_src", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac289a447b9cd91780f5ba16c93c2bff8572d11009f74290e5895a876176173e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/jotpluggler/math_eval.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 80185, "scanner": "repobility-threat-engine", "fingerprint": "74d8562b07a6cd672d81e600c017d4eba11a7fd70f3d331f34427b29a70da88c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(view", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|74d8562b07a6cd672d81e600c017d4eba11a7fd70f3d331f34427b29a70da88c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/cabana/tools/findsignal.cc"}, "region": {"startLine": 277}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 80184, "scanner": "repobility-threat-engine", "fingerprint": "8629850e1588d8570cde8ad02b9ba40d55090ef81a1b0a34d79be36a401e1dde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(tabbar", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8629850e1588d8570cde8ad02b9ba40d55090ef81a1b0a34d79be36a401e1dde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/cabana/detailwidget.cc"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 80178, "scanner": "repobility-threat-engine", "fingerprint": "c751c9ae191d9f1480bef7f971fb576fba1a9ba985fbec3a8ac6f9d9c365c759", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(str(directory)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c751c9ae191d9f1480bef7f971fb576fba1a9ba985fbec3a8ac6f9d9c365c759"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/updated/casync/tar.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 80169, "scanner": "repobility-threat-engine", "fingerprint": "837944c08fdfdc53bbc71da3b74115097f901f8b53ed12a6e152e2e4b27a096b", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(tmp, params", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|system/manager/helpers.py|57|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/manager/helpers.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 80166, "scanner": "repobility-threat-engine", "fingerprint": "75f0f572d426634b6de411c0def33a44b2568e5cfbb6b7ff95a875789631520b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|75f0f572d426634b6de411c0def33a44b2568e5cfbb6b7ff95a875789631520b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/tombstoned.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 80165, "scanner": "repobility-threat-engine", "fingerprint": "ba5031bec6d3ef9630b5166d729afabd3474a1dba9af75a4508d09ef259697f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba5031bec6d3ef9630b5166d729afabd3474a1dba9af75a4508d09ef259697f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/timed.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 80164, "scanner": "repobility-threat-engine", "fingerprint": "1f6baec4edab51209b1d18031d56f84c5606d43cde661522437995928e40a8a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1f6baec4edab51209b1d18031d56f84c5606d43cde661522437995928e40a8a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/tici/agnos.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 80156, "scanner": "repobility-threat-engine", "fingerprint": "bfd0aab45d0342a65d871edb246d6ce5107430d8852d0809783137428d9e3c8e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bfd0aab45d0342a65d871edb246d6ce5107430d8852d0809783137428d9e3c8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ubloxd/pigeond.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 80155, "scanner": "repobility-threat-engine", "fingerprint": "3fe5ec3e411b2a39c3cff42dc5c1c73804cbf53082aee97455cfbab9d097ed11", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'nplurals=(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|301|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/translations/potools.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 80153, "scanner": "repobility-threat-engine", "fingerprint": "4b15aa69d490a7731bae1f58242ed9304db1b68d86bb242c1ac0a0b46adffb15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4b15aa69d490a7731bae1f58242ed9304db1b68d86bb242c1ac0a0b46adffb15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/get_model_metadata.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 80131, "scanner": "repobility-threat-engine", "fingerprint": "0ae6ddeb4d6ec9f99737ac8e192a83c69dcd865862cc6d844b8ce1c3a499dc8c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ae6ddeb4d6ec9f99737ac8e192a83c69dcd865862cc6d844b8ce1c3a499dc8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/uiview.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 80130, "scanner": "repobility-threat-engine", "fingerprint": "baa9a56f98d74a3881fbeca425fdbf70ef8c8744c5235d967cd84102577dec87", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|baa9a56f98d74a3881fbeca425fdbf70ef8c8744c5235d967cd84102577dec87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/check_timings.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 80129, "scanner": "repobility-threat-engine", "fingerprint": "62fda775e1a860f9eb4042cb10ab4a6d1051517ed28411344ac0f2189fa77db3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62fda775e1a860f9eb4042cb10ab4a6d1051517ed28411344ac0f2189fa77db3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/can_print_changes.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 80127, "scanner": "repobility-threat-engine", "fingerprint": "ed7979a7f8a014ee5d411e3b79362160f7ea5f5d0c8cd3698675339e8cd028a3", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(params.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ed7979a7f8a014ee5d411e3b79362160f7ea5f5d0c8cd3698675339e8cd028a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/lateral_maneuvers/lateral_maneuversd.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 80126, "scanner": "repobility-threat-engine", "fingerprint": "642453d0be604792a504ae4bffd3199cb86c1fbf79709808cc6b7f92eb8664ff", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(params.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|642453d0be604792a504ae4bffd3199cb86c1fbf79709808cc6b7f92eb8664ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/joystick/joystickd.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 80125, "scanner": "repobility-threat-engine", "fingerprint": "4ac5600d0954430f0bfe102078f68004dc2843a6085b757b07b74085e1e557c2", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(params.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4ac5600d0954430f0bfe102078f68004dc2843a6085b757b07b74085e1e557c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/controls/plannerd.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 80119, "scanner": "repobility-threat-engine", "fingerprint": "716e3a06fbc8b32f4e5ab0b8c2e5ce630acc2a121e2052f25685457a6a22b384", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(\"/data/params", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|216|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/installer/installer.cc"}, "region": {"startLine": 216}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 80118, "scanner": "repobility-threat-engine", "fingerprint": "dea06d06917c77378651189bda785b02664930348dd3300613e13e78da25d679", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(TG_INPUT", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|selfdrive/modeld/helpers.py|11|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/helpers.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 80117, "scanner": "repobility-threat-engine", "fingerprint": "8631a08437bafadbb00818ee346af3ab6b2803233eec087fe8b8f7d7d5d42d80", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(\"/cache/params", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|selfdrive/car/card.py|122|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/car/card.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 80114, "scanner": "repobility-threat-engine", "fingerprint": "805e407ead8bf57c78e140ad1b56c7f9d6f55c7484f14f4da94e0e17fa63edd3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|805e407ead8bf57c78e140ad1b56c7f9d6f55c7484f14f4da94e0e17fa63edd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci_results.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 80112, "scanner": "repobility-threat-engine", "fingerprint": "95734a95dd885a20adaff75d00cdaf466077738b9a891efa0b70209a553ba957", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|95734a95dd885a20adaff75d00cdaf466077738b9a891efa0b70209a553ba957"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/widgets/pairing_dialog.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 80111, "scanner": "repobility-threat-engine", "fingerprint": "49f5ce43efbd82c13f36dcf9eb80e291e0f4eed6f8ee5e1ea4ad2020b5c4e4b8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|49f5ce43efbd82c13f36dcf9eb80e291e0f4eed6f8ee5e1ea4ad2020b5c4e4b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/mici/widgets/pairing_dialog.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 80110, "scanner": "repobility-threat-engine", "fingerprint": "b1660a4dacdee3eb3f6cd425e0446a3028c1d113a3633191f348073d73ced4a1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b1660a4dacdee3eb3f6cd425e0446a3028c1d113a3633191f348073d73ced4a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci_results.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 80108, "scanner": "repobility-threat-engine", "fingerprint": "fb62d73b694f22c146857266090fc1eb4647b9c2ad35924849e41a011ef82b85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb62d73b694f22c146857266090fc1eb4647b9c2ad35924849e41a011ef82b85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/tici/agnos.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 80107, "scanner": "repobility-threat-engine", "fingerprint": "76c74b71115f7a5236d794d7db2c615fa869c3328b7ba5fb2493d57ba8a2bea1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76c74b71115f7a5236d794d7db2c615fa869c3328b7ba5fb2493d57ba8a2bea1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/layouts/settings/software.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 80106, "scanner": "repobility-threat-engine", "fingerprint": "9e8dcafbad09c48da47d68b420f324aa5013fa33e8dc34324544a47aef25f109", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e8dcafbad09c48da47d68b420f324aa5013fa33e8dc34324544a47aef25f109"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/utils.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC005", "level": "error", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 80103, "scanner": "repobility-threat-engine", "fingerprint": "5fcc8c9c48b96cac2932f3670cc4406fde6f59efbe21c5051969bbe3479314c1", "category": "injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Command source appears controllable (config/plugin/argv/user input)", "evidence": {"match": "os.system(f\"", "reason": "Command source appears controllable (config/plugin/argv/user input)", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|injection|system/ui/tici_reset.py|48|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ui/tici_reset.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC005", "level": "error", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 80102, "scanner": "repobility-threat-engine", "fingerprint": "c8dd1e3aa35efa11ea75e1a09d62ea7420c7704d3a0e39b7034089c6a2ac0b6e", "category": "injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Command source appears controllable (config/plugin/argv/user input)", "evidence": {"match": "os.system(f\"", "reason": "Command source appears controllable (config/plugin/argv/user input)", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|injection|system/ui/mici_reset.py|109|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/ui/mici_reset.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 80101, "scanner": "repobility-threat-engine", "fingerprint": "6a1d0762d98a6fadd02cd8cc6e75f5c015ea6b4afd2f1e2edfc04840d0767d24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a1d0762d98a6fadd02cd8cc6e75f5c015ea6b4afd2f1e2edfc04840d0767d24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/jotpluggler/util.cc"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 80100, "scanner": "repobility-threat-engine", "fingerprint": "2ed98579497dadd05d2f78e5f8b31d82ff3d76f91edb6f75a3a068c6d2568035", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ed98579497dadd05d2f78e5f8b31d82ff3d76f91edb6f75a3a068c6d2568035"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/installer/installer.cc"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 80099, "scanner": "repobility-threat-engine", "fingerprint": "94a9c4e6741073bf8126e548d612a5984339ce7087b0068d193a8911499c361b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94a9c4e6741073bf8126e548d612a5984339ce7087b0068d193a8911499c361b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/util.h"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 80090, "scanner": "repobility-threat-engine", "fingerprint": "5daaeb8260bf912c6561519eefb79739c1519e580fec4950ce63a64d89f1a463", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5daaeb8260bf912c6561519eefb79739c1519e580fec4950ce63a64d89f1a463"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/spinner.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 80088, "scanner": "repobility-threat-engine", "fingerprint": "bb8e398a0d11daf796cc48a32e6a164552b9888b41ec8fd09b5d20ae03bc7013", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb8e398a0d11daf796cc48a32e6a164552b9888b41ec8fd09b5d20ae03bc7013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/timeout.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 80087, "scanner": "repobility-threat-engine", "fingerprint": "d15e2c79a485763151ca217e05733ce6b301862eee81d93c697e7f66f2b083f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d15e2c79a485763151ca217e05733ce6b301862eee81d93c697e7f66f2b083f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/spinner.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 80086, "scanner": "repobility-threat-engine", "fingerprint": "ef296fe2934509c28fb2a45aab5ce57130884768f6c4eac606792d9d2499ea35", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ef296fe2934509c28fb2a45aab5ce57130884768f6c4eac606792d9d2499ea35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/prefix.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 80080, "scanner": "repobility-threat-engine", "fingerprint": "57b0e9cf59bf0c26c9eea51d06b8fbb4744fea08446e35cf86cda3a7efc9654d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.global_ctx.update(kwargs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|57b0e9cf59bf0c26c9eea51d06b8fbb4744fea08446e35cf86cda3a7efc9654d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/logging_extra.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 80079, "scanner": "repobility-threat-engine", "fingerprint": "46c6b878efbbec030d7594a15b4936abe78b9500d229e00e680ef24c2b3707d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.velocity.update(0.0)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|46c6b878efbbec030d7594a15b4936abe78b9500d229e00e680ef24c2b3707d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/filter_simple.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 80078, "scanner": "repobility-threat-engine", "fingerprint": "8e87e675778fa419c2076d12282860ba391d2f64b93351dbb98c02dbd63f2335", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "payload.update(payload_extra)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8e87e675778fa419c2076d12282860ba391d2f64b93351dbb98c02dbd63f2335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/api.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80066, "scanner": "repobility-supply-chain", "fingerprint": "f0a5b3aeee73242fdffd954701f8b49ff6aa84603130a7947b7d3fab774b4eeb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0a5b3aeee73242fdffd954701f8b49ff6aa84603130a7947b7d3fab774b4eeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 80065, "scanner": "repobility-supply-chain", "fingerprint": "b9b4ec964e5a39648f6a961372870e20c549aa9f16e4603af168dd76c6d8fc10", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9b4ec964e5a39648f6a961372870e20c549aa9f16e4603af168dd76c6d8fc10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80064, "scanner": "repobility-supply-chain", "fingerprint": "858bc4780f4ca2b9d50790920f06282fb3653b3d38b8bc35d5989fbd1503653d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|858bc4780f4ca2b9d50790920f06282fb3653b3d38b8bc35d5989fbd1503653d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80063, "scanner": "repobility-supply-chain", "fingerprint": "1e821dd360359313dc23f1565d7b95e49b9c2e770414ef541ddfd056cc6d8f96", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e821dd360359313dc23f1565d7b95e49b9c2e770414ef541ddfd056cc6d8f96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80062, "scanner": "repobility-supply-chain", "fingerprint": "9d0aa1241a972420223d303b543776fd339831a250f87af7e495ef6e5d0b1e08", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9d0aa1241a972420223d303b543776fd339831a250f87af7e495ef6e5d0b1e08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80061, "scanner": "repobility-supply-chain", "fingerprint": "24f977097b399592c7d26f0a94bb7fa8f0af32b7b8cb172311936d7a0af700dd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|24f977097b399592c7d26f0a94bb7fa8f0af32b7b8cb172311936d7a0af700dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80060, "scanner": "repobility-supply-chain", "fingerprint": "8852d151e8ee43b1fe557f962ed294b150f77dec6283dbf0688707cb713fdce4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8852d151e8ee43b1fe557f962ed294b150f77dec6283dbf0688707cb713fdce4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80059, "scanner": "repobility-supply-chain", "fingerprint": "42f3e8202ca91e7b31d95b795d5f6da415361cc70951c7b97066d2644540c562", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|42f3e8202ca91e7b31d95b795d5f6da415361cc70951c7b97066d2644540c562"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80058, "scanner": "repobility-supply-chain", "fingerprint": "59a4ed322806b45f060c84ae149b223f29d01e74d98cdcb82896686eae2b9e01", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|59a4ed322806b45f060c84ae149b223f29d01e74d98cdcb82896686eae2b9e01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80056, "scanner": "repobility-supply-chain", "fingerprint": "c8e372d35980fbe7cd5a5a38faca1da27436fbf57c7884177ac001f62c83a04f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c8e372d35980fbe7cd5a5a38faca1da27436fbf57c7884177ac001f62c83a04f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80055, "scanner": "repobility-supply-chain", "fingerprint": "0ab0bd25bb12fe18d9b139c78bae14e6ddd2ab2759740a076120f6c4d38d8862", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ab0bd25bb12fe18d9b139c78bae14e6ddd2ab2759740a076120f6c4d38d8862"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `commaai/timeout` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 80054, "scanner": "repobility-supply-chain", "fingerprint": "b3502aebd98010ff1ad48b1e2d62e6176874c4173c9f30068db10380624eeb2f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b3502aebd98010ff1ad48b1e2d62e6176874c4173c9f30068db10380624eeb2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80053, "scanner": "repobility-supply-chain", "fingerprint": "8e993a2b87fc794deaf277316c0a392a6bac67b994ab03e2de001bc7c1dbc275", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e993a2b87fc794deaf277316c0a392a6bac67b994ab03e2de001bc7c1dbc275"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/model_review.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80052, "scanner": "repobility-supply-chain", "fingerprint": "5b74be9f81465bb07d99d90a273a160b65c1dcc70f3c371d4504582d3bf5e437", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5b74be9f81465bb07d99d90a273a160b65c1dcc70f3c371d4504582d3bf5e437"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/model_review.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/stale` pinned to mutable ref `@v10`"}, "properties": {"repobilityId": 80051, "scanner": "repobility-supply-chain", "fingerprint": "d8889612581c66be18ec94edb47fe3dff5522aed8877ca3de41e791e3f9ba9ea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d8889612581c66be18ec94edb47fe3dff5522aed8877ca3de41e791e3f9ba9ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stale.yaml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/stale` pinned to mutable ref `@v10`"}, "properties": {"repobilityId": 80050, "scanner": "repobility-supply-chain", "fingerprint": "5b9e978c109a3ede78a3124b195438d5af34aa74f0fed157b8b2d2018082e25d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5b9e978c109a3ede78a3124b195438d5af34aa74f0fed157b8b2d2018082e25d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stale.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80049, "scanner": "repobility-supply-chain", "fingerprint": "a54b7c22bd385a5b2d1bd6af0f12b98593f3328c24fc08751a092624a327a5a8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a54b7c22bd385a5b2d1bd6af0f12b98593f3328c24fc08751a092624a327a5a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/repo-maintenance.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `thollander/actions-comment-pull-request` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 80048, "scanner": "repobility-supply-chain", "fingerprint": "5d7727af3a69de45f942ae62afd0e8a885cee937fe9854a578acba17fc462b81", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d7727af3a69de45f942ae62afd0e8a885cee937fe9854a578acba17fc462b81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/diff_report.yaml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dawidd6/action-download-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80047, "scanner": "repobility-supply-chain", "fingerprint": "cf23b03f46d0fd928d595e0f9842e1bfac72ca9cbc83633e0291524bc6d5ae51", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf23b03f46d0fd928d595e0f9842e1bfac72ca9cbc83633e0291524bc6d5ae51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/diff_report.yaml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `lewagon/wait-on-check-action` pinned to mutable ref `@v1.3.4`"}, "properties": {"repobilityId": 80046, "scanner": "repobility-supply-chain", "fingerprint": "0b68ae6e3159f0187eb3d0cf658d484dd113d7e3a08fd47e0e252566c96ff16c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b68ae6e3159f0187eb3d0cf658d484dd113d7e3a08fd47e0e252566c96ff16c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/diff_report.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 80045, "scanner": "repobility-supply-chain", "fingerprint": "7286921be5d745b166b9f6dc370cca65d2ff3fb37c586cf1f2c6ebed5bf5d67e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7286921be5d745b166b9f6dc370cca65d2ff3fb37c586cf1f2c6ebed5bf5d67e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 80044, "scanner": "repobility-supply-chain", "fingerprint": "b6e786755e7cbdf5d5754fe51971bbf70f579bf436abe66d2551dedec5d999a3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b6e786755e7cbdf5d5754fe51971bbf70f579bf436abe66d2551dedec5d999a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/jenkins-pr-trigger.yaml"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 80043, "scanner": "repobility-supply-chain", "fingerprint": "c42f7b78a1f5f45c1764f73973dd89132e7a34167330d1a8b82a5ec23d8b0d43", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c42f7b78a1f5f45c1764f73973dd89132e7a34167330d1a8b82a5ec23d8b0d43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/jenkins-pr-trigger.yaml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 80042, "scanner": "repobility-supply-chain", "fingerprint": "d542eda746ba3c135017ca0e9831bf0f6c2c7d18c330f1c720ad1e8530273215", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d542eda746ba3c135017ca0e9831bf0f6c2c7d18c330f1c720ad1e8530273215"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/jenkins-pr-trigger.yaml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 80041, "scanner": "repobility-supply-chain", "fingerprint": "51b0abbaa427cda832b24952c55567aa4f993d975cf28564d841bfd45edbc2fa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|51b0abbaa427cda832b24952c55567aa4f993d975cf28564d841bfd45edbc2fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/jenkins-pr-trigger.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:24.04` not pinned by digest"}, "properties": {"repobilityId": 80040, "scanner": "repobility-supply-chain", "fingerprint": "b9c87823cf68cf03ce4f093e342b5ca1eb0a2eb44f2ca468694370986278f7fa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9c87823cf68cf03ce4f093e342b5ca1eb0a2eb44f2ca468694370986278f7fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.openpilot"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ned_batch"}, "properties": {"repobilityId": 80028, "scanner": "repobility-ast-engine", "fingerprint": "fa8a4f2f1bedf9e355c4713dc7c91595043c9fc28adeb6ddd8b7c8dadf7ec739", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa8a4f2f1bedf9e355c4713dc7c91595043c9fc28adeb6ddd8b7c8dadf7ec739"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/transformations/tests/test_coordinates.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ned_saved_results"}, "properties": {"repobilityId": 80027, "scanner": "repobility-ast-engine", "fingerprint": "769d744747b033a991a170a47517c3fed1da7da9c47210b4df87f4479b016eed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|769d744747b033a991a170a47517c3fed1da7da9c47210b4df87f4479b016eed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/transformations/tests/test_coordinates.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ned"}, "properties": {"repobilityId": 80026, "scanner": "repobility-ast-engine", "fingerprint": "2f75cd17dbd25ac9c6cd16d59f9af7630b0f66f39f18c5d225f39aecc8347159", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f75cd17dbd25ac9c6cd16d59f9af7630b0f66f39f18c5d225f39aecc8347159"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/transformations/tests/test_coordinates.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ecef_geodetic"}, "properties": {"repobilityId": 80025, "scanner": "repobility-ast-engine", "fingerprint": "1dd644973d3bfba53e0316da31dbf0b324fbadc7811bb6639dcb414036d7b61a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1dd644973d3bfba53e0316da31dbf0b324fbadc7811bb6639dcb414036d7b61a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/transformations/tests/test_coordinates.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_params_unknown_key_fails"}, "properties": {"repobilityId": 80024, "scanner": "repobility-ast-engine", "fingerprint": "5f2f08c62083abecb2a3ef89fe653d751a9d8db5dbec8ad0a613c9e2e60ea5a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f2f08c62083abecb2a3ef89fe653d751a9d8db5dbec8ad0a613c9e2e60ea5a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/tests/test_params.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_atomic_write"}, "properties": {"repobilityId": 80023, "scanner": "repobility-ast-engine", "fingerprint": "64c2f8fedae1b0381f82dbab1b4e6348960af1c47d4b9463c971407715d8fc71", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64c2f8fedae1b0381f82dbab1b4e6348960af1c47d4b9463c971407715d8fc71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/tests/test_file_helpers.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_release_to_devel_bootstub"}, "properties": {"repobilityId": 80022, "scanner": "repobility-ast-engine", "fingerprint": "a8350ec30fcd980f1de194e17b86d01f37978a3752b933f9341f555a48e3652e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8350ec30fcd980f1de194e17b86d01f37978a3752b933f9341f555a48e3652e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/pandad/tests/test_pandad.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_in_dfu"}, "properties": {"repobilityId": 80021, "scanner": "repobility-ast-engine", "fingerprint": "68a038c19ea37e2ea5be48d7d6a1cf3f0e6f83fc94703105de2f4861f2b34cdc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68a038c19ea37e2ea5be48d7d6a1cf3f0e6f83fc94703105de2f4861f2b34cdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/pandad/tests/test_pandad.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_read_saved_params"}, "properties": {"repobilityId": 80020, "scanner": "repobility-ast-engine", "fingerprint": "212ab41a3b516c6ddb1b5bf67b40e029b3daf78bc3895e13849d9548f9c5fcd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|212ab41a3b516c6ddb1b5bf67b40e029b3daf78bc3895e13849d9548f9c5fcd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/locationd/test/test_paramsd.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_switch_convergence"}, "properties": {"repobilityId": 80019, "scanner": "repobility-ast-engine", "fingerprint": "9d2fb5cb4c8b0195d1ebc0e98eedb062c0bdb3ac104dd4a9580e2dcfcd1f0de0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d2fb5cb4c8b0195d1ebc0e98eedb062c0bdb3ac104dd4a9580e2dcfcd1f0de0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/controls/tests/test_lateral_mpc.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_psi_symmetry"}, "properties": {"repobilityId": 80018, "scanner": "repobility-ast-engine", "fingerprint": "bc09c491db8d5835e2aed2e4d127f29f4018a5c9b27804c281c53261ce973a69", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc09c491db8d5835e2aed2e4d127f29f4018a5c9b27804c281c53261ce973a69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/controls/tests/test_lateral_mpc.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_curvature_symmetry"}, "properties": {"repobilityId": 80017, "scanner": "repobility-ast-engine", "fingerprint": "3549ff626a4240bc4c3fdb83678bf2d5c6707222a02c467e6bb199071fa690d9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3549ff626a4240bc4c3fdb83678bf2d5c6707222a02c467e6bb199071fa690d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/controls/tests/test_lateral_mpc.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_poly_symmetry"}, "properties": {"repobilityId": 80016, "scanner": "repobility-ast-engine", "fingerprint": "e7930fa3384ee243ef2878b7496781d983f9702af244f0b7367ebcd67836962f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7930fa3384ee243ef2878b7496781d983f9702af244f0b7367ebcd67836962f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/controls/tests/test_lateral_mpc.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_y_symmetry"}, "properties": {"repobilityId": 80015, "scanner": "repobility-ast-engine", "fingerprint": "175c9c732f35971bb1fdc8fc310f564fd7c6fcf98a8bd56977f775a12f43d786", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|175c9c732f35971bb1fdc8fc310f564fd7c6fcf98a8bd56977f775a12f43d786"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/controls/tests/test_lateral_mpc.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_straight"}, "properties": {"repobilityId": 80014, "scanner": "repobility-ast-engine", "fingerprint": "21df1142ba2362c42bad78f4111b840e7a2c6be5697ee23a63c873f668766d22", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21df1142ba2362c42bad78f4111b840e7a2c6be5697ee23a63c873f668766d22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/controls/tests/test_lateral_mpc.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_car_interfaces"}, "properties": {"repobilityId": 80013, "scanner": "repobility-ast-engine", "fingerprint": "96d659f5dfc79f7afb759dfe3aee864cf2d68829b3881a17848f6959102105c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96d659f5dfc79f7afb759dfe3aee864cf2d68829b3881a17848f6959102105c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/car/tests/test_car_interfaces.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_docs_diff"}, "properties": {"repobilityId": 80012, "scanner": "repobility-ast-engine", "fingerprint": "a5a7039296f42524b913f4aabd7ffd3cd4d74fcb029ec34ece09b1019badccb9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5a7039296f42524b913f4aabd7ffd3cd4d74fcb029ec34ece09b1019badccb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/car/tests/test_docs.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_generator"}, "properties": {"repobilityId": 80011, "scanner": "repobility-ast-engine", "fingerprint": "2fb8deb49ee73985d0d3173523cde16b043cfc7085fa61421c8cbc45c2964b53", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2fb8deb49ee73985d0d3173523cde16b043cfc7085fa61421c8cbc45c2964b53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/car/tests/test_docs.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_onroad_alerts"}, "properties": {"repobilityId": 80009, "scanner": "repobility-ast-engine", "fingerprint": "2a06dc3cb798d92113f443c8b4d4d4ac0cfcf434c319d4f1405af93364164cca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a06dc3cb798d92113f443c8b4d4d4ac0cfcf434c319d4f1405af93364164cca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/tests/diff/replay_script.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raylib_ui"}, "properties": {"repobilityId": 80008, "scanner": "repobility-ast-engine", "fingerprint": "0837ebd596998657c18c0034b0507565edf47ee5391dfdbc60296b4e67918a43", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0837ebd596998657c18c0034b0507565edf47ee5391dfdbc60296b4e67918a43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/tests/test_raylib_ui.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fuzz_process"}, "properties": {"repobilityId": 80001, "scanner": "repobility-ast-engine", "fingerprint": "bea83bd716409243ead5db53487b438f1b66a421231721ba9f1eab572c79274c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bea83bd716409243ead5db53487b438f1b66a421231721ba9f1eab572c79274c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/test_fuzzy.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_process"}, "properties": {"repobilityId": 79998, "scanner": "repobility-ast-engine", "fingerprint": "2c386678a1fba219d0a214459951744cc3aeddd1c72dfc6aa05bf1fb32c90621", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c386678a1fba219d0a214459951744cc3aeddd1c72dfc6aa05bf1fb32c90621"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/test_processes.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_update_loop"}, "properties": {"repobilityId": 79995, "scanner": "repobility-ast-engine", "fingerprint": "3aca26c0b24e7331e6457a9937cf234c87fa143696ffc97212256012bdf09def", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3aca26c0b24e7331e6457a9937cf234c87fa143696ffc97212256012bdf09def"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/test_updated.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_update"}, "properties": {"repobilityId": 79994, "scanner": "repobility-ast-engine", "fingerprint": "1227a4126ab9b9183b5a577a1fd7e410298fe950282c9ed72ac6654254ba6990", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1227a4126ab9b9183b5a577a1fd7e410298fe950282c9ed72ac6654254ba6990"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/test_updated.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_no_update"}, "properties": {"repobilityId": 79993, "scanner": "repobility-ast-engine", "fingerprint": "79f0fe25f61b370d2cf66d485b97757d30d2bf14b12d596bd7215d7064f376ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|79f0fe25f61b370d2cf66d485b97757d30d2bf14b12d596bd7215d7064f376ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/test_updated.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.stream` used but never assigned in __init__"}, "properties": {"repobilityId": 79981, "scanner": "repobility-ast-engine", "fingerprint": "1e2c80acc370ada0ed22130289bb02813aa88ee0e5c5824c6252abf63bacea48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e2c80acc370ada0ed22130289bb02813aa88ee0e5c5824c6252abf63bacea48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/swaglog.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.stream` used but never assigned in __init__"}, "properties": {"repobilityId": 79980, "scanner": "repobility-ast-engine", "fingerprint": "78ae455d58c80f68879cc247cb25663958a6a06c553775d54b9c4378d151afe2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78ae455d58c80f68879cc247cb25663958a6a06c553775d54b9c4378d151afe2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/swaglog.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoding` used but never assigned in __init__"}, "properties": {"repobilityId": 79979, "scanner": "repobility-ast-engine", "fingerprint": "55d6d1a8bda8e58e13de044145e9613d455c51188aafc43a679b621c9e5487e0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55d6d1a8bda8e58e13de044145e9613d455c51188aafc43a679b621c9e5487e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/swaglog.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.mode` used but never assigned in __init__"}, "properties": {"repobilityId": 79978, "scanner": "repobility-ast-engine", "fingerprint": "6c45d0ee2b8ff4dbe7b95afe743b5e25b7695eddd1772d29e4c3fabfbf3bdce1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c45d0ee2b8ff4dbe7b95afe743b5e25b7695eddd1772d29e4c3fabfbf3bdce1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/swaglog.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._smbus_access` used but never assigned in __init__"}, "properties": {"repobilityId": 79977, "scanner": "repobility-ast-engine", "fingerprint": "737774ddaaf654176171c31c6a8040facfed9fb7a95835b20e72fcf6e02e4c32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|737774ddaaf654176171c31c6a8040facfed9fb7a95835b20e72fcf6e02e4c32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/i2c.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_address` used but never assigned in __init__"}, "properties": {"repobilityId": 79976, "scanner": "repobility-ast-engine", "fingerprint": "58a1d54591fca5e54e20c84fda5d854e60bef5a7c677701d912ebd55a04493f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58a1d54591fca5e54e20c84fda5d854e60bef5a7c677701d912ebd55a04493f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/i2c.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._smbus_access` used but never assigned in __init__"}, "properties": {"repobilityId": 79975, "scanner": "repobility-ast-engine", "fingerprint": "714fd5483f2f6a218e993bb8ab2e4c5adf7fd498f963ab7f629e7dd67486f388", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|714fd5483f2f6a218e993bb8ab2e4c5adf7fd498f963ab7f629e7dd67486f388"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/i2c.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_address` used but never assigned in __init__"}, "properties": {"repobilityId": 79974, "scanner": "repobility-ast-engine", "fingerprint": "1727843c5fd794fd6bfdd8a1f39f7e816f159b1aa7a001d6976ff524bc035de5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1727843c5fd794fd6bfdd8a1f39f7e816f159b1aa7a001d6976ff524bc035de5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/i2c.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._smbus_access` used but never assigned in __init__"}, "properties": {"repobilityId": 79973, "scanner": "repobility-ast-engine", "fingerprint": "8618795ff5c34d68caed842e4b5e5c5ef6acef2597261bda5c94333fca49d7a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8618795ff5c34d68caed842e4b5e5c5ef6acef2597261bda5c94333fca49d7a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/i2c.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_address` used but never assigned in __init__"}, "properties": {"repobilityId": 79972, "scanner": "repobility-ast-engine", "fingerprint": "8c67e958887b59e7ca2175155b0044f329be1815da1cff8740d5e7cde6fdf81d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c67e958887b59e7ca2175155b0044f329be1815da1cff8740d5e7cde6fdf81d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/i2c.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.close` used but never assigned in __init__"}, "properties": {"repobilityId": 79971, "scanner": "repobility-ast-engine", "fingerprint": "7299ca4bfc220d5d8b641e4c9d308ed4a5d200bbab7644d195133ab5e672feea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7299ca4bfc220d5d8b641e4c9d308ed4a5d200bbab7644d195133ab5e672feea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/i2c.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.close` used but never assigned in __init__"}, "properties": {"repobilityId": 79970, "scanner": "repobility-ast-engine", "fingerprint": "c815344ab8d20b4d2036b28c3001be7bf0b3f426fa3cd1d210bfe1746360daf7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c815344ab8d20b4d2036b28c3001be7bf0b3f426fa3cd1d210bfe1746360daf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/text_window.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.close` used but never assigned in __init__"}, "properties": {"repobilityId": 79969, "scanner": "repobility-ast-engine", "fingerprint": "b6025f86119348157f967eabfbf00da78f73ef1d3f0a7582affd67a5a58d976d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6025f86119348157f967eabfbf00da78f73ef1d3f0a7582affd67a5a58d976d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/text_window.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_status` used but never assigned in __init__"}, "properties": {"repobilityId": 79968, "scanner": "repobility-ast-engine", "fingerprint": "2b31855fe7bcad8cdc1b17b4a24ff5bfe0afd49941b81fad31bf2708e3e322c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b31855fe7bcad8cdc1b17b4a24ff5bfe0afd49941b81fad31bf2708e3e322c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/text_window.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.reader` used but never assigned in __init__"}, "properties": {"repobilityId": 79967, "scanner": "repobility-ast-engine", "fingerprint": "e87ed473be0ddcc70e1e8c60b4aa9d84a86cb43032c5bbdeb4ff8d926bf9b39a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e87ed473be0ddcc70e1e8c60b4aa9d84a86cb43032c5bbdeb4ff8d926bf9b39a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/reporter.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._parse_StringStringEntryProto` used but never assigned in __init__"}, "properties": {"repobilityId": 79966, "scanner": "repobility-ast-engine", "fingerprint": "3e10790b3ac1c8e0168088d7908659ffa56aa41fb90ed231d304d5149606a53a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e10790b3ac1c8e0168088d7908659ffa56aa41fb90ed231d304d5149606a53a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/reporter.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.reader` used but never assigned in __init__"}, "properties": {"repobilityId": 79965, "scanner": "repobility-ast-engine", "fingerprint": "bdc6e90c5abe61a85fed153c0b73829023e74876ece73cf71b400b9157bba97f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bdc6e90c5abe61a85fed153c0b73829023e74876ece73cf71b400b9157bba97f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/reporter.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._parse_message` used but never assigned in __init__"}, "properties": {"repobilityId": 79964, "scanner": "repobility-ast-engine", "fingerprint": "8d5c31d459eab12fd3038a1f9c7ee51dcf2bc9b10cc26b79646136196c303c8c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d5c31d459eab12fd3038a1f9c7ee51dcf2bc9b10cc26b79646136196c303c8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/reporter.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.git_normalized_origin` used but never assigned in __init__"}, "properties": {"repobilityId": 79963, "scanner": "repobility-ast-engine", "fingerprint": "faae8b4e2433df498b2836da170c06df17805320898a77cf6c52acfe78872aae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|faae8b4e2433df498b2836da170c06df17805320898a77cf6c52acfe78872aae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/version.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.update` used but never assigned in __init__"}, "properties": {"repobilityId": 79961, "scanner": "repobility-ast-engine", "fingerprint": "4b61925bca8cac959fec8eaf33f2baa55cfa5c9e7bfb74fdb09ff347b0a775d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b61925bca8cac959fec8eaf33f2baa55cfa5c9e7bfb74fdb09ff347b0a775d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/micd.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_stream` used but never assigned in __init__"}, "properties": {"repobilityId": 79960, "scanner": "repobility-ast-engine", "fingerprint": "ca2ed43729dce336df2464c283bad4c3494ad59f73493247c80f81aa6de2da52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca2ed43729dce336df2464c283bad4c3494ad59f73493247c80f81aa6de2da52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/micd.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.callback` used but never assigned in __init__"}, "properties": {"repobilityId": 79959, "scanner": "repobility-ast-engine", "fingerprint": "3d1f7d800a11ea2dc68d0f79986d614627a37ab4d7458133d4d1c6e885d96dda", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d1f7d800a11ea2dc68d0f79986d614627a37ab4d7458133d4d1c6e885d96dda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/micd.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 79958, "scanner": "repobility-ast-engine", "fingerprint": "269af8a6a046aa2f7aeab7e6d20b6629cd7dfe8df18f98b54e8387b812885235", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|269af8a6a046aa2f7aeab7e6d20b6629cd7dfe8df18f98b54e8387b812885235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/statsd.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 79957, "scanner": "repobility-ast-engine", "fingerprint": "f22c8fd5d758abf32391505b14289531f95cc7949dba402db16821a1048a8091", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f22c8fd5d758abf32391505b14289531f95cc7949dba402db16821a1048a8091"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/statsd.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.connect` used but never assigned in __init__"}, "properties": {"repobilityId": 79956, "scanner": "repobility-ast-engine", "fingerprint": "2564082f018e2cad053bf2eeec50b02babd646b5cfa5c4ea9613fa7a2482d82a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2564082f018e2cad053bf2eeec50b02babd646b5cfa5c4ea9613fa7a2482d82a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/statsd.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 80192, "scanner": "gitleaks", "fingerprint": "72d562c0f4ef1aa6f734017dceed6c393b1ea4d76893f5fd70da5029b552cf50", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|system/hardware/tici/id_rsa|1|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/tici/id_rsa"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED102", "level": "error", "message": {"text": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command injection. An attacker controlling any interpolated value can execute arbitrary shell commands."}, "properties": {"repobilityId": 80170, "scanner": "repobility-threat-engine", "fingerprint": "a331cae8b156c25ebdb6ee8be3a43ef18ea3c1f1e8526ed12f2f9f5fec8748ca", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "shell-injection-format", "owasp": "A03:2021", "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 1, "observations_count": 175, "ai_coder_pattern_id": 11}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a331cae8b156c25ebdb6ee8be3a43ef18ea3c1f1e8526ed12f2f9f5fec8748ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/timed.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 80152, "scanner": "repobility-threat-engine", "fingerprint": "c12cdda95a0dcd276b35a317ca2db62d504efbaea225e3cd01ae03796669e9d9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c12cdda95a0dcd276b35a317ca2db62d504efbaea225e3cd01ae03796669e9d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/get_model_metadata.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 80151, "scanner": "repobility-threat-engine", "fingerprint": "4a668b4ede014c56d0797fcd693f020a33ab57195d0c5b450f4b3641c8fea135", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4a668b4ede014c56d0797fcd693f020a33ab57195d0c5b450f4b3641c8fea135"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/dmonitoringmodeld.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 80147, "scanner": "repobility-threat-engine", "fingerprint": "29c5e53ec8d0097ff87563c6675f768646ffff7123df001a27d324307a789eaf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|29c5e53ec8d0097ff87563c6675f768646ffff7123df001a27d324307a789eaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/get_model_metadata.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 80146, "scanner": "repobility-threat-engine", "fingerprint": "ee24408d3ba6ca4dbdf203bfebf7f0c5ec7987367bf82a21ca3b690999e3a4a1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ee24408d3ba6ca4dbdf203bfebf7f0c5ec7987367bf82a21ca3b690999e3a4a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/dmonitoringmodeld.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 80145, "scanner": "repobility-threat-engine", "fingerprint": "80caf8bb6ba2b2ba424723f315fd7aebb49f99b1586569afde18bf5faad40df7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|80caf8bb6ba2b2ba424723f315fd7aebb49f99b1586569afde18bf5faad40df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/print_docs_diff.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 80144, "scanner": "repobility-threat-engine", "fingerprint": "b701896aa8313d5cef53139d652de1e8f6026c388811b17b3dc300c44808687f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b701896aa8313d5cef53139d652de1e8f6026c388811b17b3dc300c44808687f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/get_model_metadata.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 80143, "scanner": "repobility-threat-engine", "fingerprint": "51fe843a4576df0c5e8393e4a0d8f90137666ebdb2e0e4d1df1310a987ec47e2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|51fe843a4576df0c5e8393e4a0d8f90137666ebdb2e0e4d1df1310a987ec47e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/modeld/dmonitoringmodeld.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 80142, "scanner": "repobility-threat-engine", "fingerprint": "bc183e5a946b0b5581fba3e4838dbf47c7bd26987344255f3073e02ace253bdf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bc183e5a946b0b5581fba3e4838dbf47c7bd26987344255f3073e02ace253bdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/print_docs_diff.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CI_ARTIFACTS_DEPLOY_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 80067, "scanner": "repobility-supply-chain", "fingerprint": "9eb4c066829b96b5be5184e1b3768a2f5390dac1e8c51aa52f9bc31560fd0e7c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9eb4c066829b96b5be5184e1b3768a2f5390dac1e8c51aa52f9bc31560fd0e7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yaml"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.OPENPILOT_DOCS_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 80057, "scanner": "repobility-supply-chain", "fingerprint": "67dcabf0e7978cd5170c1931537ab8a6b0aeaf49dafa047c8145b45807212710", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67dcabf0e7978cd5170c1931537ab8a6b0aeaf49dafa047c8145b45807212710"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `platform` used but not imported"}, "properties": {"repobilityId": 80039, "scanner": "repobility-ast-engine", "fingerprint": "316d7b3c72636f3756f985c8bc244cf37b8adc51372fe0b0af35d65c32971486", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|316d7b3c72636f3756f985c8bc244cf37b8adc51372fe0b0af35d65c32971486"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/cabana/dbc/generate_dbc_json.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `http` used but not imported"}, "properties": {"repobilityId": 80038, "scanner": "repobility-ast-engine", "fingerprint": "5e74d4cc51159a2021ed0af2e689f84b98f3d57c63d2f9d09295491d51313283", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e74d4cc51159a2021ed0af2e689f84b98f3d57c63d2f9d09295491d51313283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/hardware/tici/lpa.py"}, "region": {"startLine": 418}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 80034, "scanner": "repobility-ast-engine", "fingerprint": "cf223cdb3a627ad29e26b95c5fcacfa798d2ed359661528d15cce2d9e28cf1bf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf223cdb3a627ad29e26b95c5fcacfa798d2ed359661528d15cce2d9e28cf1bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/loggerd/uploader.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `struct` used but not imported"}, "properties": {"repobilityId": 80029, "scanner": "repobility-ast-engine", "fingerprint": "f6777b2365fbc446a84b8aa8055ea72661a04abc3609b4ff663ba1089d8cc51a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6777b2365fbc446a84b8aa8055ea72661a04abc3609b4ff663ba1089d8cc51a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cereal/messaging/__init__.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 80010, "scanner": "repobility-ast-engine", "fingerprint": "b25ca9a87173f526a4585b63b99fc0d6fe035698f5937725318a2076bd6dd8f3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b25ca9a87173f526a4585b63b99fc0d6fe035698f5937725318a2076bd6dd8f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/ui/tests/diff/diff.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 79997, "scanner": "repobility-ast-engine", "fingerprint": "23e96867f027f08f8bc44bd208deacef78a64d9bf9377187f13d1bdc540f55f0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23e96867f027f08f8bc44bd208deacef78a64d9bf9377187f13d1bdc540f55f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/process_replay/regen.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `struct` used but not imported"}, "properties": {"repobilityId": 79992, "scanner": "repobility-ast-engine", "fingerprint": "c0d6cbd5e020cc8b11dd7cefa35c141ccbeee538a7298956c5970c41a565756f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0d6cbd5e020cc8b11dd7cefa35c141ccbeee538a7298956c5970c41a565756f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/test/fuzzy_generation.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `platform` used but not imported"}, "properties": {"repobilityId": 79991, "scanner": "repobility-ast-engine", "fingerprint": "9d2056122b5b119fd9e502153c865d222d5bf8dd7ceed010fefab80c6ec83e59", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d2056122b5b119fd9e502153c865d222d5bf8dd7ceed010fefab80c6ec83e59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "selfdrive/debug/print_flags.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 79962, "scanner": "repobility-ast-engine", "fingerprint": "359c548f74a10f7d3fd75b525db8883a2ee4d729e56afbb91948c6b71fa3953f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|359c548f74a10f7d3fd75b525db8883a2ee4d729e56afbb91948c6b71fa3953f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "system/proclogd.py"}, "region": {"startLine": 87}}}]}]}]}