{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `rapidfuzz` has no version pin: Unpinned pip requirement means every fresh install may reso", "shortDescription": {"text": "[MINED124] requirements.txt: `rapidfuzz` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible ins"}, "fullDescription": {"text": "Replace `rapidfuzz` with `rapidfuzz==` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE "}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /tool-list-editor/conf"}, "fullDescription": {"text": "Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 8.2% of discovered routes show nearby authenticatio", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 8.2% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `app` image uses the latest tag", "shortDescription": {"text": "Compose service `app` image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "Copy dependency manifests first, install dependencies in a cached layer, then copy the rest of the source tree."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every :\n link\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC125", "name": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeh", "shortDescription": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim "}, "fullDescription": {"text": "Replace with env lookup: `API_KEY = os.environ['SERVICE_API_KEY']`. Move actual key to a secret manager. Add a startup check that the env var is non-empty so missing config fails loudly instead of shipping the placeholder."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `action` has cognitive complexity 22 (SonarSource scale). Cognitive comple", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `action` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all we"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 22."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 13 more): Same pattern found in 13 additional files", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios ", "shortDescription": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 2 more): Same pattern found in 2 a", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[SEC084] JS: require() with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 34 more): Same pattern found in 34 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 34 more): Same pattern found in 34 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 24 more): Same pattern found in 24 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 115 more): Same pattern found in 115 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 115 more): Same pattern found in 115 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 9 more): Same pattern found in 9 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/es/Syste", "shortDescription": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/es/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDo"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha> # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED130", "name": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for", "shortDescription": {"text": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for `node_modules/asynckit` is `https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz...` \u2014 host `registry.npmmirror"}, "fullDescription": {"text": "Verify the host is intentional. If your org uses a private registry, add it to your scanner's allowlist (CANONICAL_NPM_HOSTS). Otherwise, regenerate the lockfile against the canonical registry."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `node:20-alpine` not pinned by digest: `FROM node:20-alpine` resolves the tag at build time. ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `node:20-alpine` not pinned by digest: `FROM node:20-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images "}, "fullDescription": {"text": "Replace with: `FROM node:20-alpine@sha256:`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED113", "name": "[MINED113] Express DELETE /tool-list-editor/config/:configName has no auth: Express route DELETE /tool-list-editor/confi", "shortDescription": {"text": "[MINED113] Express DELETE /tool-list-editor/config/:configName has no auth: Express route DELETE /tool-list-editor/config/:configName declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on u"}, "fullDescription": {"text": "Add an auth middleware: app.delete('/tool-list-editor/config/:configName', requireAuth, handler) \u2014 or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._start_mcpo_server` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` r", "shortDescription": {"text": "[MINED108] `self._start_mcpo_server` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._start_mcpo_server`, but no assignment to it exists in __init__ (and no class-level fallback). This raises At"}, "fullDescription": {"text": "Initialize `self._start_mcpo_server = ` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /task-assistant/tasks/:task"}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC025", "name": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand externa", "shortDescription": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure a"}, "fullDescription": {"text": "Set XmlResolver = null on XmlDocument before Load. On XmlReader, pass XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null }. Prefer XDocument / XElement which don't expand external entities by default."}, "properties": {"scanner": "repobility-threat-engine", "category": "xxe", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED031", "name": "[MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render.", "shortDescription": {"text": "[MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.DOCKERHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.DOCKERHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DOCKERHUB_TOKEN }` lets a PR from any fork exfiltrate the se"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED114", "name": "[MINED114] Admin endpoint without auth: POST /admin_api/config/main/reload-notify: Express route on /admin path (/admin_", "shortDescription": {"text": "[MINED114] Admin endpoint without auth: POST /admin_api/config/main/reload-notify: Express route on /admin path (/admin_api/config/main/reload-notify) with no auth middleware."}, "fullDescription": {"text": "Add an auth middleware: app.post('/admin_api/config/main/reload-notify', requireAuth, handler) \u2014 or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "critical", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `", "shortDescription": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import warnings` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN001", "name": "Token handoff appears to use a callback URL or fragment", "shortDescription": {"text": "Token handoff appears to use a callback URL or fragment"}, "fullDescription": {"text": "Use a server-side one-time authorization code tied to a registered callback allowlist. Do not append access tokens to callback URLs or fragments."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1255"}, "properties": {"repository": "lioensky/VCPToolBox", "repoUrl": "https://github.com/lioensky/VCPToolBox", "branch": "main"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `rapidfuzz` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126734, "scanner": "repobility-supply-chain", "fingerprint": "dab510079c965faa71e8dbcc851f7bc65f2696fc23e3af11e288d6046d17e8dd", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dab510079c965faa71e8dbcc851f7bc65f2696fc23e3af11e288d6046d17e8dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ArtistMatcher/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126732, "scanner": "repobility-supply-chain", "fingerprint": "468b05d29deabe104e1e43ef90ca067c7487b1f9d3ff33ce2c19a98a8650346a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|468b05d29deabe104e1e43ef90ca067c7487b1f9d3ff33ce2c19a98a8650346a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SciCalculator/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `scipy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126731, "scanner": "repobility-supply-chain", "fingerprint": "4bf8472a141fe812be274b36ac05e87a188714b624868d1966ac56447343d9d1", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4bf8472a141fe812be274b36ac05e87a188714b624868d1966ac56447343d9d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SciCalculator/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sympy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126730, "scanner": "repobility-supply-chain", "fingerprint": "2e688baf732c09b323dd2cc8df1d4854ecc9574bfd32115a0c45583d867e6ced", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2e688baf732c09b323dd2cc8df1d4854ecc9574bfd32115a0c45583d867e6ced"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SciCalculator/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `mcpo` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126729, "scanner": "repobility-supply-chain", "fingerprint": "42bb61e4d5e0f0076ddee285d564a0eacca8d8fc3f8b2735936f23f017bbde07", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|42bb61e4d5e0f0076ddee285d564a0eacca8d8fc3f8b2735936f23f017bbde07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `apscheduler` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126727, "scanner": "repobility-supply-chain", "fingerprint": "9a2f9dadef21c93685c9d2f25348c6316c63bab891a97cf66734adb502df3315", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a2f9dadef21c93685c9d2f25348c6316c63bab891a97cf66734adb502df3315"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TencentCOSBackup/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `aiofiles` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126726, "scanner": "repobility-supply-chain", "fingerprint": "6eb0f36116933c695a005952a865fbcc8b22f8a8533ea73b048ecb75928a58df", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6eb0f36116933c695a005952a865fbcc8b22f8a8533ea73b048ecb75928a58df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TencentCOSBackup/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `yfinance` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126725, "scanner": "repobility-supply-chain", "fingerprint": "24a458a8b6cac235552b5f226019ee49b5dfaf392174e75cb4ece9614e6ee5ad", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|24a458a8b6cac235552b5f226019ee49b5dfaf392174e75cb4ece9614e6ee5ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `win10toast` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126723, "scanner": "repobility-supply-chain", "fingerprint": "7213ee997d1b64ea58b5db50e23eb6521f3c6ed68ffd50f77ad2188a1f4be338", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7213ee997d1b64ea58b5db50e23eb6521f3c6ed68ffd50f77ad2188a1f4be338"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `skyfield` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126722, "scanner": "repobility-supply-chain", "fingerprint": "d0249bfa5ab3580f056097df246a4a45af0d786d5d51e607ae985510a783287a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d0249bfa5ab3580f056097df246a4a45af0d786d5d51e607ae985510a783287a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `mcpo` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126721, "scanner": "repobility-supply-chain", "fingerprint": "3e8510ccf389e3ea2430f5d786266f6d54e00c4ce12e50e3b78d5b7ac1832a67", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e8510ccf389e3ea2430f5d786266f6d54e00c4ce12e50e3b78d5b7ac1832a67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126720, "scanner": "repobility-supply-chain", "fingerprint": "83b08addee6f1e811bc5eb99b7c541f51bf8131fe633ea2692ba12b747904ff7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|83b08addee6f1e811bc5eb99b7c541f51bf8131fe633ea2692ba12b747904ff7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `scipy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126719, "scanner": "repobility-supply-chain", "fingerprint": "f6aa422f7f618000b7d88b1394ae45afc6bbf669af862158d1d3ecfcae8cc885", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6aa422f7f618000b7d88b1394ae45afc6bbf669af862158d1d3ecfcae8cc885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sympy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 126718, "scanner": "repobility-supply-chain", "fingerprint": "33685690cfd8f2d6a094f0521c2c4fc0cd2f35892ebb73c1de6f67609c0cb2e0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|33685690cfd8f2d6a094f0521c2c4fc0cd2f35892ebb73c1de6f67609c0cb2e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126683, "scanner": "repobility-ast-engine", "fingerprint": "c35207ee46801b0adac488cf43fff09824a3791ba6d3c8641f0174b745161b65", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c35207ee46801b0adac488cf43fff09824a3791ba6d3c8641f0174b745161b65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PyScreenshot/screenshot.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126682, "scanner": "repobility-ast-engine", "fingerprint": "15fb402a487865efa63a2cdb45b4bc9bd1d477c2df097ad0e04124efba3e028c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|15fb402a487865efa63a2cdb45b4bc9bd1d477c2df097ad0e04124efba3e028c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PyScreenshot/screenshot.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126681, "scanner": "repobility-ast-engine", "fingerprint": "47e909cc549a3376e59adce45ff1d6dfc46c456a085b7add70c2c7caf0cfc003", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47e909cc549a3376e59adce45ff1d6dfc46c456a085b7add70c2c7caf0cfc003"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/XiaohongshuFetch/XiaohongshuFetch.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126679, "scanner": "repobility-ast-engine", "fingerprint": "cfa01d327720903516df541b311ba84093d39bec2c49af0647bfe753a71bcf31", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfa01d327720903516df541b311ba84093d39bec2c49af0647bfe753a71bcf31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 453}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126678, "scanner": "repobility-ast-engine", "fingerprint": "5ac524fb5890d99bf8d0d289242c2e49d101550e0337fd0d51b185df0e0ccf78", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ac524fb5890d99bf8d0d289242c2e49d101550e0337fd0d51b185df0e0ccf78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 791}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126677, "scanner": "repobility-ast-engine", "fingerprint": "d36535f7798574b8ff631c82355c16d8345621efcaec327753ca1844a08004bd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d36535f7798574b8ff631c82355c16d8345621efcaec327753ca1844a08004bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 855}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126676, "scanner": "repobility-ast-engine", "fingerprint": "c78490c86f616508aba560a796d8b9df3fc4feb81028d3bdd9d7a77d2580ba89", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c78490c86f616508aba560a796d8b9df3fc4feb81028d3bdd9d7a77d2580ba89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 803}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126675, "scanner": "repobility-ast-engine", "fingerprint": "fe7ffbc1b86d5c10a4980f16d3d30647552ea043b8c39d1b1a62ff5b92ed8a32", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe7ffbc1b86d5c10a4980f16d3d30647552ea043b8c39d1b1a62ff5b92ed8a32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 765}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126674, "scanner": "repobility-ast-engine", "fingerprint": "5375a986667a032db1eaa3094428370d399e55aa70a2afa7da7a5efb1196a4f5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5375a986667a032db1eaa3094428370d399e55aa70a2afa7da7a5efb1196a4f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 698}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126673, "scanner": "repobility-ast-engine", "fingerprint": "d7ed8a0510b0160fcb8b8fda394f6a6bd787a756fd9e19b897572415e80cafeb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7ed8a0510b0160fcb8b8fda394f6a6bd787a756fd9e19b897572415e80cafeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 674}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126672, "scanner": "repobility-ast-engine", "fingerprint": "4d8058012521eac98c9468da300f25ee48c6049a676ce22accb208b1038acb25", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d8058012521eac98c9468da300f25ee48c6049a676ce22accb208b1038acb25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 523}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126671, "scanner": "repobility-ast-engine", "fingerprint": "e08a0a7152f114e0b751025a92a1233d0057140abe1520261f57286529d2edbd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e08a0a7152f114e0b751025a92a1233d0057140abe1520261f57286529d2edbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 498}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126670, "scanner": "repobility-ast-engine", "fingerprint": "6dabdba1477cb36dafa36ab528d39a779324c4310144fbd559f3803cfc3b84dd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6dabdba1477cb36dafa36ab528d39a779324c4310144fbd559f3803cfc3b84dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126669, "scanner": "repobility-ast-engine", "fingerprint": "6841166a2b88cef83e5cd9bfbce855deb1fd625b541e7cdaf0ba54daa8f08c32", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6841166a2b88cef83e5cd9bfbce855deb1fd625b541e7cdaf0ba54daa8f08c32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126668, "scanner": "repobility-ast-engine", "fingerprint": "94fc20645a155884725f5a2e8f8999ef1841adbcbebea4032aa2c137304038d0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94fc20645a155884725f5a2e8f8999ef1841adbcbebea4032aa2c137304038d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 915}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126647, "scanner": "repobility-ast-engine", "fingerprint": "eedf84f3b323b70488bb8fb8c8506112c8ba2c4476432e73e1d9848d5e8cef7c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eedf84f3b323b70488bb8fb8c8506112c8ba2c4476432e73e1d9848d5e8cef7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TencentCOSBackup/cos_handler.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126641, "scanner": "repobility-ast-engine", "fingerprint": "2cc247d43e7e17fbe072c8cf9d6d38b229a30e8c6dcb2ba314d648e4528cfc6c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2cc247d43e7e17fbe072c8cf9d6d38b229a30e8c6dcb2ba314d648e4528cfc6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital_oracle_vcp.py"}, "region": {"startLine": 625}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126640, "scanner": "repobility-ast-engine", "fingerprint": "ae41215fb1073853666a363e81a71f2e215f09b728423a5c85ede2c5435e0648", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae41215fb1073853666a363e81a71f2e215f09b728423a5c85ede2c5435e0648"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital_oracle_vcp.py"}, "region": {"startLine": 734}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126639, "scanner": "repobility-ast-engine", "fingerprint": "09207b6d9556a47d3a9bc733ff8b605bf8163dd4b22cb2e95675ba7f7e2547f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09207b6d9556a47d3a9bc733ff8b605bf8163dd4b22cb2e95675ba7f7e2547f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/timeline\u6574\u7406\u5668.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126638, "scanner": "repobility-ast-engine", "fingerprint": "469079146ccd16a295b4d41f5a4241d7e53c6956c623d3c5ce58014d5aafb777", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|469079146ccd16a295b4d41f5a4241d7e53c6956c623d3c5ce58014d5aafb777"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "WinNotify.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126637, "scanner": "repobility-ast-engine", "fingerprint": "f3e6ca476db09d9a91e355dc5e8033e8990099e7cb3529cf7dd963c97cab33ec", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3e6ca476db09d9a91e355dc5e8033e8990099e7cb3529cf7dd963c97cab33ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "WinNotify.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126636, "scanner": "repobility-ast-engine", "fingerprint": "ef7748b9283e79d23ef14e6f8e2d6af722fa755d226bf8e2a292de96a9314f37", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef7748b9283e79d23ef14e6f8e2d6af722fa755d226bf8e2a292de96a9314f37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "WinNotify.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126635, "scanner": "repobility-ast-engine", "fingerprint": "ba1a82a08a6ec37e3468131126c4458431edc5fc3c92f61d83c2e277d0b68943", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba1a82a08a6ec37e3468131126c4458431edc5fc3c92f61d83c2e277d0b68943"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LinuxNotify.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126634, "scanner": "repobility-ast-engine", "fingerprint": "a31e91d753ca9b75769585d24ee9b5cd620ec9ce67f0353bf42e83a23c09f95b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a31e91d753ca9b75769585d24ee9b5cd620ec9ce67f0353bf42e83a23c09f95b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LinuxNotify.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126633, "scanner": "repobility-ast-engine", "fingerprint": "a7ef6dcc9c262255fa2723ac5b580816101300791fdfd0346f83c6fda3ffe12f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7ef6dcc9c262255fa2723ac5b580816101300791fdfd0346f83c6fda3ffe12f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LinuxNotify.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 126631, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 126630, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126626, "scanner": "repobility-journey-contract", "fingerprint": "7e79fe216d7230bdc394f437ad5483be2e8e7cd397a42728ea3cff6b9d8b0836", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/log", "correlation_key": "fp|7e79fe216d7230bdc394f437ad5483be2e8e7cd397a42728ea3cff6b9d8b0836", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/newapiMonitor.js"}, "region": {"startLine": 196}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126625, "scanner": "repobility-journey-contract", "fingerprint": "aeda4b68317d3d2ffa4d6263d6d4f2a9aec1c262f698e344f5fd96d4916037dc", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/log/stat", "correlation_key": "fp|aeda4b68317d3d2ffa4d6263d6d4f2a9aec1c262f698e344f5fd96d4916037dc", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/newapiMonitor.js"}, "region": {"startLine": 181}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126624, "scanner": "repobility-journey-contract", "fingerprint": "3bc7f94e7e7d203960f31d3dfa3f9d23c5b4fa8b3f8091949f5ae341ba2f3529", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/data", "correlation_key": "fp|3bc7f94e7e7d203960f31d3dfa3f9d23c5b4fa8b3f8091949f5ae341ba2f3529", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/newapiMonitor.js"}, "region": {"startLine": 163}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126623, "scanner": "repobility-journey-contract", "fingerprint": "5e02a52eaac92de9f84ad4721eb39f4f3784c11c96d3ed53760a737cc859ee57", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/plugins/{param}", "correlation_key": "fp|5e02a52eaac92de9f84ad4721eb39f4f3784c11c96d3ed53760a737cc859ee57", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin.js"}, "region": {"startLine": 1432}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126622, "scanner": "repobility-journey-contract", "fingerprint": "4c7b240285128bbcc98b98acfa207eae7bffaf4080a4188d579bfcfea04b96e5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/...", "correlation_key": "fp|4c7b240285128bbcc98b98acfa207eae7bffaf4080a4188d579bfcfea04b96e5", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/XiaohongshuFetch/sign_server.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126621, "scanner": "repobility-journey-contract", "fingerprint": "76d6a1498eb50094ffcfd4fd38a511fb64f486d78023f772b6977d40187eabf9", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/posts/unread", "correlation_key": "fp|76d6a1498eb50094ffcfd4fd38a511fb64f486d78023f772b6977d40187eabf9", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPForumOnlinePatrol/patrol.js"}, "region": {"startLine": 253}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126620, "scanner": "repobility-journey-contract", "fingerprint": "0c923b13a8b02a47b1d9dd251ee6b42c50ca85e088be2b77feae4435b8c0493f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/posts/unread", "correlation_key": "fp|0c923b13a8b02a47b1d9dd251ee6b42c50ca85e088be2b77feae4435b8c0493f", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPForumOnline/VCPForumOnline.js"}, "region": {"startLine": 1197}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126619, "scanner": "repobility-journey-contract", "fingerprint": "c043838dba26301efbe27c7f7f8ac38a77306f8d18e32788325d401b811babe0", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v3/models", "correlation_key": "fp|c043838dba26301efbe27c7f7f8ac38a77306f8d18e32788325d401b811babe0", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DoubaoGen/DoubaoGen.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126618, "scanner": "repobility-journey-contract", "fingerprint": "56952866d5d6233c531176ec9b8e4dc530f6866c310e4456bd65db7b5b3f9787", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v3/images/generations", "correlation_key": "fp|56952866d5d6233c531176ec9b8e4dc530f6866c310e4456bd65db7b5b3f9787", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DoubaoGen/DoubaoGen.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 126617, "scanner": "repobility-journey-contract", "fingerprint": "31745a351694cd0e4521f3e828a5da5508f4071eda7493f68215618544c64ae7", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/prompt", "correlation_key": "fp|31745a351694cd0e4521f3e828a5da5508f4071eda7493f68215618544c64ae7", "backend_endpoint_count": 158}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ComfyCloudGen/ComfyCloudNetwork.js"}, "region": {"startLine": 49}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 126616, "scanner": "repobility-journey-contract", "fingerprint": "f8fe6c457d9a4ccbfd23b6b7e77e84550b3238f85d69a0aba5f0471aa7286bb4", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|279|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DailyNotePanel/frontend/script.js"}, "region": {"startLine": 279}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /schedules/:id."}, "properties": {"repobilityId": 126614, "scanner": "repobility-access-control", "fingerprint": "9b065c03ccc8dafcb5f0d9faacd34fbe87d1632ca69107679140f345be14272d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/schedules/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/admin/schedules.js|43|auc009", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/schedules.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /final-context."}, "properties": {"repobilityId": 126613, "scanner": "repobility-access-control", "fingerprint": "5d7d357ad6286b28df0384d8f8d3166cc51699291da2287cd20b50461341c369", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/final-context", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|53|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/finalContext.js"}, "region": {"startLine": 53}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /tool-list-editor/check-file/:fileName."}, "properties": {"repobilityId": 126612, "scanner": "repobility-access-control", "fingerprint": "2305deb1986c0cbb0e11ba723233dbcf6ebd32afd17a6691ecc78863c515440b", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/tool-list-editor/check-file/:fileName", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|210|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/toolListEditor.js"}, "region": {"startLine": 210}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /presets/:name."}, "properties": {"repobilityId": 126611, "scanner": "repobility-access-control", "fingerprint": "b9cd0138fcf9d7db61a512217284307478e83f8596df86509cc521852d3f68d7", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/presets/:name", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|622|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPTavern/VCPTavern.js"}, "region": {"startLine": 622}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /presets/:name."}, "properties": {"repobilityId": 126610, "scanner": "repobility-access-control", "fingerprint": "b26b927cb787f6aba91993f19108f657f5dfa85ace4bbd3c4fd4cf4e279b9e0f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/presets/:name", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|603|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPTavern/VCPTavern.js"}, "region": {"startLine": 603}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /presets/:name."}, "properties": {"repobilityId": 126609, "scanner": "repobility-access-control", "fingerprint": "9621b205f3501baff015e6c7f370ea91a72bd00fe06c8344a2b8bf9ebe8449e0", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/presets/:name", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|593|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPTavern/VCPTavern.js"}, "region": {"startLine": 593}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /associative-discovery."}, "properties": {"repobilityId": 126608, "scanner": "repobility-access-control", "fingerprint": "cff52bdfc7533292b964478575d9cfb19e0e14100e4b5efec5a5ff84d821cc02", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/associative-discovery", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/dailynotesroutes.js|907|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/dailyNotesRoutes.js"}, "region": {"startLine": 907}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /delete-batch."}, "properties": {"repobilityId": 126607, "scanner": "repobility-access-control", "fingerprint": "efc6a86dc2e87b109fc43bbddd7fea03daf81fa603c1aa8565e7547c21d77922", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/delete-batch", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/dailynotesroutes.js|847|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/dailyNotesRoutes.js"}, "region": {"startLine": 847}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /post/:uid."}, "properties": {"repobilityId": 126606, "scanner": "repobility-access-control", "fingerprint": "ab1b0fb487b297f7f1ec445b7d1e24f13d4aafccbc516c97d974b239aa5d5128", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/post/:uid", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/forumapi.js|440|auc009", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 440}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /v1/schedule_task."}, "properties": {"repobilityId": 126605, "scanner": "repobility-access-control", "fingerprint": "59e1ff963362b5ce66174021e030a0ff21686343a712f0847f4c1ebed2741dcf", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/schedule_task", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|server.js|957|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 957}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /tool-list-editor/configs."}, "properties": {"repobilityId": 126604, "scanner": "repobility-access-control", "fingerprint": "bb4311c2289b2588fef9a8a32ae10b38d7bb12f69cd3ba27b3b816fe750158c3", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/tool-list-editor/configs", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|119|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/toolListEditor.js"}, "region": {"startLine": 119}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /tool-list-editor/tools."}, "properties": {"repobilityId": 126603, "scanner": "repobility-access-control", "fingerprint": "0580eeb29ca1a2ff2ca61c004f1c0111d9aaa226b1474925e81df635ba9d6e2a", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/tool-list-editor/tools", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|109|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/toolListEditor.js"}, "region": {"startLine": 109}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /presets."}, "properties": {"repobilityId": 126602, "scanner": "repobility-access-control", "fingerprint": "1e8c366b3db9eaa80d8ea49d0fdc48cd7b219676698fd2334ed058a24d6c0f9a", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/presets", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|588|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPTavern/VCPTavern.js"}, "region": {"startLine": 588}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /security-status."}, "properties": {"repobilityId": 126601, "scanner": "repobility-access-control", "fingerprint": "d0f1af939e856220065e3ee06ce3a0664b94998f359ca80ce7c4ad155636004a", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/security-status", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|485|auc004", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ImageServer/image-server.js"}, "region": {"startLine": 485}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /admin/queue-status."}, "properties": {"repobilityId": 126600, "scanner": "repobility-access-control", "fingerprint": "1d4e4d4efe9ad521233064002012cb936451d67bb1b3b0effe4daa8023120f20", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/admin/queue-status", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/dailynotesroutes.js|628|auc004", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/dailyNotesRoutes.js"}, "region": {"startLine": 628}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /admin/lock-status."}, "properties": {"repobilityId": 126599, "scanner": "repobility-access-control", "fingerprint": "d9a6266e2418474f3270f18c48cd5a02cec1912b4e992c436b1be81885d6952e", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/admin/lock-status", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/forumapi.js|635|auc004", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 635}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /admin_api/server/lifecycle."}, "properties": {"repobilityId": 126598, "scanner": "repobility-access-control", "fingerprint": "74d9e2746050ad847d12ebb8b8b9c25d176e1495795245065f45c6435d32d20d", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/admin_api/server/lifecycle", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|server.js|1009|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 1009}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /admin_api/config/main/reload-notify."}, "properties": {"repobilityId": 126597, "scanner": "repobility-access-control", "fingerprint": "afa7c7cc7d6674166b15ad1525f85a8b74189d517f0d4964b5f832a037ab1b45", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/admin_api/config/main/reload-notify", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|adminserver.js|489|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adminServer.js"}, "region": {"startLine": 489}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /admin_api/server/restart."}, "properties": {"repobilityId": 126596, "scanner": "repobility-access-control", "fingerprint": "23c00c3c8b531d989ad84d2932e0a2b5647f79c9da9e84f97188daecbdc84aed", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/admin_api/server/restart", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|adminserver.js|319|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adminServer.js"}, "region": {"startLine": 319}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /."}, "properties": {"repobilityId": 126595, "scanner": "repobility-access-control", "fingerprint": "62669ee78e67894eb0d6cbc492e713f122d176e5cd0ae1291e373314b5a56721", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|adminserver.js|206|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adminServer.js"}, "region": {"startLine": 206}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 8.2% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 126584, "scanner": "repobility-access-control", "fingerprint": "ce6e3d063fba4131ae868b56461785aff80e3ff07a4da12225caf8d1456eb19f", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 158, "correlation_key": "fp|ce6e3d063fba4131ae868b56461785aff80e3ff07a4da12225caf8d1456eb19f", "auth_visible_percent": 8.2}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 126583, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `app` image uses the latest tag"}, "properties": {"repobilityId": 126580, "scanner": "repobility-docker", "fingerprint": "a8f0760c5147fce478496ac998b07ba65bf13503b5dd2b292dc75e67c6b7a9ea", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "lioensky/vcptoolbox:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a8f0760c5147fce478496ac998b07ba65bf13503b5dd2b292dc75e67c6b7a9ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126578, "scanner": "repobility-docker", "fingerprint": "28c52200c1b1152474da8e65991eb1f1f540462ab2d3d1c32aa755f855a45a85", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|28c52200c1b1152474da8e65991eb1f1f540462ab2d3d1c32aa755f855a45a85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 108}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 126577, "scanner": "repobility-docker", "fingerprint": "d2e5f5bad29728faa0ce2802175ca02d6fe34776ae74be34b5e0cf8747db98f6", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 70 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 70, "correlation_key": "fp|d2e5f5bad29728faa0ce2802175ca02d6fe34776ae74be34b5e0cf8747db98f6", "dependency_install_line": 77}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 77}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 126576, "scanner": "repobility-docker", "fingerprint": "207e28753ef2528e5b5aa3fbb7af9e39dad178c8c2e2cfbc895f49f22fc84f73", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|207e28753ef2528e5b5aa3fbb7af9e39dad178c8c2e2cfbc895f49f22fc84f73", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 70}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 126574, "scanner": "repobility-agent-runtime", "fingerprint": "d50de98e733cb427377ba4155c4b7ebbc4de508d9d3a414bd6644d2679540372", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d50de98e733cb427377ba4155c4b7ebbc4de508d9d3a414bd6644d2679540372"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/LinuxShellExecutor/README.md"}, "region": {"startLine": 540}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 126573, "scanner": "repobility-agent-runtime", "fingerprint": "9afc41036d6f199528b31bd72793fd1d29bd53778ca53d40e74cfef4e1d4e951", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9afc41036d6f199528b31bd72793fd1d29bd53778ca53d40e74cfef4e1d4e951"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/BilibiliFetch/BilibiliFetch.py"}, "region": {"startLine": 490}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 126572, "scanner": "repobility-agent-runtime", "fingerprint": "fdb7f3ecf68b69861d30a2d23c325c7c2b1df065f19631874eec2cddcaff9dfc", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|fdb7f3ecf68b69861d30a2d23c325c7c2b1df065f19631874eec2cddcaff9dfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/components/DualPaneEditor.vue"}, "region": {"startLine": 157}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 126536, "scanner": "repobility-threat-engine", "fingerprint": "f16ce8418ed5ea88a2d8873d07b1afb98e613859dac9a8158ed60617fe511f90", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open('http://192.168.2.179:5890/AdminPanel/', '_blank')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|sillytavernsub/st - vcp-vcp .js|147|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "SillyTavernSub/ST\u6cb9\u7334\u63d2\u4ef6-\u9152\u9986VCP-VCP\u65f6\u949f.js"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 126535, "scanner": "repobility-threat-engine", "fingerprint": "fcbfd2d8f086009fac71ca8ea4a5c5137c96863ab99e3fdaea6278a360f6ccbf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'YOUR_API_KEY_HERE'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fcbfd2d8f086009fac71ca8ea4a5c5137c96863ab99e3fdaea6278a360f6ccbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/WebUIGen/WebUIGen.mjs"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 126533, "scanner": "repobility-threat-engine", "fingerprint": "0d89bb4502fb48c798d6df88a27fc3c5227d248479d395d2e7f64d9829ca054d", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|55|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-xlsx/scripts/xlsx_unpack.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 126510, "scanner": "repobility-threat-engine", "fingerprint": "740e96f0c41bbc1476e95aa6314500742dce83564eacea7b135da54b64fb5ca9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "} catch (e) {\n return true\n }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|740e96f0c41bbc1476e95aa6314500742dce83564eacea7b135da54b64fb5ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust-vexus-lite/index.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 126509, "scanner": "repobility-threat-engine", "fingerprint": "529011bc3e611716df3dee7bf3c5bb620efd1d5998bfda6010e09c6fce3003f0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n obj = json.loads(raw)\n except Exception:\n return None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|529011bc3e611716df3dee7bf3c5bb620efd1d5998bfda6010e09c6fce3003f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/JapaneseHelper/py_backend/dispatcher.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 126483, "scanner": "repobility-threat-engine", "fingerprint": "861c0d20abd5b034ce20b476e163216d17e62b08c300729306aea7102d0a4023", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * GEMINI_API_KEYS.length);\n return GEMINI_API_KEY", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|861c0d20abd5b034ce20b476e163216d17e62b08c300729306aea7102d0a4023"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/GeminiImageGen/GeminiImageGen.mjs"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 126482, "scanner": "repobility-threat-engine", "fingerprint": "ee5eac8ebe849ab3a9bebfaef0629bb71c0decbc8f80d350588acae510c461bf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * GEMINI_API_KEYS.length);\n return GEMINI_API_KEY", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ee5eac8ebe849ab3a9bebfaef0629bb71c0decbc8f80d350588acae510c461bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/GeminiImageGen/GeminiImageGen.js"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 126481, "scanner": "repobility-threat-engine", "fingerprint": "91defaff9e0567eb4962b92910087360a3ed9953c67b17d43bd81522d2f11678", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * apiKey", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|91defaff9e0567eb4962b92910087360a3ed9953c67b17d43bd81522d2f11678"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/AnySearch/AnySearch.js"}, "region": {"startLine": 239}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 126480, "scanner": "repobility-threat-engine", "fingerprint": "92941c417ab6e0d09637846898287576db07280d2ac98b9421b5151e7874fc6b", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "apiKey = ", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|79|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TavilySearch/TavilySearch.js"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 126479, "scanner": "repobility-threat-engine", "fingerprint": "59e918de19064dfd3b64332f2a599fa7121da1d0f92e476f2be2c637678bebb9", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "Math.random() * keyArray", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|15|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SerpSearch/SerpSearch.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 126478, "scanner": "repobility-threat-engine", "fingerprint": "6f9758a550270e303a577b2c0d055b1da504a82f133863419d0a76faa540151c", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "Math.random() * apiKeys", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|239|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/AnySearch/AnySearch.js"}, "region": {"startLine": 239}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `action` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, for=2, if=12, nested_bonus=6, or=1."}, "properties": {"repobilityId": 126463, "scanner": "repobility-threat-engine", "fingerprint": "f7e521f547cba78d33b434ba637e4cf2d2b47d6f78b1c5763aebbaad4061b064", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 22 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "action", "breakdown": {"if": 12, "or": 1, "for": 2, "break": 1, "nested_bonus": 6}, "complexity": 22, "correlation_key": "fp|f7e521f547cba78d33b434ba637e4cf2d2b47d6f78b1c5763aebbaad4061b064"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "OpenWebUISub/openwebui_html_auto_render/html_live_preview_0.3.0.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `on_message` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, except=2, if=5, nested_bonus=9."}, "properties": {"repobilityId": 126462, "scanner": "repobility-threat-engine", "fingerprint": "743f7cbb220d837bed5607208d9f5bac5e522b70841db705416e932477a0183a", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 19 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "on_message", "breakdown": {"if": 5, "elif": 1, "else": 2, "except": 2, "nested_bonus": 9}, "complexity": 19, "correlation_key": "fp|743f7cbb220d837bed5607208d9f5bac5e522b70841db705416e932477a0183a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LinuxNotify.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 126461, "scanner": "repobility-threat-engine", "fingerprint": "542b6905199ac768810f288f2e7863e79a8bd70c7c8442e0492bfb96846736db", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|542b6905199ac768810f288f2e7863e79a8bd70c7c8442e0492bfb96846736db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-xlsx/scripts/xlsx_insert_row.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 126460, "scanner": "repobility-threat-engine", "fingerprint": "1ea5ed31b1a1dc0af5cfe8f9b7b51c9c94f7d1850aa693cc91d23c6f65aa9c5c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1ea5ed31b1a1dc0af5cfe8f9b7b51c9c94f7d1850aa693cc91d23c6f65aa9c5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SVCardFinder/card_finder.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 126459, "scanner": "repobility-threat-engine", "fingerprint": "cb2118d44db93f7f489deebe4081187f4b948efdf93dfe6fa64e779425021853", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cb2118d44db93f7f489deebe4081187f4b948efdf93dfe6fa64e779425021853"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LinuxNotify.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 126449, "scanner": "repobility-threat-engine", "fingerprint": "7dbae86e8ba9f23d76c3d227d90c5e3f171c914390b64f0fdbc39c30b30156f9", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (_) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7dbae86e8ba9f23d76c3d227d90c5e3f171c914390b64f0fdbc39c30b30156f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/IMAPIndex/storkapp_dailynote_pubmed/html_to_md.js"}, "region": {"startLine": 74}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 126448, "scanner": "repobility-threat-engine", "fingerprint": "55853be7d6d0dc3be6e6384f0dfe7bb20f330b554733d2499892b2abc212d4a5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|55853be7d6d0dc3be6e6384f0dfe7bb20f330b554733d2499892b2abc212d4a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/AnimeFinder/AnimeFinder.js"}, "region": {"startLine": 52}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 126447, "scanner": "repobility-threat-engine", "fingerprint": "d4085016bd24b838b2d6574952c881c888bca8a07f5e82223d05ed1998627c1c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) { }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d4085016bd24b838b2d6574952c881c888bca8a07f5e82223d05ed1998627c1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "FileFetcherServer.js"}, "region": {"startLine": 179}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 126417, "scanner": "repobility-threat-engine", "fingerprint": "c1362016b388e08deeca9f6c0d4a6f4fd9101f26b9849fa47eaae25b2359140b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|58|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ArxivDailyPapers/ArxivDailyPapers.js"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 126416, "scanner": "repobility-threat-engine", "fingerprint": "f9e8b5f0a0bca3798015476f58fae8b325ea6ee8628a7b90ebb40355ec662c19", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|openwebuisub/openwebui force html image renderer with lightbox.user.js|283|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "OpenWebUISub/OpenWebUI Force HTML Image Renderer with Lightbox.user.js"}, "region": {"startLine": 283}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 126415, "scanner": "repobility-threat-engine", "fingerprint": "d9481e6af2961ab2a643cbe139d450b6f4a2d9932f539ba7c2c0dc4bc5aac705", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|65|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/scripts/check-typography-guard.mjs"}, "region": {"startLine": 65}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 126632, "scanner": "repobility-web-presence", "fingerprint": "db5c174a784ae0945f7833ac90ab79fa10fb4bb030405ea373fcd182478ae83e", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|db5c174a784ae0945f7833ac90ab79fa10fb4bb030405ea373fcd182478ae83e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/BilibiliFetch/BilibiliFetch.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 126629, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 126628, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 126627, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 126582, "scanner": "repobility-docker", "fingerprint": "7f80983f54868d8bec198a3977b7dcbe8bfb5f2291356d590fb078148e91780d", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "app", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7f80983f54868d8bec198a3977b7dcbe8bfb5f2291356d590fb078148e91780d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 126581, "scanner": "repobility-docker", "fingerprint": "2ae03d2ca68f689d193058b7c353aabad57bc3d37942d6a7c1406762df909513", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "app", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2ae03d2ca68f689d193058b7c353aabad57bc3d37942d6a7c1406762df909513"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 126579, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126571, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6575f7947fe770d8d1d5bd2c7fb5d8150964af0de3f19cdefa6dbf0ae22a6482", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/PyCameraCapture/capture.py", "duplicate_line": 8, "correlation_key": "fp|6575f7947fe770d8d1d5bd2c7fb5d8150964af0de3f19cdefa6dbf0ae22a6482"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PyScreenshot/screenshot.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126570, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7321ea62ff594eec864d3ff55b8ed8d1fad58059890624ff600b8e3bfd29efaf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/ProjectAnalyst/AnalysisDelegate.js", "duplicate_line": 35, "correlation_key": "fp|7321ea62ff594eec864d3ff55b8ed8d1fad58059890624ff600b8e3bfd29efaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ProjectAnalyst/ProjectAnalyst.js"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126569, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9a0376ac17d0a65747837637fb4df1d50d1d9dcf6e651f5df2778eb17190e2e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/PaperReader/paperreader-rs/crates/paperreader-domain/src/invariants.rs", "duplicate_line": 285, "correlation_key": "fp|f9a0376ac17d0a65747837637fb4df1d50d1d9dcf6e651f5df2778eb17190e2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PaperReader/paperreader-rs/crates/paperreader-workspace/src/invariants.rs"}, "region": {"startLine": 287}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126568, "scanner": "repobility-ai-code-hygiene", "fingerprint": "566680e3d015b73359e6acb5faa072ff1a4a248b74e8d7deadcf8a3200ef2e39", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/PaperReader/paperreader-rs/crates/paperreader-corpus/src/lib.rs", "duplicate_line": 148, "correlation_key": "fp|566680e3d015b73359e6acb5faa072ff1a4a248b74e8d7deadcf8a3200ef2e39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PaperReader/paperreader-rs/crates/paperreader-reading/src/claim_tracer.rs"}, "region": {"startLine": 248}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126567, "scanner": "repobility-ai-code-hygiene", "fingerprint": "01905218333d537aa3f3fcf65a50f64f9d95dc06876b724b9c920f99946dfd97", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/PaperReader/paperreader-rs/crates/paperreader-api/src/lib.rs", "duplicate_line": 90, "correlation_key": "fp|01905218333d537aa3f3fcf65a50f64f9d95dc06876b724b9c920f99946dfd97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PaperReader/paperreader-rs/crates/paperreader-api/src/stdio_interface.rs"}, "region": {"startLine": 205}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126566, "scanner": "repobility-ai-code-hygiene", "fingerprint": "48458df139c6e8427034e3a44ac92dffb603fa085ce006edb87ebf971113c1d7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/LinuxLogMonitor/core/CallbackTrigger.js", "duplicate_line": 5, "correlation_key": "fp|48458df139c6e8427034e3a44ac92dffb603fa085ce006edb87ebf971113c1d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/LinuxShellExecutor/ssh/SSHManager.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126565, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4463f238717978bebfc94a0f3d78162be2984ab9d7b9bf0df4b33e89552a01fa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/LinuxLogMonitor/core/CallbackTrigger.js", "duplicate_line": 5, "correlation_key": "fp|4463f238717978bebfc94a0f3d78162be2984ab9d7b9bf0df4b33e89552a01fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/LinuxLogMonitor/core/MonitorTask.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126564, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ab8befeb7acd638a7d4d03028bfead8b5d906fb817aca687ba57d4b168c4179b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/JapaneseHelper/full_db_integration.py", "duplicate_line": 82, "correlation_key": "fp|ab8befeb7acd638a7d4d03028bfead8b5d906fb817aca687ba57d4b168c4179b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/JapaneseHelper/setup_database.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126563, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08f3c877543420c51f02877f8967ae7610c56303d1eaebc987f26b1a7e44828f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/IMAPIndex/storkapp_dailynote/html_to_md.js", "duplicate_line": 10, "correlation_key": "fp|08f3c877543420c51f02877f8967ae7610c56303d1eaebc987f26b1a7e44828f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/IMAPIndex/storkapp_dailynote_pubmed/html_to_md.js"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126562, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1504b57d4f583ecc26c70c68892630045788cc8cf06884c56e23b83a78a96274", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/IMAPIndex/storkapp_dailynote/extract_stork_links.js", "duplicate_line": 8, "correlation_key": "fp|1504b57d4f583ecc26c70c68892630045788cc8cf06884c56e23b83a78a96274"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/IMAPIndex/storkapp_dailynote_pubmed/extract_stork_links.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126561, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cfe0fa44b66dd8a57648ce6b5b3a35f0ad80f3f53b816753567ce653c7b76864", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/GitSearch/adapters/gitee.js", "duplicate_line": 28, "correlation_key": "fp|cfe0fa44b66dd8a57648ce6b5b3a35f0ad80f3f53b816753567ce653c7b76864"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/GitSearch/adapters/gitlab.js"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126560, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d669cd584134d0bff68bf94dfbed3f48b84019f0b396a2152d624635fed6df0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/GitSearch/adapters/gitee.js", "duplicate_line": 28, "correlation_key": "fp|2d669cd584134d0bff68bf94dfbed3f48b84019f0b396a2152d624635fed6df0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/GitSearch/adapters/github.js"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126559, "scanner": "repobility-ai-code-hygiene", "fingerprint": "36aca90b867607aa5c2e27c68ae65d836a412d70227fff26aefebaa97b68e351", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/providers/deribit.py", "duplicate_line": 78, "correlation_key": "fp|36aca90b867607aa5c2e27c68ae65d836a412d70227fff26aefebaa97b68e351"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/providers/polymarket.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126558, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55d8ec9a264a1462f504319fd9dfe91b9134c8cea33864653f10402c66ea72f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/__init__.py", "duplicate_line": 17, "correlation_key": "fp|55d8ec9a264a1462f504319fd9dfe91b9134c8cea33864653f10402c66ea72f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/providers/__init__.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126557, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b65dcca88e0458050e15926ffe631caf2df070ec3c77befc630847d9934a2d31", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/DailyNote/dailynote.js", "duplicate_line": 802, "correlation_key": "fp|b65dcca88e0458050e15926ffe631caf2df070ec3c77befc630847d9934a2d31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DailyNoteWrite/daily-note-write.js"}, "region": {"startLine": 247}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126556, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f957f6f7493d856f97b37ccdd60fd87e92f6cb5d7c6ecb0603af64c13f9a6fb7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/CodeSearcher/src/src/main.rs", "duplicate_line": 81, "correlation_key": "fp|f957f6f7493d856f97b37ccdd60fd87e92f6cb5d7c6ecb0603af64c13f9a6fb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DailyNoteSearcher/src/src/main.rs"}, "region": {"startLine": 161}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126555, "scanner": "repobility-ai-code-hygiene", "fingerprint": "26812da28cb433633970fc2c5fccb4608963109d5b976d6a11d8ee8be64f0c80", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/DailyNote/dailynote.js", "duplicate_line": 19, "correlation_key": "fp|26812da28cb433633970fc2c5fccb4608963109d5b976d6a11d8ee8be64f0c80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DailyNoteManager/daily-note-manager.js"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126554, "scanner": "repobility-ai-code-hygiene", "fingerprint": "01e4343edbd6c7b33cffbf52aac6c9adc4f2a7f6d14f7cc78830a5da3067e811", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/CapturePreprocessor/CapturePreprocessor.js", "duplicate_line": 128, "correlation_key": "fp|01e4343edbd6c7b33cffbf52aac6c9adc4f2a7f6d14f7cc78830a5da3067e811"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ContextFoldingV2/ContextFoldingV2.js"}, "region": {"startLine": 432}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126553, "scanner": "repobility-ai-code-hygiene", "fingerprint": "679624ec5d04809359492787202ef9f344be8929dbcc3925eb5e26d9ff9b5311", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Plugin/AgentAssistant/AgentAssistant.js", "duplicate_line": 221, "correlation_key": "fp|679624ec5d04809359492787202ef9f344be8929dbcc3925eb5e26d9ff9b5311"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/AgentDream/AgentDream.js"}, "region": {"startLine": 505}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126552, "scanner": "repobility-ai-code-hygiene", "fingerprint": "faa411c28ecbfed5d02b2104d3a31c4cd949e738b36d61016ff108d09b5ac5f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/views/PreprocessorOrderManager.vue", "duplicate_line": 266, "correlation_key": "fp|faa411c28ecbfed5d02b2104d3a31c4cd949e738b36d61016ff108d09b5ac5f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/views/VcptavernEditor.vue"}, "region": {"startLine": 435}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126551, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10d3625c512776eb63cf88614bfed49c5c7ecb869ac07f2510f51e66403b2893", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/views/SarPromptEditor.vue", "duplicate_line": 150, "correlation_key": "fp|10d3625c512776eb63cf88614bfed49c5c7ecb869ac07f2510f51e66403b2893"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/views/VcptavernEditor.vue"}, "region": {"startLine": 239}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126550, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25375a7ca862788036b68c3e9e7e7c482d6a0ebd1066fa13d22e2e1936abf42a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/features/vcp-forum/useVcpForum.ts", "duplicate_line": 384, "correlation_key": "fp|25375a7ca862788036b68c3e9e7e7c482d6a0ebd1066fa13d22e2e1936abf42a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/views/VcpForum.vue"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126549, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9f90a46ab72b925914fd282e2155283217707c0f4bf92936b3399a3c3f36a93", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/views/PreprocessorOrderManager.vue", "duplicate_line": 262, "correlation_key": "fp|c9f90a46ab72b925914fd282e2155283217707c0f4bf92936b3399a3c3f36a93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/views/ThinkingChainsEditor.vue"}, "region": {"startLine": 785}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126548, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d95d0338d2c5bf3f46eda5be40a899c653156c4f1156e63699216566f3f3062", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/features/server-log-viewer/useServerLogViewer.ts", "duplicate_line": 307, "correlation_key": "fp|9d95d0338d2c5bf3f46eda5be40a899c653156c4f1156e63699216566f3f3062"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/views/ServerLogViewer.vue"}, "region": {"startLine": 132}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126547, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a03bdd3b2f6a9d49f77c9b6a0b88f6904e8e4ca1137bd5223e1eb279ae5d065b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/views/DynamicToolsManager.vue", "duplicate_line": 598, "correlation_key": "fp|a03bdd3b2f6a9d49f77c9b6a0b88f6904e8e4ca1137bd5223e1eb279ae5d065b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/views/SemanticModelRouterEditor.vue"}, "region": {"startLine": 667}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126546, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2d68240d9a6a113afb680a586be8e10bdfdce85edea541d0b00ba102490fb09", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/views/DailyNotesManager/FolderList.vue", "duplicate_line": 8, "correlation_key": "fp|d2d68240d9a6a113afb680a586be8e10bdfdce85edea541d0b00ba102490fb09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/views/SemanticGroupsEditor.vue"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126545, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce12d8b3c3f55694b19814623c49d4228299c0e7860734beaad4b1596c9fb945", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/stores/pluginConfig.ts", "duplicate_line": 314, "correlation_key": "fp|ce12d8b3c3f55694b19814623c49d4228299c0e7860734beaad4b1596c9fb945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/views/PluginConfig.vue"}, "region": {"startLine": 240}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126544, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dbdb404ccbcd2bb597bd5723b10c76e5917814021fcc4f96f256ba45dcf8081d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/features/preprocessor-order-manager/usePreprocessorOrderManager.ts", "duplicate_line": 118, "correlation_key": "fp|dbdb404ccbcd2bb597bd5723b10c76e5917814021fcc4f96f256ba45dcf8081d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/features/vcptavern-editor/useVcptavernEditor.ts"}, "region": {"startLine": 208}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126543, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ce36b55f8a57b888a94fecb4bec1e4e5769f89cae73c328273c17f5e158104b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/components/dashboard/CpuCard.vue", "duplicate_line": 54, "correlation_key": "fp|8ce36b55f8a57b888a94fecb4bec1e4e5769f89cae73c328273c17f5e158104b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/components/dashboard/MemoryCard.vue"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126542, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5d892fd88c00f87a58ad47634bb4f0323171100d3b532fca1081e67b3e69b86c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "AdminPanel-Vue/src/api/forum-assistant.ts", "duplicate_line": 177, "correlation_key": "fp|5d892fd88c00f87a58ad47634bb4f0323171100d3b532fca1081e67b3e69b86c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/api/forum.ts"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 126534, "scanner": "repobility-threat-engine", "fingerprint": "3f70b3c007f3bebc3a89a427d3c748abda23e36d26d2919fd0e5917f97b722f0", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'\u5f53\u524d\u4e0a\u4e0b\u6587\u4e2d\u53ef\u80fd\u5305\u542b\u4ee5\u4e0b\u6298\u53e0\u6807\u7b7e\u7684\u5185\u5bb9\u5757\uff0c\u9ed8\u8ba4\u538b\u7f29\u5904\u7406\uff1a\\n'\n + tagListStr + '\\n\u5982\u9700\u4e86\u89e3\u5177\u4f53\u5185\u5bb9\uff0c\u8bf7\u76f4\u63a5\u63d0\u95ee\u3002'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3f70b3c007f3bebc3a89a427d3c748abda23e36d26d2919fd0e5917f97b722f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TagFolder/TagFolder.js"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 126530, "scanner": "repobility-threat-engine", "fingerprint": "dc40063e881d4f6f74ad1c80e51396e7acf5059dab21c04e251b9ef249eefccc", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|sillytavernsub/st - vcp-vcp .js|158|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "SillyTavernSub/ST\u6cb9\u7334\u63d2\u4ef6-\u9152\u9986VCP-VCP\u65f6\u949f.js"}, "region": {"startLine": 158}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 126529, "scanner": "repobility-threat-engine", "fingerprint": "54548098662b84973e9b1d3107c320d57cc2fb955f05eba2cfdde5fc0f66559f", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = n", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|81|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/html-ppt-skill/assets/runtime.js"}, "region": {"startLine": 81}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `load_artist_data` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, for=1, if=4, nested_bonus=4."}, "properties": {"repobilityId": 126464, "scanner": "repobility-threat-engine", "fingerprint": "f00a1fe0fc7c9bdfd57edee9fbea5f7ef130469776c6166ac1edd674034343f2", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "load_artist_data", "breakdown": {"if": 4, "for": 1, "else": 1, "except": 1, "nested_bonus": 4}, "complexity": 11, "correlation_key": "fp|f00a1fe0fc7c9bdfd57edee9fbea5f7ef130469776c6166ac1edd674034343f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ArtistMatcher/artist_matcher.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 126540, "scanner": "repobility-threat-engine", "fingerprint": "a2abe045ac3414d6e050e7854296ed4755cc8eec69d501e00ba7567ec4fe3461", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a2abe045ac3414d6e050e7854296ed4755cc8eec69d501e00ba7567ec4fe3461"}}}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 126528, "scanner": "repobility-threat-engine", "fingerprint": "475c8f9b2f207178dcbcdfaa77af0916dd585f7e26be8005442ada15bff8c7ac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|475c8f9b2f207178dcbcdfaa77af0916dd585f7e26be8005442ada15bff8c7ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/html-ppt-skill/assets/animations/fx-runtime.js"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 126527, "scanner": "repobility-threat-engine", "fingerprint": "f42a45d9c1261dfc71c2883b50ef82d24ae2c719d0dc31860bacaa71fef68682", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f42a45d9c1261dfc71c2883b50ef82d24ae2c719d0dc31860bacaa71fef68682", "aggregated_count": 6}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 126526, "scanner": "repobility-threat-engine", "fingerprint": "633df8de271e6e0c97f0c37a37e3fcfe161962d740c9d0da0c099caca08060d1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|633df8de271e6e0c97f0c37a37e3fcfe161962d740c9d0da0c099caca08060d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SVCardFinder/card_finder.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 126525, "scanner": "repobility-threat-engine", "fingerprint": "a818dc9c166b7dc5034682b81fcbdfd035f2be007a0fef32438c8051bbcbdb88", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a818dc9c166b7dc5034682b81fcbdfd035f2be007a0fef32438c8051bbcbdb88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PyScreenshot/screenshot.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 126524, "scanner": "repobility-threat-engine", "fingerprint": "69f1d75bbca5c2cee0342648fc9c30e7acd178311c03b2ffac8d3857cd5e33bf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|69f1d75bbca5c2cee0342648fc9c30e7acd178311c03b2ffac8d3857cd5e33bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PyCameraCapture/capture.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 126523, "scanner": "repobility-threat-engine", "fingerprint": "a618b2bf87298c04ec06507c7b2355bde9a33dbb99b14a2c28d0b7791dd5e0bd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a618b2bf87298c04ec06507c7b2355bde9a33dbb99b14a2c28d0b7791dd5e0bd"}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 126519, "scanner": "repobility-threat-engine", "fingerprint": "64edb14930ea75004022f52b44b240b0058bdc9678566eb7eb718753853f9dab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64edb14930ea75004022f52b44b240b0058bdc9678566eb7eb718753853f9dab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PaperReader/paperreader-rs/crates/paperreader-workspace/src/lib.rs"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 126518, "scanner": "repobility-threat-engine", "fingerprint": "f479ee098628a96191aa92863a83c0639a4ec73ea4f699cae980a187da22d83a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f479ee098628a96191aa92863a83c0639a4ec73ea4f699cae980a187da22d83a", "aggregated_count": 1}}}, {"ruleId": "SEC114", "level": "none", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 126514, "scanner": "repobility-threat-engine", "fingerprint": "bd1eb12b4f188f0592c73e146c78e4025b691273a56b6147697cf87ed06defc3", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bd1eb12b4f188f0592c73e146c78e4025b691273a56b6147697cf87ed06defc3"}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 126504, "scanner": "repobility-threat-engine", "fingerprint": "7efb1eac50d3a8744478bbddae15a9f3d17d61afe4d5058ab8239498d25cd11a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7efb1eac50d3a8744478bbddae15a9f3d17d61afe4d5058ab8239498d25cd11a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/providers/stooq.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 126503, "scanner": "repobility-threat-engine", "fingerprint": "766f89de0274439a2f86144edb1781814fe3da8599798b3525ae548322c20e3e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|766f89de0274439a2f86144edb1781814fe3da8599798b3525ae548322c20e3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/concurrent.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 126499, "scanner": "repobility-threat-engine", "fingerprint": "75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d"}}}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 126495, "scanner": "repobility-threat-engine", "fingerprint": "8ce8a1367a2a0d9794a6d1f712fc9c846b60dcbe21c8f164bcea91d350a68bc9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8ce8a1367a2a0d9794a6d1f712fc9c846b60dcbe21c8f164bcea91d350a68bc9"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 126490, "scanner": "repobility-threat-engine", "fingerprint": "ffe0bb40951d1fe20325d6626515b6b3f5194cef1a3be6e6de11e9645a8d8a72", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ffe0bb40951d1fe20325d6626515b6b3f5194cef1a3be6e6de11e9645a8d8a72", "aggregated_count": 1}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 126489, "scanner": "repobility-threat-engine", "fingerprint": "8cd9e4bf851fc6f6d696e624ccb933768122e4624538c2c35bb0c70a2ea7870c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8cd9e4bf851fc6f6d696e624ccb933768122e4624538c2c35bb0c70a2ea7870c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "TextChunker.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 126488, "scanner": "repobility-threat-engine", "fingerprint": "15f82e9234990dfbeff97afb69bb53fea60794d4d55d5f488c5494d0ad1e6f95", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15f82e9234990dfbeff97afb69bb53fea60794d4d55d5f488c5494d0ad1e6f95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TicktickManager/auth-cli.js"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 126487, "scanner": "repobility-threat-engine", "fingerprint": "b6df38acc98e16860d52d8484c68501b53b65eb6b13d7de551dbcaf6c214ab1b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b6df38acc98e16860d52d8484c68501b53b65eb6b13d7de551dbcaf6c214ab1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ComfyCloudGen/setup.js"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 126486, "scanner": "repobility-threat-engine", "fingerprint": "54c7f8b9f59a9adcefdad08043d0170361bce8abe1ac3030f7c88c15db1b2e9f", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|30|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ComfyCloudGen/ComfyCloudNetwork.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 126485, "scanner": "repobility-threat-engine", "fingerprint": "1ec7af8055fe28264cd2df88bc5bd3b5e98339bd86547227e224cfd65f715a5e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1ec7af8055fe28264cd2df88bc5bd3b5e98339bd86547227e224cfd65f715a5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ArtistMatcher/artist_matcher.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC087", "level": "none", "message": {"text": "[SEC087] JS: weak Math.random for crypto (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 126484, "scanner": "repobility-threat-engine", "fingerprint": "5865a48131e09542fe8e399b1a80bf65dd1e792a1420072619a7f432da6babf1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5865a48131e09542fe8e399b1a80bf65dd1e792a1420072619a7f432da6babf1"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 126477, "scanner": "repobility-threat-engine", "fingerprint": "cd0c8e85bd308a46f755f44bc6ab20955e3c28a1f9d626cb3a3bf09c3b5d92c7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cd0c8e85bd308a46f755f44bc6ab20955e3c28a1f9d626cb3a3bf09c3b5d92c7", "aggregated_count": 5}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 126476, "scanner": "repobility-threat-engine", "fingerprint": "d7a82437aacba35839213f0eb95c78d81136b0872154d6f1269f4883dc6c75ab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d7a82437aacba35839213f0eb95c78d81136b0872154d6f1269f4883dc6c75ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/JapaneseHelper/setup_wadoku.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 126475, "scanner": "repobility-threat-engine", "fingerprint": "4d9c8615a5021acaf99743d27411de12405e70f0b8f2e28ccfd655f5e1712d36", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d9c8615a5021acaf99743d27411de12405e70f0b8f2e28ccfd655f5e1712d36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ArxivDailyPapers/ArxivDailyPapers.js"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 126474, "scanner": "repobility-threat-engine", "fingerprint": "bea26334e03ba581e03c42c2a906c7877bd18c2e43d9a9772f7bfa7d04023cb9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bea26334e03ba581e03c42c2a906c7877bd18c2e43d9a9772f7bfa7d04023cb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/AnimeFinder/AnimeFinder.js"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 126473, "scanner": "repobility-threat-engine", "fingerprint": "eb7059bff231de58d9f065283f042893233310adbb37c8e2332fb96e5a000897", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|eb7059bff231de58d9f065283f042893233310adbb37c8e2332fb96e5a000897", "aggregated_count": 6}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 126469, "scanner": "repobility-threat-engine", "fingerprint": "60d7a967589ada85a8f90bdffdc921455ffd03cd63344433da4c765149b88c10", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|60d7a967589ada85a8f90bdffdc921455ffd03cd63344433da4c765149b88c10", "aggregated_count": 5}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 126468, "scanner": "repobility-threat-engine", "fingerprint": "c717b88252e6bf03dbfcbcc89cca771a4e997cbd9462e27ff4db7292524a56ad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c717b88252e6bf03dbfcbcc89cca771a4e997cbd9462e27ff4db7292524a56ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/providers/base.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 126467, "scanner": "repobility-threat-engine", "fingerprint": "b278cf24676d189cfae2070b47d8687f650f52e66c50bde8be51a9a8f7739d41", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b278cf24676d189cfae2070b47d8687f650f52e66c50bde8be51a9a8f7739d41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/http.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 126466, "scanner": "repobility-threat-engine", "fingerprint": "3f2fe75fd57646c22cb6da0836344f04c64631a3720c7ceebbe4128644df0efd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f2fe75fd57646c22cb6da0836344f04c64631a3720c7ceebbe4128644df0efd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "OpenWebUISub/openwebui_html_auto_render/html_live_preview_0.3.0.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 54 more): Same pattern found in 54 additional files. Review if needed."}, "properties": {"repobilityId": 126465, "scanner": "repobility-threat-engine", "fingerprint": "5a387555f08997816de0cf1bf3eba11b9e08d7cfadc96dd9f77a7c939d7efa1e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 54 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "on_message", "breakdown": {"if": 5, "elif": 1, "else": 2, "except": 2, "nested_bonus": 9}, "aggregated": true, "complexity": 19, "correlation_key": "fp|5a387555f08997816de0cf1bf3eba11b9e08d7cfadc96dd9f77a7c939d7efa1e", "aggregated_count": 54}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 126458, "scanner": "repobility-threat-engine", "fingerprint": "cd4ff08cbb509778875d04bc81c4d5dddf6eb913fbf65972cae2187283af5035", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cd4ff08cbb509778875d04bc81c4d5dddf6eb913fbf65972cae2187283af5035", "aggregated_count": 12}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 126457, "scanner": "repobility-threat-engine", "fingerprint": "427323f6fed490373e398ff8d736bc7fe906c01feda7bf93b71841a226614956", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|427323f6fed490373e398ff8d736bc7fe906c01feda7bf93b71841a226614956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DigitalOracle/digital-oracle-main/digital_oracle/http.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 126456, "scanner": "repobility-threat-engine", "fingerprint": "dd5988d7c55b988e3597ac73c0ae750c9c266dc531c46cae89e0ce3dd47f02d9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dd5988d7c55b988e3597ac73c0ae750c9c266dc531c46cae89e0ce3dd47f02d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "OpenWebUISub/openwebui_html_auto_render/html_live_preview_0.3.0.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 126455, "scanner": "repobility-threat-engine", "fingerprint": "1902b4b3a977f7a9c373cf10efd497dc044fa919da5a233e00ae8272fff95cb2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1902b4b3a977f7a9c373cf10efd497dc044fa919da5a233e00ae8272fff95cb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LinuxNotify.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 126454, "scanner": "repobility-threat-engine", "fingerprint": "bd632c4ade7e75e1a901d5e2da5e3e85b36e57e91ccdfbe5098de1738a5edc96", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bd632c4ade7e75e1a901d5e2da5e3e85b36e57e91ccdfbe5098de1738a5edc96", "aggregated_count": 3}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 126450, "scanner": "repobility-threat-engine", "fingerprint": "5c81d47da75c572182ad0e4e4629636dbf842fd65f2c830612248897d6fb397f", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5c81d47da75c572182ad0e4e4629636dbf842fd65f2c830612248897d6fb397f"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 126446, "scanner": "repobility-threat-engine", "fingerprint": "85f6e149491b106b778d3023521ac1a6df7b2e25c95618240e31ca0c355a5634", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|85f6e149491b106b778d3023521ac1a6df7b2e25c95618240e31ca0c355a5634"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 126442, "scanner": "repobility-threat-engine", "fingerprint": "7eac65c6d729ce731cf7f1b0d32d88551e2714b6a555982628995e228d42ee93", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7eac65c6d729ce731cf7f1b0d32d88551e2714b6a555982628995e228d42ee93", "aggregated_count": 3}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 126441, "scanner": "repobility-threat-engine", "fingerprint": "57b345c1a162202fb3a1d2cb190ad1bc25a0ddce1db0bf7a893f4c6cbbd81215", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|57b345c1a162202fb3a1d2cb190ad1bc25a0ddce1db0bf7a893f4c6cbbd81215"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/features/server-log-viewer/useServerLogViewer.ts"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 126440, "scanner": "repobility-threat-engine", "fingerprint": "ba396ba6b79924bba9c6d3160d59ebab9eb612b22d417e8ad6f7894c9d4f3f72", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba396ba6b79924bba9c6d3160d59ebab9eb612b22d417e8ad6f7894c9d4f3f72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/features/preprocessor-order-manager/usePreprocessorOrderManager.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 126439, "scanner": "repobility-threat-engine", "fingerprint": "613a395e01af7a1c1634b489ae374a6605cb67469462ec9d0658ea8d9f339b8f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|613a395e01af7a1c1634b489ae374a6605cb67469462ec9d0658ea8d9f339b8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/directives/lazy.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 34 more): Same pattern found in 34 additional files. Review if needed."}, "properties": {"repobilityId": 126438, "scanner": "repobility-threat-engine", "fingerprint": "b7270a60e427ef80f66e518ce8f7d3b7a214324c6b92e160fd988cfa6c32d331", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 34 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 34 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b7270a60e427ef80f66e518ce8f7d3b7a214324c6b92e160fd988cfa6c32d331"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "properties": {"repobilityId": 126434, "scanner": "repobility-threat-engine", "fingerprint": "a884d8b9c9b37af90da357b7c75eca50333b5b114663c3dfe3363f9ee69163f2", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 24 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 24 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a884d8b9c9b37af90da357b7c75eca50333b5b114663c3dfe3363f9ee69163f2"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 115 more): Same pattern found in 115 additional files. Review if needed."}, "properties": {"repobilityId": 126430, "scanner": "repobility-threat-engine", "fingerprint": "4432da6c631513f0a488cd43b3d9524cb10999daaae658abc9e73325923ec425", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 115 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4432da6c631513f0a488cd43b3d9524cb10999daaae658abc9e73325923ec425", "aggregated_count": 115}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 126429, "scanner": "repobility-threat-engine", "fingerprint": "9af4ac39c4b05fcd78d28aa4c6d6174bd8dbe658d65391129778bb5068367aa7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9af4ac39c4b05fcd78d28aa4c6d6174bd8dbe658d65391129778bb5068367aa7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/utils/logger.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 126428, "scanner": "repobility-threat-engine", "fingerprint": "ecbc20c2a00b21eb9f3d49eedf3685193646005299a8b8dd3f7dd9fde7809931", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ecbc20c2a00b21eb9f3d49eedf3685193646005299a8b8dd3f7dd9fde7809931"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/src/composables/useMarkdownRenderer.ts"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 126427, "scanner": "repobility-threat-engine", "fingerprint": "6657cbbeab5915140c6dece05af798d9844972be69ca0a60eb3140bf55af215c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6657cbbeab5915140c6dece05af798d9844972be69ca0a60eb3140bf55af215c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/scripts/check-typography-guard.mjs"}, "region": {"startLine": 129}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 126426, "scanner": "repobility-threat-engine", "fingerprint": "5523e60b1dc8a944defadff18fd27285ca7823b9184972b5126e133bf66244aa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5523e60b1dc8a944defadff18fd27285ca7823b9184972b5126e133bf66244aa"}}}, {"ruleId": "SEC083", "level": "none", "message": {"text": "[SEC083] JS: new RegExp() with non-literal (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 126422, "scanner": "repobility-threat-engine", "fingerprint": "90a983ae2327fe2ddf05ecbedee38b4a196180482606a0fdef5e49cba72fabad", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|90a983ae2327fe2ddf05ecbedee38b4a196180482606a0fdef5e49cba72fabad"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 126418, "scanner": "repobility-threat-engine", "fingerprint": "69b8d1ab6ebdf0e67a4943a9d246df28ccefb397d7d029799319621fefe41b25", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|69b8d1ab6ebdf0e67a4943a9d246df28ccefb397d7d029799319621fefe41b25"}}}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/es/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/es/System.CommandLine.resources.dll` is a .dll binary (18,976 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency"}, "properties": {"repobilityId": 126764, "scanner": "repobility-supply-chain", "fingerprint": "cc68e1daa000ba5aaa0098f611f1fed9ee034b4b798e56ad0854469606116dc9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc68e1daa000ba5aaa0098f611f1fed9ee034b4b798e56ad0854469606116dc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/es/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/pt-BR/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/pt-BR/System.CommandLine.resources.dll` is a .dll binary (18,976 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised depe"}, "properties": {"repobilityId": 126763, "scanner": "repobility-supply-chain", "fingerprint": "f1d36a2c6c05f07395b33a4bca4e4a85d33bb8c0582ec2e92d7955a58c1c3b60", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1d36a2c6c05f07395b33a4bca4e4a85d33bb8c0582ec2e92d7955a58c1c3b60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/pt-BR/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/ja/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/ja/System.CommandLine.resources.dll` is a .dll binary (18,976 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency"}, "properties": {"repobilityId": 126762, "scanner": "repobility-supply-chain", "fingerprint": "44d4855fdc4f80ff706df72e12579b2c6be1cc004c4ccf886583a055e0b0b08f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44d4855fdc4f80ff706df72e12579b2c6be1cc004c4ccf886583a055e0b0b08f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/ja/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/fr/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/fr/System.CommandLine.resources.dll` is a .dll binary (19,016 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency"}, "properties": {"repobilityId": 126761, "scanner": "repobility-supply-chain", "fingerprint": "ccbfd384e42025bab6629759d45a5890f39d3544215b4f0a8c8dd31cf9695e38", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ccbfd384e42025bab6629759d45a5890f39d3544215b4f0a8c8dd31cf9695e38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/fr/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/cs/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/cs/System.CommandLine.resources.dll` is a .dll binary (19,016 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency"}, "properties": {"repobilityId": 126760, "scanner": "repobility-supply-chain", "fingerprint": "b1dd4de5d08074a616da63549a4298cf536d715c17057d6bee71fc04b787f421", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b1dd4de5d08074a616da63549a4298cf536d715c17057d6bee71fc04b787f421"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/cs/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/pl/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/pl/System.CommandLine.resources.dll` is a .dll binary (19,016 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency"}, "properties": {"repobilityId": 126759, "scanner": "repobility-supply-chain", "fingerprint": "87d899eee0f716e78fb978aa14ca5815be369d50dd9d218651f9fd9991994ab8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|87d899eee0f716e78fb978aa14ca5815be369d50dd9d218651f9fd9991994ab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/pl/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/zh-Hant/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/zh-Hant/System.CommandLine.resources.dll` is a .dll binary (18,976 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised "}, "properties": {"repobilityId": 126758, "scanner": "repobility-supply-chain", "fingerprint": "39a349887f21bf02d91046c579f5a94e2093a2a5cdece359c0d5703571af4ed4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|39a349887f21bf02d91046c579f5a94e2093a2a5cdece359c0d5703571af4ed4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/zh-Hant/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/zh-Hans/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/zh-Hans/System.CommandLine.resources.dll` is a .dll binary (18,976 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised "}, "properties": {"repobilityId": 126757, "scanner": "repobility-supply-chain", "fingerprint": "8655f02c57aa14bd75ee4ef20996143269ce9ea4ada2762af17237ad290ba155", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8655f02c57aa14bd75ee4ef20996143269ce9ea4ada2762af17237ad290ba155"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/zh-Hans/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/de/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/de/System.CommandLine.resources.dll` is a .dll binary (19,016 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency"}, "properties": {"repobilityId": 126756, "scanner": "repobility-supply-chain", "fingerprint": "c206baad724085c6af165b300151880d21be2d71dc99024e754bc729e2f9f108", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c206baad724085c6af165b300151880d21be2d71dc99024e754bc729e2f9f108"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/de/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/tr/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/tr/System.CommandLine.resources.dll` is a .dll binary (18,976 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency"}, "properties": {"repobilityId": 126755, "scanner": "repobility-supply-chain", "fingerprint": "7f0b5c5231924ea782dd7dcb44b55155e398ae4ddcd81faada5284a3b1dbeb05", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f0b5c5231924ea782dd7dcb44b55155e398ae4ddcd81faada5284a3b1dbeb05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/tr/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/ru/System.CommandLine.resources.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/ru/System.CommandLine.resources.dll` is a .dll binary (19,488 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency"}, "properties": {"repobilityId": 126754, "scanner": "repobility-supply-chain", "fingerprint": "45eb770ad9014cc5dfba1605c5f0aace954d25f7e97f58c709a750e82f149a61", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45eb770ad9014cc5dfba1605c5f0aace954d25f7e97f58c709a750e82f149a61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/ru/System.CommandLine.resources.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/System.CommandLine.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/System.CommandLine.dll` is a .dll binary (151,584 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary "}, "properties": {"repobilityId": 126753, "scanner": "repobility-supply-chain", "fingerprint": "276063742c8495d53176367156767c9495854f7cc7559d8bbda62706e7e21913", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|276063742c8495d53176367156767c9495854f7cc7559d8bbda62706e7e21913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/System.CommandLine.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/MiniMaxAIDocx.Core.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/MiniMaxAIDocx.Core.dll` is a .dll binary (365,056 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary "}, "properties": {"repobilityId": 126752, "scanner": "repobility-supply-chain", "fingerprint": "81d3701ef6035e9ab05fbb5b7167e569137c3ac7ffcd5e85e05b6e4e58e3ec12", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|81d3701ef6035e9ab05fbb5b7167e569137c3ac7ffcd5e85e05b6e4e58e3ec12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/MiniMaxAIDocx.Core.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/DocumentFormat.OpenXml.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/DocumentFormat.OpenXml.dll` is a .dll binary (7,985,120 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in"}, "properties": {"repobilityId": 126751, "scanner": "repobility-supply-chain", "fingerprint": "4c138327b453d11a4af649b626c55f050af048f491a666446ad61c454aed0f0e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4c138327b453d11a4af649b626c55f050af048f491a666446ad61c454aed0f0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/DocumentFormat.OpenXml.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/System.IO.Packaging.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/System.IO.Packaging.dll` is a .dll binary (142,136 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binar"}, "properties": {"repobilityId": 126750, "scanner": "repobility-supply-chain", "fingerprint": "587a5d2ba06d4558e34612d58c2bdfdff9c2d6affc3613ff32c7110432ea0191", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|587a5d2ba06d4558e34612d58c2bdfdff9c2d6affc3613ff32c7110432ea0191"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/System.IO.Packaging.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/DocumentFormat.OpenXml.Framework.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/DocumentFormat.OpenXml.Framework.dll` is a .dll binary (478,696 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised depende"}, "properties": {"repobilityId": 126749, "scanner": "repobility-supply-chain", "fingerprint": "8ce710fd54c9546477702ff43683b8d5b0c0b3309060fbf9720145a532db704e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ce710fd54c9546477702ff43683b8d5b0c0b3309060fbf9720145a532db704e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/DocumentFormat.OpenXml.Framework.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/MiniMaxAIDocx.Cli.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/MiniMaxAIDocx.Cli.dll` is a .dll binary (5,632 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that"}, "properties": {"repobilityId": 126748, "scanner": "repobility-supply-chain", "fingerprint": "db0e89be281562b76d3e27081c10106099aad179652156f62a0970e284c2770c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|db0e89be281562b76d3e27081c10106099aad179652156f62a0970e284c2770c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Cli/bin/Debug/net8.0/MiniMaxAIDocx.Cli.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/refint/MiniMaxAIDocx.Core.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/refint/MiniMaxAIDocx.Core.dll` is a .dll binary (37,888 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR sli"}, "properties": {"repobilityId": 126747, "scanner": "repobility-supply-chain", "fingerprint": "4bc072cbc9bbf48134fe71159a199a13d3d342b2e7ff4658f5b4bde2576dfdcd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4bc072cbc9bbf48134fe71159a199a13d3d342b2e7ff4658f5b4bde2576dfdcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/refint/MiniMaxAIDocx.Core.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/ref/MiniMaxAIDocx.Core.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/ref/MiniMaxAIDocx.Core.dll` is a .dll binary (37,888 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in "}, "properties": {"repobilityId": 126746, "scanner": "repobility-supply-chain", "fingerprint": "25dda0b0d54d1f53e3e2ecf9690fba57ac42081979873cc945fdfe5e78d27f3b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25dda0b0d54d1f53e3e2ecf9690fba57ac42081979873cc945fdfe5e78d27f3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/ref/MiniMaxAIDocx.Core.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/MiniMaxAIDocx.Core.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/MiniMaxAIDocx.Core.dll` is a .dll binary (365,056 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binar"}, "properties": {"repobilityId": 126745, "scanner": "repobility-supply-chain", "fingerprint": "48648de37abe405c88b5f33d2f6f1363805a6651bc03c2dac28115fcafa0b55c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|48648de37abe405c88b5f33d2f6f1363805a6651bc03c2dac28115fcafa0b55c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/obj/Debug/net8.0/MiniMaxAIDocx.Core.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/bin/Debug/net8.0/MiniMaxAIDocx.Core.dll` committed in source repo: `Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/bin/Debug/net8.0/MiniMaxAIDocx.Core.dll` is a .dll binary (365,056 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binar"}, "properties": {"repobilityId": 126744, "scanner": "repobility-supply-chain", "fingerprint": "8eb9dc9cf372713fdd6be2a7013cd5ce2804f26f275d7dd04618633c9006ae0b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8eb9dc9cf372713fdd6be2a7013cd5ce2804f26f275d7dd04618633c9006ae0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/bin/Debug/net8.0/MiniMaxAIDocx.Core.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/PaperReader/bin/paperreader-cli.exe` committed in source repo: `Plugin/PaperReader/bin/paperreader-cli.exe` is a .exe binary (13,664,768 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 126743, "scanner": "repobility-supply-chain", "fingerprint": "f8d69ad4c76499bdbe8ab646d90661672162df23942d35e5f9d5347a42424dc1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f8d69ad4c76499bdbe8ab646d90661672162df23942d35e5f9d5347a42424dc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PaperReader/bin/paperreader-cli.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/DailyNoteSearcher/DailyNoteSearcher.exe` committed in source repo: `Plugin/DailyNoteSearcher/DailyNoteSearcher.exe` is a .exe binary (2,485,248 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 126742, "scanner": "repobility-supply-chain", "fingerprint": "c22768b8082f4d3c962db7c115723259cb829873f4a616bec3bc6102c174cc32", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c22768b8082f4d3c962db7c115723259cb829873f4a616bec3bc6102c174cc32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/DailyNoteSearcher/DailyNoteSearcher.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Plugin/CodeSearcher/CodeSearcher.exe` committed in source repo: `Plugin/CodeSearcher/CodeSearcher.exe` is a .exe binary (2,408,960 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 126741, "scanner": "repobility-supply-chain", "fingerprint": "cfa0a8c1c249dad9401679566875253777e042b8da127cc20da03a929d5f71dc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cfa0a8c1c249dad9401679566875253777e042b8da127cc20da03a929d5f71dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/CodeSearcher/CodeSearcher.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `vcp-installer-\u4e00\u952e\u5b89\u88c5\u811a\u672c.exe` committed in source repo: `vcp-installer-\u4e00\u952e\u5b89\u88c5\u811a\u672c.exe` is a .exe binary (2,271,232 bytes) committed to a repo that otherwise has 736 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 126740, "scanner": "repobility-supply-chain", "fingerprint": "f6f275e8787363a546ee3b37102c5d6b18b3bbb4888029943671a943bc7f1880", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6f275e8787363a546ee3b37102c5d6b18b3bbb4888029943671a943bc7f1880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vcp-installer-\u4e00\u952e\u5b89\u88c5\u811a\u672c.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 126737, "scanner": "repobility-supply-chain", "fingerprint": "3ebaf23cbc42d8a497027677bcc91b847d2b4ef15ce4e2dc267bcce4a7552fa8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3ebaf23cbc42d8a497027677bcc91b847d2b4ef15ce4e2dc267bcce4a7552fa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 126736, "scanner": "repobility-supply-chain", "fingerprint": "4eca1f23caa0ed3aa2c13d171089f1258b61bcf4e61a1371db920da1bbf86513", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4eca1f23caa0ed3aa2c13d171089f1258b61bcf4e61a1371db920da1bbf86513"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 126735, "scanner": "repobility-supply-chain", "fingerprint": "8efa687094e32065efde6d75e1e998f57715921da3b8869c67d9631a8310155f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8efa687094e32065efde6d75e1e998f57715921da3b8869c67d9631a8310155f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED130", "level": "error", "message": {"text": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for `node_modules/asynckit` is `https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz...` \u2014 host `registry.npmmirror.com` is not the canonical registry. Could be a mirror compromise, dependency confusion attack, or a forgotten private registry."}, "properties": {"repobilityId": 126733, "scanner": "repobility-supply-chain", "fingerprint": "55938cba4ca5223b9e23fa366ccdd53b7a0f89cc1e569e5ba7ba452700455762", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-lockfile-off-registry", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|55938cba4ca5223b9e23fa366ccdd53b7a0f89cc1e569e5ba7ba452700455762"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/ComfyUIGen/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED130", "level": "error", "message": {"text": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for `node_modules/@modelcontextprotocol/sdk` is `https://registry.npmmirror.com/@modelcontextprotocol/sdk/-/sdk-1.11.0.tgz...` \u2014 host `registry.npmmirror.com` is not the canonical registry. Could be a mirror compromise, dependency confusion attack, or a forgotten private registry."}, "properties": {"repobilityId": 126728, "scanner": "repobility-supply-chain", "fingerprint": "431c5fb67a5ecdadcc2323022252f65ffcd849219884d3daa77136a3125150a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-lockfile-off-registry", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|431c5fb67a5ecdadcc2323022252f65ffcd849219884d3daa77136a3125150a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SunoGen/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED130", "level": "error", "message": {"text": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for `node_modules/@babel/generator` is `https://registry.npmmirror.com/@babel/generator/-/generator-7.29.1.tgz...` \u2014 host `registry.npmmirror.com` is not the canonical registry. Could be a mirror compromise, dependency confusion attack, or a forgotten private registry."}, "properties": {"repobilityId": 126724, "scanner": "repobility-supply-chain", "fingerprint": "0b2af3eba9e494ea25b07b51bd6d9ad6dc8a91b943926b471905d46137d14403", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-lockfile-off-registry", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b2af3eba9e494ea25b07b51bd6d9ad6dc8a91b943926b471905d46137d14403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AdminPanel-Vue/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED130", "level": "error", "message": {"text": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for `node_modules/@isaacs/fs-minipass` is `https://registry.npmmirror.com/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz...` \u2014 host `registry.npmmirror.com` is not the canonical registry. Could be a mirror compromise, dependency confusion attack, or a forgotten private registry."}, "properties": {"repobilityId": 126717, "scanner": "repobility-supply-chain", "fingerprint": "1e1a3a4b5d0b5be9bf7ab70124b72a69a6bb3423eff9fcc54665fb674cf27060", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-lockfile-off-registry", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e1a3a4b5d0b5be9bf7ab70124b72a69a6bb3423eff9fcc54665fb674cf27060"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-alpine` not pinned by digest: `FROM node:20-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 126716, "scanner": "repobility-supply-chain", "fingerprint": "8bfcca7701d6da209b000287e5069d78f668a930b8915f104c68ab233c69e8f9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8bfcca7701d6da209b000287e5069d78f668a930b8915f104c68ab233c69e8f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-alpine` not pinned by digest: `FROM node:20-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 126715, "scanner": "repobility-supply-chain", "fingerprint": "fad86bf43be41582993068e91592af6232581c2a58a5b3e635b08177f9ebd4fc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fad86bf43be41582993068e91592af6232581c2a58a5b3e635b08177f9ebd4fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express DELETE /tool-list-editor/config/:configName has no auth: Express route DELETE /tool-list-editor/config/:configName declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126714, "scanner": "repobility-route-auth", "fingerprint": "3fe1953264801010415b597b82953e5ec5d4c5928ecf4a69e996540797f746df", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|3fe1953264801010415b597b82953e5ec5d4c5928ecf4a69e996540797f746df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/toolListEditor.js"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /tool-list-editor/config/:configName has no auth: Express route POST /tool-list-editor/config/:configName declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126713, "scanner": "repobility-route-auth", "fingerprint": "bcce1f7334de7c57fee35656524abb7747a200878784e29f062066f65abdbcad", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|bcce1f7334de7c57fee35656524abb7747a200878784e29f062066f65abdbcad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/toolListEditor.js"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express DELETE /presets/:name has no auth: Express route DELETE /presets/:name declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126712, "scanner": "repobility-route-auth", "fingerprint": "2308e6f81f16a3f5b56cbadf586226fd8a580f79306d616807ed4291021b9d74", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|2308e6f81f16a3f5b56cbadf586226fd8a580f79306d616807ed4291021b9d74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPTavern/VCPTavern.js"}, "region": {"startLine": 622}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /presets/:name has no auth: Express route POST /presets/:name declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126711, "scanner": "repobility-route-auth", "fingerprint": "34292f2732fd35489a305c245c9698d2722102ce6e9546fe3cb4ba39562d2864", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|34292f2732fd35489a305c245c9698d2722102ce6e9546fe3cb4ba39562d2864"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPTavern/VCPTavern.js"}, "region": {"startLine": 603}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/messages has no auth: Express route POST /v1/messages declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126710, "scanner": "repobility-route-auth", "fingerprint": "3e7e45fa507a0c07e089e295d77d3c117ab9f33b89135f2e95d944e477be26fa", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|3e7e45fa507a0c07e089e295d77d3c117ab9f33b89135f2e95d944e477be26fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPBridgeServer/bridgeserver.js"}, "region": {"startLine": 793}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/responses has no auth: Express route POST /v1/responses declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126709, "scanner": "repobility-route-auth", "fingerprint": "5bb0a3134c8e1f978dadfadc01912a1ad00aba3ff050b2449f7c90fb0e54e766", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|5bb0a3134c8e1f978dadfadc01912a1ad00aba3ff050b2449f7c90fb0e54e766"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPBridgeServer/bridgeserver.js"}, "region": {"startLine": 785}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/chat/completions has no auth: Express route POST /v1/chat/completions declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126708, "scanner": "repobility-route-auth", "fingerprint": "3d47bdbad907b64567b4a72edd1f286b5164ce1c57aa4ac20f43f1998cd53ed2", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|3d47bdbad907b64567b4a72edd1f286b5164ce1c57aa4ac20f43f1998cd53ed2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/VCPBridgeServer/bridgeserver.js"}, "region": {"startLine": 778}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/messages has no auth: Express route POST /v1/messages declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126707, "scanner": "repobility-route-auth", "fingerprint": "dc76f639a680490ac8ca16758136a58d7c0e63cdb0d838faae8ad1b73f75b1bb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|dc76f639a680490ac8ca16758136a58d7c0e63cdb0d838faae8ad1b73f75b1bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/protocolBridge.js"}, "region": {"startLine": 1036}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/responses has no auth: Express route POST /v1/responses declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126706, "scanner": "repobility-route-auth", "fingerprint": "a58d6e4a5318a4cce4dd6103176da612bc0b3f9a11058e2df4adf2e3db3e6c9d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|a58d6e4a5318a4cce4dd6103176da612bc0b3f9a11058e2df4adf2e3db3e6c9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/protocolBridge.js"}, "region": {"startLine": 983}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /associative-discovery has no auth: Express route POST /associative-discovery declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126705, "scanner": "repobility-route-auth", "fingerprint": "77ac9356707d0a13f14e7a48eda117312306cb27bdc6635de1f8c42145733d31", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|77ac9356707d0a13f14e7a48eda117312306cb27bdc6635de1f8c42145733d31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/dailyNotesRoutes.js"}, "region": {"startLine": 907}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /folder/delete has no auth: Express route POST /folder/delete declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126704, "scanner": "repobility-route-auth", "fingerprint": "9cbd8a6eae05352f95ce33a07ea78ff6109340e9ac07e37c94799e2a44c0875d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|9cbd8a6eae05352f95ce33a07ea78ff6109340e9ac07e37c94799e2a44c0875d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/dailyNotesRoutes.js"}, "region": {"startLine": 873}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /delete-batch has no auth: Express route POST /delete-batch declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126703, "scanner": "repobility-route-auth", "fingerprint": "c4490192ecb0ab3c569c04c93bc7565aa657002e82a3209831ae1f0ec5160577", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|c4490192ecb0ab3c569c04c93bc7565aa657002e82a3209831ae1f0ec5160577"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/dailyNotesRoutes.js"}, "region": {"startLine": 847}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /move has no auth: Express route POST /move declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126702, "scanner": "repobility-route-auth", "fingerprint": "5858196d6ad30bea3c1efe9a7b9535c56c4594505ff4727c6d48277f5c14b539", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|5858196d6ad30bea3c1efe9a7b9535c56c4594505ff4727c6d48277f5c14b539"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/dailyNotesRoutes.js"}, "region": {"startLine": 780}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /note/:folderName/:fileName has no auth: Express route POST /note/:folderName/:fileName declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126701, "scanner": "repobility-route-auth", "fingerprint": "9755d1433dd21a46d0b6c49d545e3fbe41b699310afdfe87f0251bf356793f5e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|9755d1433dd21a46d0b6c49d545e3fbe41b699310afdfe87f0251bf356793f5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/dailyNotesRoutes.js"}, "region": {"startLine": 748}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express PATCH /post/:uid has no auth: Express route PATCH /post/:uid declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126700, "scanner": "repobility-route-auth", "fingerprint": "790f7a2828833c3a3335e8fc4362d7d47084159b08051241d32acb1e71b2a160", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|790f7a2828833c3a3335e8fc4362d7d47084159b08051241d32acb1e71b2a160"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 527}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express DELETE /post/:uid has no auth: Express route DELETE /post/:uid declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126699, "scanner": "repobility-route-auth", "fingerprint": "da17c74a5706395f785b02866ec4c0edcd55f3cd6541701cdcbfccd6f0cd6982", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|da17c74a5706395f785b02866ec4c0edcd55f3cd6541701cdcbfccd6f0cd6982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /reply/:uid has no auth: Express route POST /reply/:uid declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126698, "scanner": "repobility-route-auth", "fingerprint": "319454f838147678f2a2b1234be1070e8be2498b5f9c5b4096ac6ee961197909", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|319454f838147678f2a2b1234be1070e8be2498b5f9c5b4096ac6ee961197909"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 357}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/embeddings has no auth: Express route POST /v1/embeddings declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126697, "scanner": "repobility-route-auth", "fingerprint": "d5261fa0c6e106d13bec04989e4938ceb9d1d1815b52a7bd0fd7131b78002cff", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|d5261fa0c6e106d13bec04989e4938ceb9d1d1815b52a7bd0fd7131b78002cff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/specialModelRouter.js"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/chat/completions has no auth: Express route POST /v1/chat/completions declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126696, "scanner": "repobility-route-auth", "fingerprint": "26025fc42a03afbc8cf105f46fdead58adb9735fb55f222deaf590e2202f8e94", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|26025fc42a03afbc8cf105f46fdead58adb9735fb55f222deaf590e2202f8e94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/specialModelRouter.js"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /plugin-callback/:pluginName/:taskId has no auth: Express route POST /plugin-callback/:pluginName/:taskId declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126695, "scanner": "repobility-route-auth", "fingerprint": "cb445dc2b07a817bd1579ee446b36c5d86f94657259e7627068b5fc27e5d4409", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|cb445dc2b07a817bd1579ee446b36c5d86f94657259e7627068b5fc27e5d4409"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 1425}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/human/tool has no auth: Express route POST /v1/human/tool declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126694, "scanner": "repobility-route-auth", "fingerprint": "a5ad9a2367e338a31f53f2102b749780ddbccebda1332f94690df4001dddb23e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|a5ad9a2367e338a31f53f2102b749780ddbccebda1332f94690df4001dddb23e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 1205}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/chatvcp/completions has no auth: Express route POST /v1/chatvcp/completions declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126693, "scanner": "repobility-route-auth", "fingerprint": "fa0604e5e5f6ed4d5d31830d282d31b1548d09de6d22607a9320e867df8280c1", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|fa0604e5e5f6ed4d5d31830d282d31b1548d09de6d22607a9320e867df8280c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 1186}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/chat/completions has no auth: Express route POST /v1/chat/completions declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126692, "scanner": "repobility-route-auth", "fingerprint": "28521e1c0c3b1556eef69779db3939de204c6f7e10bf3aa6f47309736d0c6054", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|28521e1c0c3b1556eef69779db3939de204c6f7e10bf3aa6f47309736d0c6054"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 1172}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/interrupt has no auth: Express route POST /v1/interrupt declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126691, "scanner": "repobility-route-auth", "fingerprint": "cf3c43fed509fe52ba1ca49dc4d61ff89e9b1c993eb2cb7ea8b79aafadc41e4a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|cf3c43fed509fe52ba1ca49dc4d61ff89e9b1c993eb2cb7ea8b79aafadc41e4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 1018}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /v1/schedule_task has no auth: Express route POST /v1/schedule_task declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 126690, "scanner": "repobility-route-auth", "fingerprint": "bfc511e852fbe26b9fc55f338179134d0676ec5168b4d7030851fe5c7996a7b2", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|bfc511e852fbe26b9fc55f338179134d0676ec5168b4d7030851fe5c7996a7b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 957}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_mcpo_server` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._start_mcpo_server`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126667, "scanner": "repobility-ast-engine", "fingerprint": "ceb137bb6cd9b4e4f070622360525163b8fc68ca8d74ed9138f327d061fa43a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ceb137bb6cd9b4e4f070622360525163b8fc68ca8d74ed9138f327d061fa43a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 619}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_mcpo_server` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._start_mcpo_server`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126666, "scanner": "repobility-ast-engine", "fingerprint": "dccb6bf5ace085a7f178e15fe62df664b1fc26a4a1b666723fa3e76146a4605b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dccb6bf5ace085a7f178e15fe62df664b1fc26a4a1b666723fa3e76146a4605b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 606}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._stop_mcpo_server` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._stop_mcpo_server`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126665, "scanner": "repobility-ast-engine", "fingerprint": "e463c5a2480f658d8b6ddc19549c3f77a77b1f16332f9cf21df7024bb451be34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e463c5a2480f658d8b6ddc19549c3f77a77b1f16332f9cf21df7024bb451be34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 601}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._is_server_running` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._is_server_running`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126664, "scanner": "repobility-ast-engine", "fingerprint": "70725643a171a5543ede99f3459197136b9f7d21f2ae3122f63b00720e01fc01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70725643a171a5543ede99f3459197136b9f7d21f2ae3122f63b00720e01fc01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 596}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._stop_mcpo_server` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._stop_mcpo_server`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126663, "scanner": "repobility-ast-engine", "fingerprint": "9b967ffbe21ff33842218667d4737c44f3dd4c9dd0439e02d904aac91721839c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b967ffbe21ff33842218667d4737c44f3dd4c9dd0439e02d904aac91721839c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 588}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._is_server_running` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._is_server_running`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126662, "scanner": "repobility-ast-engine", "fingerprint": "b10dd7213138e3d66b3ff3e13884bfa80e48def5abee918f5db733f85c6984a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b10dd7213138e3d66b3ff3e13884bfa80e48def5abee918f5db733f85c6984a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 578}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_mcpo_server` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._start_mcpo_server`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126661, "scanner": "repobility-ast-engine", "fingerprint": "281f1a303404e733c3d567a7e3be12a9b265a2d5eb257f2734fa165128c94564", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|281f1a303404e733c3d567a7e3be12a9b265a2d5eb257f2734fa165128c94564"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 570}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._find_mcpo_process` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._find_mcpo_process`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126660, "scanner": "repobility-ast-engine", "fingerprint": "51eadba93a54f3b920aebf9da9a0e3af7aa8854c1b541ecf30b2a413867fabc7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51eadba93a54f3b920aebf9da9a0e3af7aa8854c1b541ecf30b2a413867fabc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 536}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._is_server_running` used but never assigned in __init__: Method `manage_server` of class `MCPOPlugin` reads `self._is_server_running`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126659, "scanner": "repobility-ast-engine", "fingerprint": "1b19541fed54e0625fc820b3798fd92ea84c520348e3429fa9e82819f204cfd6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b19541fed54e0625fc820b3798fd92ea84c520348e3429fa9e82819f204cfd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 534}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.list_tools` used but never assigned in __init__: Method `get_tool_info` of class `MCPOPlugin` reads `self.list_tools`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126658, "scanner": "repobility-ast-engine", "fingerprint": "92d6a33748a16a4f441d2f29429287ddebf54f6cf25a43a3aa7e7c243f80a652", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|92d6a33748a16a4f441d2f29429287ddebf54f6cf25a43a3aa7e7c243f80a652"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 508}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._make_request` used but never assigned in __init__: Method `call_tool` of class `MCPOPlugin` reads `self._make_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126657, "scanner": "repobility-ast-engine", "fingerprint": "6d74b8bef87c19b93c688c75d6e80d398e15f13d1d1f4f3b4fe2272391a1e284", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d74b8bef87c19b93c688c75d6e80d398e15f13d1d1f4f3b4fe2272391a1e284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 489}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._make_request` used but never assigned in __init__: Method `_resolve_schema_ref` of class `MCPOPlugin` reads `self._make_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126656, "scanner": "repobility-ast-engine", "fingerprint": "891be46e29acee0443fb4f02cb6d1c9b609bfed62cedd2ea1b39fa4fd3cb5fe0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|891be46e29acee0443fb4f02cb6d1c9b609bfed62cedd2ea1b39fa4fd3cb5fe0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 448}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._resolve_schema_ref` used but never assigned in __init__: Method `_extract_parameters` of class `MCPOPlugin` reads `self._resolve_schema_ref`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126655, "scanner": "repobility-ast-engine", "fingerprint": "9063cec20eb7cd75b2cb2de7b2f78f66019bf9ee326cff7a31498ac40b9e3568", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9063cec20eb7cd75b2cb2de7b2f78f66019bf9ee326cff7a31498ac40b9e3568"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._extract_parameters` used but never assigned in __init__: Method `list_tools` of class `MCPOPlugin` reads `self._extract_parameters`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126654, "scanner": "repobility-ast-engine", "fingerprint": "6b16a53ef5dd4da1e363e3e969fdc7189d948dd4992b54380c78065cbb0b9bc9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b16a53ef5dd4da1e363e3e969fdc7189d948dd4992b54380c78065cbb0b9bc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 362}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._make_request` used but never assigned in __init__: Method `list_tools` of class `MCPOPlugin` reads `self._make_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126653, "scanner": "repobility-ast-engine", "fingerprint": "41fe1c2cf816014bef9f4749b731b2c89924faa0fa5ead12acfaf6ca9c65b27d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41fe1c2cf816014bef9f4749b731b2c89924faa0fa5ead12acfaf6ca9c65b27d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._make_request` used but never assigned in __init__: Method `list_tools` of class `MCPOPlugin` reads `self._make_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126652, "scanner": "repobility-ast-engine", "fingerprint": "fe41a4b0890b2ccefcc415bc9a9323d3c1ea9fda3185a10827abd45d8e6755c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe41a4b0890b2ccefcc415bc9a9323d3c1ea9fda3185a10827abd45d8e6755c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 325}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._is_server_running` used but never assigned in __init__: Method `_stop_mcpo_server` of class `MCPOPlugin` reads `self._is_server_running`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126651, "scanner": "repobility-ast-engine", "fingerprint": "8823823985092bbbf24ac3871e2da3b5de85d2512e7189e79968d8d493c2725b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8823823985092bbbf24ac3871e2da3b5de85d2512e7189e79968d8d493c2725b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._find_mcpo_process` used but never assigned in __init__: Method `_stop_mcpo_server` of class `MCPOPlugin` reads `self._find_mcpo_process`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126650, "scanner": "repobility-ast-engine", "fingerprint": "d8f33344351dc87f54804580a4f7b9511cc43a7aba04ee40b90170021981798b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8f33344351dc87f54804580a4f7b9511cc43a7aba04ee40b90170021981798b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._is_server_running` used but never assigned in __init__: Method `_start_mcpo_server` of class `MCPOPlugin` reads `self._is_server_running`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126649, "scanner": "repobility-ast-engine", "fingerprint": "cafe867a1a30be709f2fe3fbbce5cf8f4df716abb91517134fb5f101ff9668b9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cafe867a1a30be709f2fe3fbbce5cf8f4df716abb91517134fb5f101ff9668b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._create_example_config` used but never assigned in __init__: Method `_start_mcpo_server` of class `MCPOPlugin` reads `self._create_example_config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126648, "scanner": "repobility-ast-engine", "fingerprint": "37f0a357749f37149a2a1603ded1248576453511fb24b187947a1efefa454f1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37f0a357749f37149a2a1603ded1248576453511fb24b187947a1efefa454f1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MCPO/mcpo_plugin.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._list_folder_files` used but never assigned in __init__: Method `list_files` of class `FileOperations` reads `self._list_folder_files`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126646, "scanner": "repobility-ast-engine", "fingerprint": "151e3aace835eeb9c6e0b844efa07b557c63151b26aacf675a2b8150dfb12814", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|151e3aace835eeb9c6e0b844efa07b557c63151b26aacf675a2b8150dfb12814"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TencentCOSBackup/cos_handler.py"}, "region": {"startLine": 558}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._list_folder_files` used but never assigned in __init__: Method `list_files` of class `FileOperations` reads `self._list_folder_files`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126645, "scanner": "repobility-ast-engine", "fingerprint": "5a4d5b9a16e91ed2539f1c24b3daa7214b1935832b3bac0693daea0d16d1735a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5a4d5b9a16e91ed2539f1c24b3daa7214b1935832b3bac0693daea0d16d1735a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TencentCOSBackup/cos_handler.py"}, "region": {"startLine": 575}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.delete_file` used but never assigned in __init__: Method `move_file` of class `FileOperations` reads `self.delete_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126644, "scanner": "repobility-ast-engine", "fingerprint": "e8e73c4cc19f38530237d9dfb93948d19d171159f04c5db8b6d615d88d385eb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8e73c4cc19f38530237d9dfb93948d19d171159f04c5db8b6d615d88d385eb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TencentCOSBackup/cos_handler.py"}, "region": {"startLine": 481}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.copy_file` used but never assigned in __init__: Method `move_file` of class `FileOperations` reads `self.copy_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126643, "scanner": "repobility-ast-engine", "fingerprint": "7aed24b3f62aeb933b834ad3c7869477a06162a0f11d6471c0b9b054e9779faa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7aed24b3f62aeb933b834ad3c7869477a06162a0f11d6471c0b9b054e9779faa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TencentCOSBackup/cos_handler.py"}, "region": {"startLine": 476}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_permission` used but never assigned in __init__: Method `check_permission` of class `PermissionManager` reads `self.get_permission`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126642, "scanner": "repobility-ast-engine", "fingerprint": "41b412c0c21b34073d6a23481a5dbef1e1246c9fdf40bb50f013111c5a9244b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41b412c0c21b34073d6a23481a5dbef1e1246c9fdf40bb50f013111c5a9244b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/TencentCOSBackup/cos_handler.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /task-assistant/tasks/:taskId."}, "properties": {"repobilityId": 126594, "scanner": "repobility-access-control", "fingerprint": "a21267d3fd2b0fdaa07c798916a91087feb1110c6948b0b74e66dc78da656d03", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/task-assistant/tasks/:taskId", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|130|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/taskAssistant.js"}, "region": {"startLine": 130}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PATCH /task-assistant/tasks/:taskId."}, "properties": {"repobilityId": 126593, "scanner": "repobility-access-control", "fingerprint": "479ae56d09ad034364b1f07e1906e5238fcd806e8e8b040b1776cf56eeae2bec", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/task-assistant/tasks/:taskId", "method": "PATCH", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|118|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/taskAssistant.js"}, "region": {"startLine": 118}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /plugin-store/install-log/:taskId."}, "properties": {"repobilityId": 126592, "scanner": "repobility-access-control", "fingerprint": "90b21e05e02bc1663d81e650dee867e37160e563df698b46fd5e44f89d375c7b", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/plugin-store/install-log/:taskId", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/admin/pluginstore.js|1238|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/pluginStore.js"}, "region": {"startLine": 1238}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /plugin-store/sources/:id."}, "properties": {"repobilityId": 126591, "scanner": "repobility-access-control", "fingerprint": "877ab04e0b6b0e10f1e4c8ef757f1a29a4d374cf75cf7c995becbe22d50d5561", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/plugin-store/sources/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/admin/pluginstore.js|989|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/pluginStore.js"}, "region": {"startLine": 989}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /schedules/:id."}, "properties": {"repobilityId": 126590, "scanner": "repobility-access-control", "fingerprint": "db330fdbeeb11dcebb07d23748309e8e420c52d808ecd65684a97b338482c97c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/schedules/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/admin/schedules.js|43|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/schedules.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PATCH /post/:uid."}, "properties": {"repobilityId": 126589, "scanner": "repobility-access-control", "fingerprint": "d404e7d2485347e788d094b71466fb5defd411009b5a55fd658fbb189624e93d", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/post/:uid", "method": "PATCH", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/forumapi.js|527|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 527}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /post/:uid."}, "properties": {"repobilityId": 126588, "scanner": "repobility-access-control", "fingerprint": "081df22213a250cc816dadc2b825e5d436534e2efeb8e5ad8fb5c932f076cfe6", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/post/:uid", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/forumapi.js|440|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 440}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /reply/:uid."}, "properties": {"repobilityId": 126587, "scanner": "repobility-access-control", "fingerprint": "89b47754efab787578272dee4501da5b7c0f9cf8b1efc402037f0b730528a4fb", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/reply/:uid", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/forumapi.js|357|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 357}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /post/:uid."}, "properties": {"repobilityId": 126586, "scanner": "repobility-access-control", "fingerprint": "6d29e75ea4d1fe19f79dcd3df88442f57604f053928d7421667752d5f1cf2834", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/post/:uid", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/forumapi.js|322|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/forumApi.js"}, "region": {"startLine": 322}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /plugin-callback/:pluginName/:taskId."}, "properties": {"repobilityId": 126585, "scanner": "repobility-access-control", "fingerprint": "e96414fe25256c6679dec2cc644c6c7a013cfe7caa31ea186508cb28e993052d", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/plugin-callback/:pluginName/:taskId", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|server.js|1425|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.js"}, "region": {"startLine": 1425}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 126575, "scanner": "repobility-docker", "fingerprint": "ab4d4f3ca8986cd9702039a405e22ac5d2b714d7ab3a1f290bff0629c6c6be54", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|ab4d4f3ca8986cd9702039a405e22ac5d2b714d7ab3a1f290bff0629c6c6be54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 126541, "scanner": "repobility-threat-engine", "fingerprint": "7cac2b4d6bcebc7ef52d046bb110b8ba904e4a1889fd937f491423c6227f18b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7cac2b4d6bcebc7ef52d046bb110b8ba904e4a1889fd937f491423c6227f18b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/timeline\u6574\u7406\u5668.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 126539, "scanner": "repobility-threat-engine", "fingerprint": "91c4177b4d1485514762551dd9e37fc7d75e790c34070d10a071dbc4952ebc49", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "router.post('/multimodal-cache/update', async (req, res) => {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|91c4177b4d1485514762551dd9e37fc7d75e790c34070d10a071dbc4952ebc49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/cache.js"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 126538, "scanner": "repobility-threat-engine", "fingerprint": "8e7c8e4d8569127963946353adafff0c43e5b887b850bd60fe787a26942423ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "router.post('/agents/map', async (req, res) => {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8e7c8e4d8569127963946353adafff0c43e5b887b850bd60fe787a26942423ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/agents.js"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 126537, "scanner": "repobility-threat-engine", "fingerprint": "6429db5c2a9bce52cc469be4309551d3566e427be07da03f8017cd98177b0e5b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "router.post('/agent-assistant/config', async (req, res) => {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6429db5c2a9bce52cc469be4309551d3566e427be07da03f8017cd98177b0e5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/admin/agentAssistant.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 126532, "scanner": "repobility-threat-engine", "fingerprint": "8e336d4908f002be33dab499a68749d8618e460005b0ad14b0bd32449ef64826", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|257|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-xlsx/scripts/xlsx_insert_row.py"}, "region": {"startLine": 257}}}]}, {"ruleId": "SEC025", "level": "error", "message": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure and SSRF via XXE."}, "properties": {"repobilityId": 126531, "scanner": "repobility-threat-engine", "fingerprint": "c21d40e18e89444255c6e4b959c1e5a1e157c75472bb42d48d65fae8f449dd74", "category": "xxe", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "XmlReader.Create(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC025", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c21d40e18e89444255c6e4b959c1e5a1e157c75472bb42d48d65fae8f449dd74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-docx/scripts/dotnet/MiniMaxAIDocx.Core/Validation/XsdValidator.cs"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 126522, "scanner": "repobility-threat-engine", "fingerprint": "f64e0201f42f643f7eac03aafb459f58598e8afef4d455eea244c4581536aadb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f64e0201f42f643f7eac03aafb459f58598e8afef4d455eea244c4581536aadb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/frontend-dev/scripts/minimax_music.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 126521, "scanner": "repobility-threat-engine", "fingerprint": "48d623114e965431e901ac447bc8740f49f822837618fd06e4c73048b9b88b0e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|48d623114e965431e901ac447bc8740f49f822837618fd06e4c73048b9b88b0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/frontend-dev/scripts/minimax_image.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 126520, "scanner": "repobility-threat-engine", "fingerprint": "c4beb8a4c351722c0d565dae1750be09286fb30b6a0a98225073c928b5361b63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c4beb8a4c351722c0d565dae1750be09286fb30b6a0a98225073c928b5361b63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SVCardFinder/card_finder.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 126517, "scanner": "repobility-threat-engine", "fingerprint": "116911c66d9cc0d07162ec4bf2f6970fbb9ea47a1ef20c36ec7a066bc83017cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|116911c66d9cc0d07162ec4bf2f6970fbb9ea47a1ef20c36ec7a066bc83017cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PaperReader/paperreader-rs/crates/paperreader-workspace/src/lib.rs"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 126516, "scanner": "repobility-threat-engine", "fingerprint": "30b41b8289210a5ac58191f87bcbf8e4eb45330d46d95b9246ee2dd7b0141504", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|30b41b8289210a5ac58191f87bcbf8e4eb45330d46d95b9246ee2dd7b0141504"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PaperReader/paperreader-rs/crates/paperreader-domain/src/lib.rs"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 126515, "scanner": "repobility-threat-engine", "fingerprint": "84b7d26ca1a9b77b0ae73b8d7b3d9cef2ba47d1faddaf7f0a8a5952598925616", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|84b7d26ca1a9b77b0ae73b8d7b3d9cef2ba47d1faddaf7f0a8a5952598925616"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/PaperReader/paperreader-rs/crates/paperreader-api/src/stdio_interface.rs"}, "region": {"startLine": 383}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 126513, "scanner": "repobility-threat-engine", "fingerprint": "01e3ba61e5f1932c0d240c21c5840c002c8e38a99428f6d4e30edf2c1d6425d0", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(tmpdir, os.path.basename(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|100|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-xlsx/scripts/libreoffice_recalc.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 126512, "scanner": "repobility-threat-engine", "fingerprint": "e287db86931dd85d24814b3b550ae0363a3a02c52f0e9d83650a74151c1c65fc", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.resolve(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|76|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/SkillBridge/SKILL/minimax-pdf/scripts/render_cover.js"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 126511, "scanner": "repobility-threat-engine", "fingerprint": "8218731f270ceb41b488dc479f5ea110a3d549f2df69c9a91df8e7451fd28edd", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(__dirname, 'midi-input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|15|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Plugin/MIDITranslator/MIDITranslator.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any