{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/427"}, "properties": {"repository": "fastlane/fastlane", "repoUrl": "https://github.com/fastlane/fastlane.git", "branch": "master"}, "results": [{"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23173, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32ac4f69ab091abfe19bd55f68ee4cfb03f791ab00c299088b387c259a7894d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/create_app_on_managed_play_store.rb", "duplicate_line": 49, "correlation_key": "fp|32ac4f69ab091abfe19bd55f68ee4cfb03f791ab00c299088b387c259a7894d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/validate_play_store_json_key.rb"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23172, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c674dd162d4e440430cb8d6a71b017b9677019e984020a3ce82fab9dce7358d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/upload_to_play_store.rb", "duplicate_line": 7, "correlation_key": "fp|c674dd162d4e440430cb8d6a71b017b9677019e984020a3ce82fab9dce7358d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/upload_to_play_store_internal_app_sharing.rb"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23171, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca1f5c80759fb1e482bf544bad66299f012803d7f5e8772b0f6a5290bced13ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/download_app_privacy_details_from_app_store.rb", "duplicate_line": 50, "correlation_key": "fp|ca1f5c80759fb1e482bf544bad66299f012803d7f5e8772b0f6a5290bced13ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/upload_app_privacy_details_to_app_store.rb"}, "region": {"startLine": 133}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23170, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a02f75060a015b865aff5f3cb27e60753e6b722f9bb74d5ccb0de3aa8d6413a9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/update_info_plist.rb", "duplicate_line": 107, "correlation_key": "fp|a02f75060a015b865aff5f3cb27e60753e6b722f9bb74d5ccb0de3aa8d6413a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/update_plist.rb"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23169, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0a6722e82297652d0b4a1dea14c1bffc8bc0c563d28670c7428e04b12fc252b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/automatic_code_signing.rb", "duplicate_line": 88, "correlation_key": "fp|a0a6722e82297652d0b4a1dea14c1bffc8bc0c563d28670c7428e04b12fc252b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/update_code_signing_settings.rb"}, "region": {"startLine": 91}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23168, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2453cdeb70b06269c248564c023ea726bb2dc37f7baaaaab715bfdec3b61e807", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/jazzy.rb", "duplicate_line": 23, "correlation_key": "fp|2453cdeb70b06269c248564c023ea726bb2dc37f7baaaaab715bfdec3b61e807"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/swiftlint.rb"}, "region": {"startLine": 171}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23167, "scanner": "repobility-ai-code-hygiene", "fingerprint": "869bbba3b97f5b47f38ab215c96269d6c8605e79fdb073f6378ae0dd76efeb02", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/register_device.rb", "duplicate_line": 85, "correlation_key": "fp|869bbba3b97f5b47f38ab215c96269d6c8605e79fdb073f6378ae0dd76efeb02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/register_devices.rb"}, "region": {"startLine": 122}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23166, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62cca7c3055fc617534a302db0918566efba2ada4481dab68235fc4021135cd2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/import.rb", "duplicate_line": 16, "correlation_key": "fp|62cca7c3055fc617534a302db0918566efba2ada4481dab68235fc4021135cd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/prompt.rb"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23165, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe891b9bcd4887a2a95a55da88dcc8d556cb02cb0bd94ba36b263aec446f77e0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/app_store_build_number.rb", "duplicate_line": 85, "correlation_key": "fp|fe891b9bcd4887a2a95a55da88dcc8d556cb02cb0bd94ba36b263aec446f77e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/latest_testflight_build_number.rb"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23164, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2f1946d9fcdbcc1d4b3b60ec550210f41edd196b581480c6b66e77147e409254", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/commit_version_bump.rb", "duplicate_line": 33, "correlation_key": "fp|2f1946d9fcdbcc1d4b3b60ec550210f41edd196b581480c6b66e77147e409254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/hg_commit_version_bump.rb"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23163, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35386b0e0e794a9e4fb60cf7490ebbc9a6852ce5937cb4a79e858abf2e49edf5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/google_play_track_release_names.rb", "duplicate_line": 4, "correlation_key": "fp|35386b0e0e794a9e4fb60cf7490ebbc9a6852ce5937cb4a79e858abf2e49edf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/google_play_track_version_codes.rb"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23162, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa374c97b2a204bee6698dd5b64740c976f44f70090e61de0e1bf0b8f925c20f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/create_app_on_managed_play_store.rb", "duplicate_line": 50, "correlation_key": "fp|fa374c97b2a204bee6698dd5b64740c976f44f70090e61de0e1bf0b8f925c20f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/get_managed_play_store_publishing_rights.rb"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23161, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3d0ef9617015049cf535b9ae03e81f0d7e7c547d400c3754ec15024fed55949", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "fastlane/lib/fastlane/actions/ensure_env_vars.rb", "duplicate_line": 34, "correlation_key": "fp|e3d0ef9617015049cf535b9ae03e81f0d7e7c547d400c3754ec15024fed55949"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/erb.rb"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23160, "scanner": "repobility-ai-code-hygiene", "fingerprint": "248c1eaeba680e87bfa96b3f966d3d5ab4838e8f6c500640b3cc51970f0c3993", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deliver/lib/deliver/upload_app_clip_default_experience_metadata.rb", "duplicate_line": 68, "correlation_key": "fp|248c1eaeba680e87bfa96b3f966d3d5ab4838e8f6c500640b3cc51970f0c3993"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deliver/lib/deliver/upload_metadata.rb"}, "region": {"startLine": 292}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23159, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c244538261cff91cf69cba162878f57c5ae953992c03b5224cabcdf0c2cee807", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|c244538261cff91cf69cba162878f57c5ae953992c03b5224cabcdf0c2cee807"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "snapshot/lib/snapshot/fixes/simulator_zoom_fix.rb"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23158, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7b47c15e5d53f87a0951a927ded095d68984e7651901a7503bffc3765c2af1b", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|e7b47c15e5d53f87a0951a927ded095d68984e7651901a7503bffc3765c2af1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "snapshot/lib/snapshot/fixes/hardware_keyboard_fix.rb"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23157, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b3e67aaa3388eece0e4cebb49758907867100c3a12483b7800df307e5ca4ce61", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b3e67aaa3388eece0e4cebb49758907867100c3a12483b7800df307e5ca4ce61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gym/lib/gym/xcodebuild_fixes/generic_archive_fix.rb"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23156, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4b425a7abd253408815a6fdbaaaef553c909cecebfa0edabfaffdd563ba533b", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f4b425a7abd253408815a6fdbaaaef553c909cecebfa0edabfaffdd563ba533b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/git_submodule_update.rb"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23155, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1729676eece4cf41fe6977a27c919ac5085a000084b479cab474f0096ca55351", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "clean", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1729676eece4cf41fe6977a27c919ac5085a000084b479cab474f0096ca55351"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastlane/lib/fastlane/actions/ensure_git_status_clean.rb"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22743, "scanner": "repobility-threat-engine", "fingerprint": "fccc511d167f5ec5033752a5c7d0db49db721a13d9c6d44d6a4500d2f33f853b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fccc511d167f5ec5033752a5c7d0db49db721a13d9c6d44d6a4500d2f33f853b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "snapshot/example/fastlane/SnapshotHelper.swift"}, "region": {"startLine": 228}}}]}]}]}