{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC003", "name": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code.", "shortDescription": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "fullDescription": {"text": "Never commit secrets. Use .env files with .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `find_app_by_string` has cognitive complexity 17 (SonarSource scale). Cogn", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `find_app_by_string` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recu"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 17."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "FastAPI POST /process has no auth", "shortDescription": {"text": "FastAPI POST /process has no auth"}, "fullDescription": {"text": "Handler `process` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.from_pyfile` used but never assigned in __init__", "shortDescription": {"text": "`self.from_pyfile` used but never assigned in __init__"}, "fullDescription": {"text": "Method `from_envvar` of class `Config` reads `self.from_pyfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_locate_app_raises", "shortDescription": {"text": "Phantom test coverage: test_locate_app_raises"}, "fullDescription": {"text": "Test function `test_locate_app_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/527"}, "properties": {"repository": "pallets/flask", "repoUrl": "https://github.com/pallets/flask.git", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 32485, "scanner": "repobility-ast-engine", "fingerprint": "ef6e3314d4e35dde2a07b05193bb2a59215572e7eb5a9f1a8e886eeefc6c15dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "percentile": {"rank": 75, "bucket": "python", "corpus_p95": 17, "your_count": 4, "corpus_median": 2, "interpretation": "more issues than 50% of repos in the corpus", "n_repos_compared": 2880, "percentile_label": "below median"}, "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef6e3314d4e35dde2a07b05193bb2a59215572e7eb5a9f1a8e886eeefc6c15dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 650}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 32484, "scanner": "repobility-ast-engine", "fingerprint": "32eee25fccee904bf4e22a513187ce2b12c10e48d5b83564a993849443ea78f2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "percentile": {"rank": 75, "bucket": "python", "corpus_p95": 17, "your_count": 4, "corpus_median": 2, "interpretation": "more issues than 50% of repos in the corpus", "n_repos_compared": 2880, "percentile_label": "below median"}, "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32eee25fccee904bf4e22a513187ce2b12c10e48d5b83564a993849443ea78f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 956}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 32483, "scanner": "repobility-ast-engine", "fingerprint": "b44c0897bc5e7eafffea7b9d7c2bbfd7c6d3d8e53f558b9606fe13bd8f32014f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "percentile": {"rank": 75, "bucket": "python", "corpus_p95": 17, "your_count": 4, "corpus_median": 2, "interpretation": "more issues than 50% of repos in the corpus", "n_repos_compared": 2880, "percentile_label": "below median"}, "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b44c0897bc5e7eafffea7b9d7c2bbfd7c6d3d8e53f558b9606fe13bd8f32014f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/app.py"}, "region": {"startLine": 1598}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 32482, "scanner": "repobility-ast-engine", "fingerprint": "7fa26e88023705f8d3f953e7f28fc1547cd3ccc44fd3f96c7b926f3337fda2f7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "percentile": {"rank": 75, "bucket": "python", "corpus_p95": 17, "your_count": 4, "corpus_median": 2, "interpretation": "more issues than 50% of repos in the corpus", "n_repos_compared": 2880, "percentile_label": "below median"}, "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fa26e88023705f8d3f953e7f28fc1547cd3ccc44fd3f96c7b926f3337fda2f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/app.py"}, "region": {"startLine": 1017}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 32330, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 32329, "scanner": "repobility-access-control", "fingerprint": "c8a6924238b1b35a338ae5f1dc69c8824eac648bf50ec4c4206c85cf56bf5add", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 5, "correlation_key": "fp|c8a6924238b1b35a338ae5f1dc69c8824eac648bf50ec4c4206c85cf56bf5add", "auth_visible_percent": 20.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 32328, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "Flask"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 32325, "scanner": "repobility-threat-engine", "fingerprint": "8db0887730c117af2347f91aef3f2f081dd32ef06ecad631873beaac7a77ed2b", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"scanner": "repobility-threat-engine", "precision": {"fp": 14, "tp": 0, "total": 252, "fp_rate": 1.0, "not_sure": 238, "wont_fix": 0, "precision": 0.0, "confidence_n": 14}, "correlation_key": "code|crypto|src/flask/sessions.py|150|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/sessions.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 32324, "scanner": "repobility-threat-engine", "fingerprint": "3ee69797efe6ca13d5e7161f7ba9367d01ba130cc16e63f48e0940b3f3323e0a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _check_setup_finished(self, f_name: str) -> None:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3ee69797efe6ca13d5e7161f7ba9367d01ba130cc16e63f48e0940b3f3323e0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/sansio/scaffold.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 32323, "scanner": "repobility-threat-engine", "fingerprint": "c58604ca4c4ebb1819538003e75758ae64b0c9ef34c5ab4ad247c3f40921b4da", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def create_jinja_environment(self) -> Environment:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c58604ca4c4ebb1819538003e75758ae64b0c9ef34c5ab4ad247c3f40921b4da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/sansio/app.py"}, "region": {"startLine": 476}}}]}, {"ruleId": "SEC003", "level": "warning", "message": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "properties": {"repobilityId": 32320, "scanner": "repobility-threat-engine", "fingerprint": "46e5961713c029f4a4351e35a1d98344ebd9fdf1fcb9ca57c665ccd5902d802f", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "evidence": {"match": "SECRET_KEY = 'development key'", "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "rule_id": "SEC003", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|src/flask/config.py|6|secret_key development key"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 32314, "scanner": "repobility-threat-engine", "fingerprint": "8ba0e2f89a4991db4e3f551cc57c4dfe92a5acc71330666481d8b73e81bce2d8", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/flask/config.py|209|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 32313, "scanner": "repobility-threat-engine", "fingerprint": "3c94862eefdba4921e522d41e35932818de69447fe0a8ef197b8e986a3a2f44c", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/flask/cli.py|1023|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 1023}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 32310, "scanner": "repobility-threat-engine", "fingerprint": "b5b553956053ee2401f04183feca9745abb2e38608e207cfc420683a1b3f0f24", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "DEBUG = True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b5b553956053ee2401f04183feca9745abb2e38608e207cfc420683a1b3f0f24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 32309, "scanner": "repobility-threat-engine", "fingerprint": "62e30eb7e04cce77e5cf5f57bb52e7207c7e33b7a738e78c2457f9c80cfead29", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|62e30eb7e04cce77e5cf5f57bb52e7207c7e33b7a738e78c2457f9c80cfead29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/app.py"}, "region": {"startLine": 663}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `find_app_by_string` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, except=4, if=5, nested_bonus=5."}, "properties": {"repobilityId": 32307, "scanner": "repobility-threat-engine", "fingerprint": "ac9c73f9234be462340dcc69d7ba35cb05e598d0dd4f7844e627c9dc64614289", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "find_app_by_string", "breakdown": {"if": 5, "elif": 1, "else": 2, "except": 4, "nested_bonus": 5}, "complexity": 17, "correlation_key": "fp|ac9c73f9234be462340dcc69d7ba35cb05e598d0dd4f7844e627c9dc64614289"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `find_best_app` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, except=1, for=2, if=5, nested_bonus=9."}, "properties": {"repobilityId": 32306, "scanner": "repobility-threat-engine", "fingerprint": "9ddaadeb5ad49d7750c56ae43f73eb1d4ed8e6c8d6d4485cb21d9dd914379530", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 18 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "find_best_app", "breakdown": {"if": 5, "for": 2, "elif": 1, "except": 1, "nested_bonus": 9}, "complexity": 18, "correlation_key": "fp|9ddaadeb5ad49d7750c56ae43f73eb1d4ed8e6c8d6d4485cb21d9dd914379530"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `register` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, except=1, if=3, nested_bonus=5."}, "properties": {"repobilityId": 32305, "scanner": "repobility-threat-engine", "fingerprint": "9db154e51735cb74c492b1dd27b7676edb773c77f0589d8d1a043f383f6dc22b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "register", "breakdown": {"if": 3, "elif": 1, "except": 1, "nested_bonus": 5}, "complexity": 10, "correlation_key": "fp|9db154e51735cb74c492b1dd27b7676edb773c77f0589d8d1a043f383f6dc22b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tutorial/flaskr/auth.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 32327, "scanner": "repobility-threat-engine", "fingerprint": "868d4b7500ae4e0ba6c8e86081ce6cf4785b065b54c9ac749e95aea893bee4f2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 12, "your_count": 1, "corpus_median": 2, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 1998, "percentile_label": "top 10%"}, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|868d4b7500ae4e0ba6c8e86081ce6cf4785b065b54c9ac749e95aea893bee4f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/sessions.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32322, "scanner": "repobility-threat-engine", "fingerprint": "a42b7040176ff5df92342dd47eadce152e2c53ac5db523e23413bb94da1873cc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 117, "your_count": 1, "corpus_median": 8, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 11214, "percentile_label": "top 10%"}, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a42b7040176ff5df92342dd47eadce152e2c53ac5db523e23413bb94da1873cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 331}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 32319, "scanner": "repobility-threat-engine", "fingerprint": "50406309e3101c911d59a3045c7bd41e083f0c20641ab6d2cbf99c80311d7d9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "percentile": {"rank": 50, "bucket": "python", "corpus_p95": 90, "your_count": 4, "corpus_median": 8, "interpretation": "near the corpus median", "n_repos_compared": 8618, "percentile_label": "around median"}, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|50406309e3101c911d59a3045c7bd41e083f0c20641ab6d2cbf99c80311d7d9e", "aggregated_count": 7}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 32318, "scanner": "repobility-threat-engine", "fingerprint": "4cf6d3a747bdd1936ca55458313183002d2ca336a710a81ffef81a404608b132", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "percentile": {"rank": 50, "bucket": "python", "corpus_p95": 90, "your_count": 4, "corpus_median": 8, "interpretation": "near the corpus median", "n_repos_compared": 8618, "percentile_label": "around median"}, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4cf6d3a747bdd1936ca55458313183002d2ca336a710a81ffef81a404608b132"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/ctx.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 32317, "scanner": "repobility-threat-engine", "fingerprint": "3a25d95be2900931dc2861d627c678ad493a5b46d2acc4f0e8319bc769438806", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "percentile": {"rank": 50, "bucket": "python", "corpus_p95": 90, "your_count": 4, "corpus_median": 8, "interpretation": "near the corpus median", "n_repos_compared": 8618, "percentile_label": "around median"}, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a25d95be2900931dc2861d627c678ad493a5b46d2acc4f0e8319bc769438806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 32316, "scanner": "repobility-threat-engine", "fingerprint": "1aa5b03539a9001d432ee8d927cda6531f072f0f78c9846200e1d4d7510494b1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "percentile": {"rank": 50, "bucket": "python", "corpus_p95": 90, "your_count": 4, "corpus_median": 8, "interpretation": "near the corpus median", "n_repos_compared": 8618, "percentile_label": "around median"}, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1aa5b03539a9001d432ee8d927cda6531f072f0f78c9846200e1d4d7510494b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 1037}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 32312, "scanner": "repobility-threat-engine", "fingerprint": "59f2f9a98125a49644e8f258c121c6cc9de80f79d019db270529c30951e48f9d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 15, "your_count": 2, "corpus_median": 2, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 1560, "percentile_label": "top 10%"}, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|59f2f9a98125a49644e8f258c121c6cc9de80f79d019db270529c30951e48f9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 32311, "scanner": "repobility-threat-engine", "fingerprint": "67cb9e8ea50021dbabff5ae0f849aa4cf181910a953f80921787ebd25eb2c773", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 15, "your_count": 2, "corpus_median": 2, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 1560, "percentile_label": "top 10%"}, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|67cb9e8ea50021dbabff5ae0f849aa4cf181910a953f80921787ebd25eb2c773"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/app.py"}, "region": {"startLine": 663}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "properties": {"repobilityId": 32308, "scanner": "repobility-threat-engine", "fingerprint": "c042fe62eead079db5c4546f4a3bb017c524dda018829964964a5752d3f2abf3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 20 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "register", "breakdown": {"if": 3, "elif": 1, "except": 1, "nested_bonus": 5}, "aggregated": true, "complexity": 10, "correlation_key": "fp|c042fe62eead079db5c4546f4a3bb017c524dda018829964964a5752d3f2abf3", "aggregated_count": 20}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32304, "scanner": "repobility-threat-engine", "fingerprint": "8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8"}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 32299, "scanner": "repobility-threat-engine", "fingerprint": "65474df27de9505afb6543769a72d09e95e96a265b1e7598fce6512691abf92f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 18, "your_count": 1, "corpus_median": 3, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 8758, "percentile_label": "top 10%"}, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65474df27de9505afb6543769a72d09e95e96a265b1e7598fce6512691abf92f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/on-create-command.sh"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /process has no auth"}, "properties": {"repobilityId": 32852, "scanner": "repobility-route-auth", "fingerprint": "87c6637192ce96df1db8360f811cba8d1a5a9bf4854c388eef797024cb04fff1", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 326, "your_count": 6, "corpus_median": 63, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 68, "percentile_label": "top 10%"}, "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|87c6637192ce96df1db8360f811cba8d1a5a9bf4854c388eef797024cb04fff1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/src/task_app/views.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /block has no auth"}, "properties": {"repobilityId": 32851, "scanner": "repobility-route-auth", "fingerprint": "777f0ebd6fc347e90a7383f3dbba10f40b9393fd6fbb47c88994508d3ea62914", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 326, "your_count": 6, "corpus_median": 63, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 68, "percentile_label": "top 10%"}, "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|777f0ebd6fc347e90a7383f3dbba10f40b9393fd6fbb47c88994508d3ea62914"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/src/task_app/views.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /add has no auth"}, "properties": {"repobilityId": 32850, "scanner": "repobility-route-auth", "fingerprint": "80002139908fdc20274c6783ba51916094aba35d58dd070634e64306764f6490", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 326, "your_count": 6, "corpus_median": 63, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 68, "percentile_label": "top 10%"}, "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|80002139908fdc20274c6783ba51916094aba35d58dd070634e64306764f6490"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/src/task_app/views.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST / has no auth"}, "properties": {"repobilityId": 32849, "scanner": "repobility-route-auth", "fingerprint": "2297ea098b9286a86850e3c9fd66d4c4d6b195eb300baf5c773ac19d8d36becd", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 326, "your_count": 6, "corpus_median": 63, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 68, "percentile_label": "top 10%"}, "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|2297ea098b9286a86850e3c9fd66d4c4d6b195eb300baf5c773ac19d8d36becd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_request.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST / has no auth"}, "properties": {"repobilityId": 32848, "scanner": "repobility-route-auth", "fingerprint": "1d6c9c3287669955a51bd4ef06c64f920a7cf609bee53afea13731f73845f106", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 326, "your_count": 6, "corpus_median": 63, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 68, "percentile_label": "top 10%"}, "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|1d6c9c3287669955a51bd4ef06c64f920a7cf609bee53afea13731f73845f106"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST / has no auth"}, "properties": {"repobilityId": 32847, "scanner": "repobility-route-auth", "fingerprint": "d0ac4a01555552776cde82c77b18c27c017b17c0d685cf37661f47a4c39292b2", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 326, "your_count": 6, "corpus_median": 63, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 68, "percentile_label": "top 10%"}, "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d0ac4a01555552776cde82c77b18c27c017b17c0d685cf37661f47a4c39292b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.from_pyfile` used but never assigned in __init__"}, "properties": {"repobilityId": 32481, "scanner": "repobility-ast-engine", "fingerprint": "e4444079c1a97b4de9f36b910e2aa7dea92c62142dac251089f6b91ccb6668f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4444079c1a97b4de9f36b910e2aa7dea92c62142dac251089f6b91ccb6668f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.files` used but never assigned in __init__"}, "properties": {"repobilityId": 32480, "scanner": "repobility-ast-engine", "fingerprint": "3f8a52f669d26ef675db9db3efe4bdcd34b3ffd98bacf01de19657caa9cd472c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f8a52f669d26ef675db9db3efe4bdcd34b3ffd98bacf01de19657caa9cd472c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/wrappers.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.mimetype` used but never assigned in __init__"}, "properties": {"repobilityId": 32479, "scanner": "repobility-ast-engine", "fingerprint": "d23dbe6c3699d118f3d110e9d98fe04461a7ba79cd42bfec45af8b61f5ad5801", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d23dbe6c3699d118f3d110e9d98fe04461a7ba79cd42bfec45af8b61f5ad5801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/wrappers.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.blueprint` used but never assigned in __init__"}, "properties": {"repobilityId": 32478, "scanner": "repobility-ast-engine", "fingerprint": "ce231431cb5b36b5ea285642323e28029549932f3c907dc62309734417660105", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce231431cb5b36b5ea285642323e28029549932f3c907dc62309734417660105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/wrappers.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.endpoint` used but never assigned in __init__"}, "properties": {"repobilityId": 32477, "scanner": "repobility-ast-engine", "fingerprint": "cb665dd681850368915f66e638cab88918ced8e45031cf8edfbe78571f021d1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb665dd681850368915f66e638cab88918ced8e45031cf8edfbe78571f021d1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/wrappers.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._copy_environ` used but never assigned in __init__"}, "properties": {"repobilityId": 32476, "scanner": "repobility-ast-engine", "fingerprint": "219faabaef28bb54404f7b257e59b972daa323ef3fe5e31c2ca93b9c4b04cd6c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|219faabaef28bb54404f7b257e59b972daa323ef3fe5e31c2ca93b9c4b04cd6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._copy_environ` used but never assigned in __init__"}, "properties": {"repobilityId": 32475, "scanner": "repobility-ast-engine", "fingerprint": "c87c8c46237574e2f75890fa04e06c63bd7f58b143b9405e34c2b1bba820b8b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c87c8c46237574e2f75890fa04e06c63bd7f58b143b9405e34c2b1bba820b8b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._copy_environ` used but never assigned in __init__"}, "properties": {"repobilityId": 32474, "scanner": "repobility-ast-engine", "fingerprint": "8d33ce163d6ee4b82264170ef003003f314acc1ca8a538ce93fe99ea81503fdb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d33ce163d6ee4b82264170ef003003f314acc1ca8a538ce93fe99ea81503fdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._request_from_builder_args` used but never assigned in __init__"}, "properties": {"repobilityId": 32473, "scanner": "repobility-ast-engine", "fingerprint": "d2969ef434c012c0ab42eea5cc2b07cd4802138642c6b6c149cf2951c11c62f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d2969ef434c012c0ab42eea5cc2b07cd4802138642c6b6c149cf2951c11c62f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._copy_environ` used but never assigned in __init__"}, "properties": {"repobilityId": 32472, "scanner": "repobility-ast-engine", "fingerprint": "4960461ac4be5d48baaf66f103b44a973e689c7890b356fd0dea335d8e1fc79d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4960461ac4be5d48baaf66f103b44a973e689c7890b356fd0dea335d8e1fc79d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._update_cookies_from_response` used but never assigned in __init__"}, "properties": {"repobilityId": 32471, "scanner": "repobility-ast-engine", "fingerprint": "96def296513f2c8b079b8a5d2caab3cb512a485790b10d887af4a5e4a6595e2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96def296513f2c8b079b8a5d2caab3cb512a485790b10d887af4a5e4a6595e2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._add_cookies_to_wsgi` used but never assigned in __init__"}, "properties": {"repobilityId": 32470, "scanner": "repobility-ast-engine", "fingerprint": "5d440bc299765bf3ed213eb723fbecad0c7233354cf400d4c044f34aa6a34115", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d440bc299765bf3ed213eb723fbecad0c7233354cf400d4c044f34aa6a34115"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._cookies` used but never assigned in __init__"}, "properties": {"repobilityId": 32469, "scanner": "repobility-ast-engine", "fingerprint": "0c35cf32cbbfaba55b3d018558df015379309e00c4a73e266e26e59bdb37b946", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c35cf32cbbfaba55b3d018558df015379309e00c4a73e266e26e59bdb37b946"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.run` used but never assigned in __init__"}, "properties": {"repobilityId": 32468, "scanner": "repobility-ast-engine", "fingerprint": "8ec5204c1227e81b3cfc5b30d5097c1bf9e39e05364e0f5df021bcd3158e1384", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ec5204c1227e81b3cfc5b30d5097c1bf9e39e05364e0f5df021bcd3158e1384"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/src/task_app/__init__.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.report_error` used but never assigned in __init__"}, "properties": {"repobilityId": 32467, "scanner": "repobility-ast-engine", "fingerprint": "f906de580a89b8f61f71045dc343a363c8d7b57734a9c462c5595af27b80e25a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f906de580a89b8f61f71045dc343a363c8d7b57734a9c462c5595af27b80e25a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_error_handler.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.report_error` used but never assigned in __init__"}, "properties": {"repobilityId": 32466, "scanner": "repobility-ast-engine", "fingerprint": "bd7687f0729fb1e8d121e1780ced8d0f483cc23436773e9f3701a0102e4ef360", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd7687f0729fb1e8d121e1780ced8d0f483cc23436773e9f3701a0102e4ef360"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_error_handler.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.Custom` used but never assigned in __init__"}, "properties": {"repobilityId": 32465, "scanner": "repobility-ast-engine", "fingerprint": "f34ad6b5b8a203da30e66df79eff8e47e86645454bec41f744134926a8484121", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f34ad6b5b8a203da30e66df79eff8e47e86645454bec41f744134926a8484121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_error_handler.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.object_hook` used but never assigned in __init__"}, "properties": {"repobilityId": 32464, "scanner": "repobility-ast-engine", "fingerprint": "cf3c4721f7f129c13b2e5384e5404d2705c97db9f048925536540c89b19806b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf3c4721f7f129c13b2e5384e5404d2705c97db9f048925536540c89b19806b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_json.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.serializer` used but never assigned in __init__"}, "properties": {"repobilityId": 32463, "scanner": "repobility-ast-engine", "fingerprint": "d65839ff7f7e9847a005bcd51835058d770982b3cab532cbd3ba8decd5e7b5d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d65839ff7f7e9847a005bcd51835058d770982b3cab532cbd3ba8decd5e7b5d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_json_tag.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expect_order` used but never assigned in __init__"}, "properties": {"repobilityId": 32462, "scanner": "repobility-ast-engine", "fingerprint": "56fc716f42856fa3dad3f94d4c20c45ae32183e32cdcc4ded67e84b3ba93aa47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56fc716f42856fa3dad3f94d4c20c45ae32183e32cdcc4ded67e84b3ba93aa47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 487}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expect_order` used but never assigned in __init__"}, "properties": {"repobilityId": 32461, "scanner": "repobility-ast-engine", "fingerprint": "43cc862e9fe4a3febf967bdaab29089010e83ada3c4baacfb3da1ecdad4fdce4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43cc862e9fe4a3febf967bdaab29089010e83ada3c4baacfb3da1ecdad4fdce4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 482}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expect_order` used but never assigned in __init__"}, "properties": {"repobilityId": 32460, "scanner": "repobility-ast-engine", "fingerprint": "ae652a5a149c423c5fc4e0e7d2208e05f055ceb9903a1bd2d1ce7aad5515532b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae652a5a149c423c5fc4e0e7d2208e05f055ceb9903a1bd2d1ce7aad5515532b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 478}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expect_order` used but never assigned in __init__"}, "properties": {"repobilityId": 32459, "scanner": "repobility-ast-engine", "fingerprint": "d4a817bf73b0e3ef0dd4c72394ec1e6d02799327c0471fbd7fe6ebce8bb8e84d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4a817bf73b0e3ef0dd4c72394ec1e6d02799327c0471fbd7fe6ebce8bb8e84d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 472}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_locate_app_raises"}, "properties": {"repobilityId": 32458, "scanner": "repobility-ast-engine", "fingerprint": "7d90102ebef8eca924220ceef7f23f9dba1b82019713b871bd4fcf7e6a916f33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d90102ebef8eca924220ceef7f23f9dba1b82019713b871bd4fcf7e6a916f33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_class"}, "properties": {"repobilityId": 32457, "scanner": "repobility-ast-engine", "fingerprint": "379750858910136d96fdc7d1ab98faeb945b003ed3d714dde8bc78202dfa0f09", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|379750858910136d96fdc7d1ab98faeb945b003ed3d714dde8bc78202dfa0f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_mapping"}, "properties": {"repobilityId": 32456, "scanner": "repobility-ast-engine", "fingerprint": "ca41eedb327bb7b8cc5330cabbdb7752407e0b64e269b637a7558008bf67a4ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca41eedb327bb7b8cc5330cabbdb7752407e0b64e269b637a7558008bf67a4ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_file_toml"}, "properties": {"repobilityId": 32455, "scanner": "repobility-ast-engine", "fingerprint": "1ba0b2f4167d9c5a3efb3dee73e639816bdf507dfb22b5dc054597975e1b1f60", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ba0b2f4167d9c5a3efb3dee73e639816bdf507dfb22b5dc054597975e1b1f60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_file_json"}, "properties": {"repobilityId": 32454, "scanner": "repobility-ast-engine", "fingerprint": "5c9213d53d179ff6e3f5485f2afbfbac036a71a9aad60abfbeae6382e17054a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c9213d53d179ff6e3f5485f2afbfbac036a71a9aad60abfbeae6382e17054a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_object"}, "properties": {"repobilityId": 32453, "scanner": "repobility-ast-engine", "fingerprint": "e20aa61ac4d75461325211d6673d695afe45cf00e16fba0538cf48355d957df7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e20aa61ac4d75461325211d6673d695afe45cf00e16fba0538cf48355d957df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_pyfile"}, "properties": {"repobilityId": 32452, "scanner": "repobility-ast-engine", "fingerprint": "9baaacdf8fecbebdc19d2bbdaba79715d2bf9bb285c6a3384ce87e3bc5211379", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9baaacdf8fecbebdc19d2bbdaba79715d2bf9bb285c6a3384ce87e3bc5211379"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_endpoint_override"}, "properties": {"repobilityId": 32451, "scanner": "repobility-ast-engine", "fingerprint": "7fb82d5451d3ea68ee979dbe58d551ce861c7a4b24e95300c513bbd5d7913c27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fb82d5451d3ea68ee979dbe58d551ce861c7a4b24e95300c513bbd5d7913c27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_views.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_view_patching"}, "properties": {"repobilityId": 32450, "scanner": "repobility-ast-engine", "fingerprint": "ddcb5520c3ee734852e6ee2d5caab3ef2e87282e9abf9071c0f8b8db23576e0d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddcb5520c3ee734852e6ee2d5caab3ef2e87282e9abf9071c0f8b8db23576e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_views.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_method_based_view"}, "properties": {"repobilityId": 32449, "scanner": "repobility-ast-engine", "fingerprint": "69d6f1524c128fb07a847cf4bffeb160f31a02d36c12b5c0a2d31e4c80814fe1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69d6f1524c128fb07a847cf4bffeb160f31a02d36c12b5c0a2d31e4c80814fe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_views.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_basic_view"}, "properties": {"repobilityId": 32448, "scanner": "repobility-ast-engine", "fingerprint": "1b3baccc80480ac4e33f3c897f5759493bcfa7acc9c25104ede38d2670d38ee3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b3baccc80480ac4e33f3c897f5759493bcfa7acc9c25104ede38d2670d38ee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_views.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_session_transaction_needs_cookies"}, "properties": {"repobilityId": 32447, "scanner": "repobility-ast-engine", "fingerprint": "50096b4abf1012b2253a35f366ec461323fa505b09364daab4b6de94f2e68249", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50096b4abf1012b2253a35f366ec461323fa505b09364daab4b6de94f2e68249"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_testing.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._gen` used but never assigned in __init__"}, "properties": {"repobilityId": 32446, "scanner": "repobility-ast-engine", "fingerprint": "1c2ab5010062cf3f513117b4e74f91b284e7506e057f3190d9a5b9e2e6822af5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c2ab5010062cf3f513117b4e74f91b284e7506e057f3190d9a5b9e2e6822af5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._gen` used but never assigned in __init__"}, "properties": {"repobilityId": 32445, "scanner": "repobility-ast-engine", "fingerprint": "d857de9f0047d042a874edb1addd6642c0ca8381a4cd59ae2a465911956338bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "percentile": {"rank": 95, "bucket": "python", "corpus_p95": 28, "your_count": 25, "corpus_median": 4, "interpretation": "worse than 90% of repos in the corpus", "n_repos_compared": 2214, "percentile_label": "90th percentile (worse)"}, "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d857de9f0047d042a874edb1addd6642c0ca8381a4cd59ae2a465911956338bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_name_with_import_error"}, "properties": {"repobilityId": 32444, "scanner": "repobility-ast-engine", "fingerprint": "49236bd5e78c1844c8b415c2feb3c0d26324f98966d5bc235aa5b1d5ea443560", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49236bd5e78c1844c8b415c2feb3c0d26324f98966d5bc235aa5b1d5ea443560"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_open_resource_exceptions"}, "properties": {"repobilityId": 32443, "scanner": "repobility-ast-engine", "fingerprint": "3b0828473d66e699ecbd21a322e84a2344a9eec110cd26c2d5265a849a84c74a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b0828473d66e699ecbd21a322e84a2344a9eec110cd26c2d5265a849a84c74a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_abort_with_app"}, "properties": {"repobilityId": 32442, "scanner": "repobility-ast-engine", "fingerprint": "00dbaf0df12e7b5955794b0645d6b63deb2773ce1c4f29d12ee40043c060deee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00dbaf0df12e7b5955794b0645d6b63deb2773ce1c4f29d12ee40043c060deee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_abort_no_app"}, "properties": {"repobilityId": 32441, "scanner": "repobility-ast-engine", "fingerprint": "6d7f49faa89a24fa580675ba6d9047ba954707d6c49f016ffb1cd27a0b0fe17e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d7f49faa89a24fa580675ba6d9047ba954707d6c49f016ffb1cd27a0b0fe17e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_redirect_with_app"}, "properties": {"repobilityId": 32440, "scanner": "repobility-ast-engine", "fingerprint": "33cddeb19e618e002516f4236f8855ff3a3a1e0a58266b948d324bb329a25f5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33cddeb19e618e002516f4236f8855ff3a3a1e0a58266b948d324bb329a25f5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_apps"}, "properties": {"repobilityId": 32439, "scanner": "repobility-ast-engine", "fingerprint": "cbd1cfc5ab50fc250288fc752d9ff323793b0dbd0f1df2c36553cbf0247435d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cbd1cfc5ab50fc250288fc752d9ff323793b0dbd0f1df2c36553cbf0247435d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/conftest.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_index"}, "properties": {"repobilityId": 32438, "scanner": "repobility-ast-engine", "fingerprint": "50ace85a7bf88d3df47b9683b831d96cf51199dbce1b1de0155af1d3174ae931", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50ace85a7bf88d3df47b9683b831d96cf51199dbce1b1de0155af1d3174ae931"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 1790}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_werkzeug_passthrough_errors"}, "properties": {"repobilityId": 32437, "scanner": "repobility-ast-engine", "fingerprint": "3e7d7c7b7dc7f0011fe67e31c0479e0f4e9f2c416dc09fb286719fff1e274fce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e7d7c7b7dc7f0011fe67e31c0479e0f4e9f2c416dc09fb286719fff1e274fce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 1628}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_build_error_handler_reraise"}, "properties": {"repobilityId": 32436, "scanner": "repobility-ast-engine", "fingerprint": "eabd1ae378d91de870878144e78a33bda6ce12c5d76e1700ebc7d8af27c61cfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eabd1ae378d91de870878144e78a33bda6ce12c5d76e1700ebc7d8af27c61cfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 1396}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_trapping_of_all_http_exceptions"}, "properties": {"repobilityId": 32435, "scanner": "repobility-ast-engine", "fingerprint": "5f006aded7497715cb02205ca84b4bbc86ebf250af7cbde1a2e9435b7f17336f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f006aded7497715cb02205ca84b4bbc86ebf250af7cbde1a2e9435b7f17336f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 1086}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_baseexception_error_handling"}, "properties": {"repobilityId": 32434, "scanner": "repobility-ast-engine", "fingerprint": "807078b5e7b9c6db1c9ee4456ef393380da47f7ec382da56431ee671c66e6f74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|807078b5e7b9c6db1c9ee4456ef393380da47f7ec382da56431ee671c66e6f74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 945}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_disallow_string_for_allowed_methods"}, "properties": {"repobilityId": 32433, "scanner": "repobility-ast-engine", "fingerprint": "050e2db95e4181376c830851bace0d4fed2271eb9db1b7292065f933ca7952e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|050e2db95e4181376c830851bace0d4fed2271eb9db1b7292065f933ca7952e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_method_route_no_methods"}, "properties": {"repobilityId": 32432, "scanner": "repobility-ast-engine", "fingerprint": "e819635b5fade6afb4c52f02dea7efef110049605248348e23f8cd4be7d9002b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "percentile": {"rank": 90, "bucket": "python", "corpus_p95": 114, "your_count": 25, "corpus_median": 8, "interpretation": "worse than 75% of repos in the corpus", "n_repos_compared": 10231, "percentile_label": "75th percentile (worse)"}, "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e819635b5fade6afb4c52f02dea7efef110049605248348e23f8cd4be7d9002b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 32326, "scanner": "repobility-threat-engine", "fingerprint": "5e801c96403038f4f9d018cda4e2ef8f74008b9ef14a40bfb8b0591b336ca1de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 33, "your_count": 1, "corpus_median": 4, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 4917, "percentile_label": "top 10%"}, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5e801c96403038f4f9d018cda4e2ef8f74008b9ef14a40bfb8b0591b336ca1de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/sessions.py"}, "region": {"startLine": 277}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 32321, "scanner": "repobility-threat-engine", "fingerprint": "97b72733299e12e82a4090cb6987b8b35a3ffcb8f2ac6c027566dd21b068524a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(compile", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|97b72733299e12e82a4090cb6987b8b35a3ffcb8f2ac6c027566dd21b068524a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 32315, "scanner": "repobility-threat-engine", "fingerprint": "a28caab6859603861b13229c9170c1d0146c7f379ca5f158e997b0c8df8d97f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "percentile": {"rank": 10, "bucket": "python", "corpus_p95": 116, "your_count": 1, "corpus_median": 9, "interpretation": "better than 90% of repos in the corpus on this pattern", "n_repos_compared": 15945, "percentile_label": "top 10%"}, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a28caab6859603861b13229c9170c1d0146c7f379ca5f158e997b0c8df8d97f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 1036}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32303, "scanner": "repobility-threat-engine", "fingerprint": "555ab18c385c044624b90c8cf35b81500a0d17bba6f6dc744e2071f7cb742f98", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "mappings.update(mapping)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|555ab18c385c044624b90c8cf35b81500a0d17bba6f6dc744e2071f7cb742f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 316}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32302, "scanner": "repobility-threat-engine", "fingerprint": "4f3fb00a6cde3860f544e8caad973f8ce4d016745825ed3456964c703f14f586", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "rv.globals.update(\n            url_for=self.url_for,\n            get_flashed_messages=get_fl", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4f3fb00a6cde3860f544e8caad973f8ce4d016745825ed3456964c703f14f586"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/app.py"}, "region": {"startLine": 495}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32301, "scanner": "repobility-threat-engine", "fingerprint": "29389cce8acf06e8394e438c8c7cec747906ebadf23be335954f8a842d0aa956", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "app.config.update(test_config)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|29389cce8acf06e8394e438c8c7cec747906ebadf23be335954f8a842d0aa956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tutorial/flaskr/__init__.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 32300, "scanner": "repobility-threat-engine", "fingerprint": "facb0eabffdc78e4c7f55de47eeae3916ed72ee0c1dfdbc852455f07de60b3ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.route(\"/add\", methods=[\"POST\"])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|facb0eabffdc78e4c7f55de47eeae3916ed72ee0c1dfdbc852455f07de60b3ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/javascript/js_example/views.py"}, "region": {"startLine": 14}}}]}]}]}