{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: conn.execute('SELECT * FROM t WHERE id = ?', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 6 more): Same pattern found in 6 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 37 more): Same pattern found in 37 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 37 more): Same pattern found in 37 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/483"}, "properties": {"repository": "HKUDS/CLI-Anything", "repoUrl": "https://github.com/HKUDS/CLI-Anything.git", "branch": "main"}, "results": [{"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 28116, "scanner": "repobility-agent-runtime", "fingerprint": "2584c850eb33d6ac007efa1ab79ea1eec22a5d92c7b9e541cb00bd816315fa3f", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|2584c850eb33d6ac007efa1ab79ea1eec22a5d92c7b9e541cb00bd816315fa3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "iterm2/agent-harness/cli_anything/iterm2_ctl/skills/references/session-shell-integration.md"}, "region": {"startLine": 3}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 28115, "scanner": "repobility-agent-runtime", "fingerprint": "bcff2e31f8d9ff50c84b10e97f4087f27104729cbfa5ffe116ada8f1f58acc86", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|bcff2e31f8d9ff50c84b10e97f4087f27104729cbfa5ffe116ada8f1f58acc86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "iterm2/agent-harness/cli_anything/iterm2_ctl/core/prompt.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 28114, "scanner": "repobility-agent-runtime", "fingerprint": "c7e8bd526abd28bf3f6ff632c893ab87d243c1887d911975fc4ec96c4fadfe19", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c7e8bd526abd28bf3f6ff632c893ab87d243c1887d911975fc4ec96c4fadfe19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli-hub/cli_hub/installer.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 28113, "scanner": "repobility-agent-runtime", "fingerprint": "076cb07375402529d8589f627309be9e45e2b573c6d0e2f0e7ca65403facac12", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|076cb07375402529d8589f627309be9e45e2b573c6d0e2f0e7ca65403facac12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adguardhome/agent-harness/cli_anything/adguardhome/utils/adguardhome_backend.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 28112, "scanner": "repobility-agent-runtime", "fingerprint": "ec9301408aab0fcffed88654ba31ffe467af004b3b2d58b90ae19a7e937cb66a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|ec9301408aab0fcffed88654ba31ffe467af004b3b2d58b90ae19a7e937cb66a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adguardhome/agent-harness/cli_anything/adguardhome/skills/SKILL.md"}, "region": {"startLine": 23}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 28111, "scanner": "repobility-agent-runtime", "fingerprint": "f2e01cd47ca9d8d68d571a33f8a1912f6078946463d43597ff8fd55946cee2c5", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f2e01cd47ca9d8d68d571a33f8a1912f6078946463d43597ff8fd55946cee2c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adguardhome/agent-harness/cli_anything/adguardhome/README.md"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 28080, "scanner": "repobility-threat-engine", "fingerprint": "8d6a8a6820da25fb624fec81e71b11a64583e60acdfb30bba24062644eb47259", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|113|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "unimol_tools/agent-harness/cli_anything/unimol_tools/utils/unimol_backend.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 28079, "scanner": "repobility-threat-engine", "fingerprint": "33b24b459497246f5e971fcb6b06aeab37b0b0177a7ecdb3ed08e1fa46ba9bbd", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|194|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "unimol_tools/agent-harness/cli_anything/unimol_tools/core/cleanup.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 28075, "scanner": "repobility-threat-engine", "fingerprint": "5ee5415ee0876f3eaf903a10c720b47bad151d2d22332b63e64b4f49941f5508", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify=False", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|5|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "obsidian/agent-harness/cli_anything/obsidian/utils/obsidian_backend.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 28074, "scanner": "repobility-threat-engine", "fingerprint": "2a1c980fe47b7112c69f593388756ed26adc796cc67a6ab9fb4beccdd3f1cecc", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.3 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password = \"<redacted>\"", "reason": "Low entropy value (3.3 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|6|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nslogger/agent-harness/cli_anything/nslogger/core/listener.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 28070, "scanner": "repobility-threat-engine", "fingerprint": "c7e9fa0ca01d4114fe4d7af9a3c91f9d3edc4d2ece61a0247aaa98b38941d728", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c7e9fa0ca01d4114fe4d7af9a3c91f9d3edc4d2ece61a0247aaa98b38941d728"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gimp/agent-harness/cli_anything/gimp/core/export.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 28069, "scanner": "repobility-threat-engine", "fingerprint": "b40f0d11101704f33a8f68234c37ad8c76e062977bbc506b2e1c9ea625ed0ab8", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b40f0d11101704f33a8f68234c37ad8c76e062977bbc506b2e1c9ea625ed0ab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli-hub/cli_hub/analytics.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 28068, "scanner": "repobility-threat-engine", "fingerprint": "a91b47c6e4710b52b1d586f3cec58dde78fd6f84dc1b287ee25a679a8579f976", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a91b47c6e4710b52b1d586f3cec58dde78fd6f84dc1b287ee25a679a8579f976"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/agent-harness/cli_anything/browser/utils/domshell_backend.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28110, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e9bcab81b53f411f96c925e8e6d2adc22bf9fcdd4a332a076d15f14ec434f1f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anygen/agent-harness/cli_anything/anygen/core/session.py", "duplicate_line": 9, "correlation_key": "fp|5e9bcab81b53f411f96c925e8e6d2adc22bf9fcdd4a332a076d15f14ec434f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "drawio/agent-harness/cli_anything/drawio/core/session.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28109, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b584ec115d2a76593999bede34e59e39b2e089a866f829ee4e8af6b6213d7e6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/setup.py", "duplicate_line": 20, "correlation_key": "fp|b584ec115d2a76593999bede34e59e39b2e089a866f829ee4e8af6b6213d7e6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dify-workflow/agent-harness/setup.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28108, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d000837bccc5dad770d6d52fea416bfb1c814eecf3b7679d97943490f3ef3e26", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "chromadb/agent-harness/setup.py", "duplicate_line": 9, "correlation_key": "fp|d000837bccc5dad770d6d52fea416bfb1c814eecf3b7679d97943490f3ef3e26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dify-workflow/agent-harness/setup.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28107, "scanner": "repobility-ai-code-hygiene", "fingerprint": "333fe87652dd342dec267bb97e135f37f7326d64e8ab5d65a3a01251604ecdef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|333fe87652dd342dec267bb97e135f37f7326d64e8ab5d65a3a01251604ecdef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dify-workflow/agent-harness/cli_anything/dify_workflow/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28106, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dbfa8b1d56aae22e9fb9144ce1b44446e27c45cec695d0a46a8e2d8d391f3664", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|dbfa8b1d56aae22e9fb9144ce1b44446e27c45cec695d0a46a8e2d8d391f3664"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dify-workflow/agent-harness/cli_anything/dify_workflow/utils/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28105, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14766485c04de2e90a3862a2f976de0b61bdef9ea5942821aedf4d4a7afe3b90", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anygen/agent-harness/cli_anything/anygen/anygen_cli.py", "duplicate_line": 36, "correlation_key": "fp|14766485c04de2e90a3862a2f976de0b61bdef9ea5942821aedf4d4a7afe3b90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "comfyui/agent-harness/cli_anything/comfyui/comfyui_cli.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28104, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7e343951c8f17877ee0fd9a6b128a7a1b8effa5ec693bc470505a0dc786021fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|7e343951c8f17877ee0fd9a6b128a7a1b8effa5ec693bc470505a0dc786021fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloudcompare/agent-harness/cli_anything/cloudcompare/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28103, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e29bd82482d4a553dcba7a81fb32b31674fe2ea3f9f383593e54b7602882c665", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|e29bd82482d4a553dcba7a81fb32b31674fe2ea3f9f383593e54b7602882c665"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloudcompare/agent-harness/cli_anything/cloudcompare/utils/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28102, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcf1cf754c6ac7259ed62cd60086553bc70b299aec3323a24d6fd47a86fb99ab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|bcf1cf754c6ac7259ed62cd60086553bc70b299aec3323a24d6fd47a86fb99ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloudanalyzer/agent-harness/cli_anything/cloudanalyzer/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28101, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7bb744a66f2b7bf48b610d4a23c94864640fb2e0fded7c6e3f8a8b2724871f06", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|7bb744a66f2b7bf48b610d4a23c94864640fb2e0fded7c6e3f8a8b2724871f06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloudanalyzer/agent-harness/cli_anything/cloudanalyzer/utils/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28100, "scanner": "repobility-ai-code-hygiene", "fingerprint": "90fc7e5ddb1f22ea39e8742981d5e0ec9f82d0e9ccf5f975980baab715bb0ec5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|90fc7e5ddb1f22ea39e8742981d5e0ec9f82d0e9ccf5f975980baab715bb0ec5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli-anything-plugin/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28099, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e47f5069da173f1b31b87d5f37ef81fb989a34a7a8c7e78d33505b162d7b42df", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|e47f5069da173f1b31b87d5f37ef81fb989a34a7a8c7e78d33505b162d7b42df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli-anything-plugin/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28098, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cfbee9d4bb290d5cb026ff341a38379dfd6f5b75319700924b73f8391dd4d9e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "blender/agent-harness/cli_anything/blender/utils/preview_bundle.py", "duplicate_line": 6, "correlation_key": "fp|cfbee9d4bb290d5cb026ff341a38379dfd6f5b75319700924b73f8391dd4d9e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli-anything-plugin/preview_bundle.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28097, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60c5a50a1381ef5c20ea7694c90b5410f1508a11ac64073b66ef1a22408bc7bf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|60c5a50a1381ef5c20ea7694c90b5410f1508a11ac64073b66ef1a22408bc7bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "chromadb/agent-harness/cli_anything/chromadb/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28096, "scanner": "repobility-ai-code-hygiene", "fingerprint": "044d2c5a190be523e4112b924e48dd9ff204e7162929c91839c099208585e751", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|044d2c5a190be523e4112b924e48dd9ff204e7162929c91839c099208585e751"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "chromadb/agent-harness/cli_anything/chromadb/utils/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28095, "scanner": "repobility-ai-code-hygiene", "fingerprint": "65eaacb4d8ff8560dbe01136c9bb80e215eee6bbdd1b2a7102cf3d2043eb8cad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|65eaacb4d8ff8560dbe01136c9bb80e215eee6bbdd1b2a7102cf3d2043eb8cad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/agent-harness/cli_anything/browser/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28094, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec1e1b85aa5061379c183a29510da9e499a749df5a0bdc3c028d3bb5eebaaab1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|ec1e1b85aa5061379c183a29510da9e499a749df5a0bdc3c028d3bb5eebaaab1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/agent-harness/cli_anything/browser/utils/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28093, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97407cab98d9418a8f33f4f5ee699da33dcbbfd496fbe2216251329593df0c82", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anygen/agent-harness/cli_anything/anygen/anygen_cli.py", "duplicate_line": 34, "correlation_key": "fp|97407cab98d9418a8f33f4f5ee699da33dcbbfd496fbe2216251329593df0c82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/agent-harness/cli_anything/browser/browser_cli.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28092, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18d452dee33a004d6b09c7a2d7993457f562001000cf7617fb0577449a98239d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "audacity/agent-harness/cli_anything/audacity/audacity_cli.py", "duplicate_line": 31, "correlation_key": "fp|18d452dee33a004d6b09c7a2d7993457f562001000cf7617fb0577449a98239d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/agent-harness/cli_anything/browser/browser_cli.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28091, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fc60478eb73094143ae6d0ad2e1642e998b398d896508c0fa6089322dcad765d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|fc60478eb73094143ae6d0ad2e1642e998b398d896508c0fa6089322dcad765d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "blender/agent-harness/cli_anything/blender/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28090, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d9fd8307c5a844cb6be2cb7f6380dc6209025ba4cba4eaf7169d7159f92a5fe5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|d9fd8307c5a844cb6be2cb7f6380dc6209025ba4cba4eaf7169d7159f92a5fe5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "blender/agent-harness/cli_anything/blender/utils/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28089, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bbb1abb0108d05211cfd1b3d4691c632d6856b5c2d4de961be3680c63c63f84a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "audacity/agent-harness/cli_anything/audacity/core/session.py", "duplicate_line": 34, "correlation_key": "fp|bbb1abb0108d05211cfd1b3d4691c632d6856b5c2d4de961be3680c63c63f84a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "blender/agent-harness/cli_anything/blender/core/session.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28088, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8711d2a88dee53f3b0eec67c29ceb158b357ef09aa727285c75af888b41daf2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anygen/agent-harness/cli_anything/anygen/core/session.py", "duplicate_line": 7, "correlation_key": "fp|b8711d2a88dee53f3b0eec67c29ceb158b357ef09aa727285c75af888b41daf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "blender/agent-harness/cli_anything/blender/core/session.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28087, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cede5d35b04e1644f7bc92131f56e354b6e2d0a17f240f46b043cc3278a404a9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|cede5d35b04e1644f7bc92131f56e354b6e2d0a17f240f46b043cc3278a404a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "audacity/agent-harness/cli_anything/audacity/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28086, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7b6928117a962814f84789fe8d3389c2aff030ec49d41c2e18e547a67ed1c0f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|e7b6928117a962814f84789fe8d3389c2aff030ec49d41c2e18e547a67ed1c0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "audacity/agent-harness/cli_anything/audacity/utils/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28085, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d92b6ee852394d51a55b13ac447ea3e82c7b6725cd50b35d2382b4411b6321e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anygen/agent-harness/cli_anything/anygen/core/session.py", "duplicate_line": 7, "correlation_key": "fp|6d92b6ee852394d51a55b13ac447ea3e82c7b6725cd50b35d2382b4411b6321e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "audacity/agent-harness/cli_anything/audacity/core/session.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28084, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f894ad8bcb817d41da95912bd2c09623434bbe156ab4f4a6d3607e5a3783e47", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anygen/agent-harness/cli_anything/anygen/anygen_cli.py", "duplicate_line": 34, "correlation_key": "fp|7f894ad8bcb817d41da95912bd2c09623434bbe156ab4f4a6d3607e5a3783e47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "audacity/agent-harness/cli_anything/audacity/audacity_cli.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28083, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bff2761260f3f493e73aeca2be98da2f37e18ef8465166ac07ec10c874fecb76", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|bff2761260f3f493e73aeca2be98da2f37e18ef8465166ac07ec10c874fecb76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anygen/agent-harness/cli_anything/anygen/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28082, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df19f68acb349e15229b342c0eac351efaa9ab03a121e6b2d6da63e476685f47", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py", "duplicate_line": 1, "correlation_key": "fp|df19f68acb349e15229b342c0eac351efaa9ab03a121e6b2d6da63e476685f47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anygen/agent-harness/cli_anything/anygen/utils/repl_skin.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 28081, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bab99259871e4b1ea56952ded86644be50aa44a5daf13a3141c42d39b20b6a6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "QGIS/agent-harness/cli_anything/qgis/utils/repl_skin.py", "duplicate_line": 19, "correlation_key": "fp|0bab99259871e4b1ea56952ded86644be50aa44a5daf13a3141c42d39b20b6a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC004", "level": "note", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 28073, "scanner": "repobility-threat-engine", "fingerprint": "4b3f48cdc5fecb68759a1a3b0cde3eeabd99dd03a8fa5cecc588df0665bb7601", "category": "injection", "severity": "low", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "evidence": {"match": ".execute(f\"DELETE", "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "code|injection|token|97|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "n8n/agent-harness/cli_anything/n8n/core/versions.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 28072, "scanner": "repobility-threat-engine", "fingerprint": "85703068b3eb263feb56489c9a6c42396221318f20006dc76be7a52a87c02dcb", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = O", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|cli-hub/cli_hub/preview.py|1594|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli-hub/cli_hub/preview.py"}, "region": {"startLine": 1594}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 28078, "scanner": "repobility-threat-engine", "fingerprint": "a1ba5ae214e71dbeb7e3b88ae81984cda7914887d0da8758d22624841ae263d1", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"[UniMolBackend] Starting training: {config.get('task')", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|10|print f unimolbackend starting training: config.get task"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "unimol_tools/agent-harness/cli_anything/unimol_tools/utils/unimol_backend.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 28071, "scanner": "repobility-threat-engine", "fingerprint": "4902e39192aab29cef8978fad2731e6450936b5f9f7a0e3e1c57b7cf8cd630d6", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4902e39192aab29cef8978fad2731e6450936b5f9f7a0e3e1c57b7cf8cd630d6"}}}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 28067, "scanner": "repobility-threat-engine", "fingerprint": "bf6ffef179164d4a1f0566d9d004d607c8277a98d50286dbd0a0e459403d5c48", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bf6ffef179164d4a1f0566d9d004d607c8277a98d50286dbd0a0e459403d5c48"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 37 more): Same pattern found in 37 additional files. Review if needed."}, "properties": {"repobilityId": 28063, "scanner": "repobility-threat-engine", "fingerprint": "93bd3235d8d15854e3d83c654320debb18a059983aecdc5ca7c74c9052ab7a42", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 37 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 37 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|93bd3235d8d15854e3d83c654320debb18a059983aecdc5ca7c74c9052ab7a42"}}}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 28077, "scanner": "repobility-threat-engine", "fingerprint": "6b0a0fdfe6091580e9eb56b1158766fd42bfd34a98fcf48c0f1d545fa1c82d81", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.error(`Tokens file not found: ${tokensPath}`)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|5|console.error tokens file not found: tokenspath"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sketch/agent-harness/src/cli.js"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 28076, "scanner": "repobility-threat-engine", "fingerprint": "eedf0c0621f3eac2386ed81252afd50d34a3a3733259110c67502966baf82857", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.warn(`Tokens file not found: ${tokensPath}, using defaults`)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|7|console.warn tokens file not found: tokenspath using defaults"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sketch/agent-harness/src/builder.js"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 28066, "scanner": "repobility-threat-engine", "fingerprint": "32750c809a6ad62389561e87436863565369b204ee0b271c1b5573aa8677bc88", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|162|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mubu/agent-harness/mubu_probe.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 28065, "scanner": "repobility-threat-engine", "fingerprint": "e0f79b1958c6ee18f1d66326c6f80ac675fdb9f8e95d20f832b6fa989441946c", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(in_dir, f\"{input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|928|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloudcompare/agent-harness/cli_anything/cloudcompare/utils/cc_backend.py"}, "region": {"startLine": 928}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 28064, "scanner": "repobility-threat-engine", "fingerprint": "964d9dba79ee86983061bdb559d77f31eb17080175e7494405254c2f643b1f22", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|284|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anygen/agent-harness/cli_anything/anygen/anygen_cli.py"}, "region": {"startLine": 284}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 28062, "scanner": "repobility-threat-engine", "fingerprint": "889623f360557076b74c98223e779268044d0708188bd5f780db391785e62f03", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|889623f360557076b74c98223e779268044d0708188bd5f780db391785e62f03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adguardhome/agent-harness/cli_anything/adguardhome/core/filtering.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 28061, "scanner": "repobility-threat-engine", "fingerprint": "4912d1098fab44c4b50ff63bf08db6be00b242b976834d102c1729d27c46ba8c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4912d1098fab44c4b50ff63bf08db6be00b242b976834d102c1729d27c46ba8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adguardhome/agent-harness/cli_anything/adguardhome/adguardhome_cli.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 28060, "scanner": "repobility-threat-engine", "fingerprint": "02a70e6ca19125e1565893c11f104d897ddcd1902e20b1a057ce22dbb4ec237c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|02a70e6ca19125e1565893c11f104d897ddcd1902e20b1a057ce22dbb4ec237c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/update_registry_dates.py"}, "region": {"startLine": 33}}}]}]}]}