{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC011", "name": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted", "shortDescription": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "fullDescription": {"text": "Use torch.load(..., weights_only=True) or use safetensors format."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `handle_connection` has cognitive complexity 22 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `handle_connection` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 22."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `soundfile               # read wav (M0 mode)` has no version pin", "shortDescription": {"text": "requirements.txt: `soundfile               # read wav (M0 mode)` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `__init__` (list)", "shortDescription": {"text": "Mutable default argument in `__init__` (list)"}, "fullDescription": {"text": "`def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED051", "name": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong.", "shortDescription": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 4 more): Same pattern found in 4 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "Blocking call `time.sleep` inside async function `main`", "shortDescription": {"text": "Blocking call `time.sleep` inside async function `main`"}, "fullDescription": {"text": "`time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_other_cuts", "shortDescription": {"text": "Phantom test coverage: test_other_cuts"}, "fullDescription": {"text": "Test function `test_other_cuts` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.joiner` used but never assigned in __init__", "shortDescription": {"text": "`self.joiner` used but never assigned in __init__"}, "fullDescription": {"text": "Method `run_joiner` of class `OnnxModel` reads `self.joiner`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1420"}, "properties": {"repository": "Gilgamesh-J/X-ASR", "repoUrl": "https://github.com/Gilgamesh-J/X-ASR", "branch": "main"}, "results": [{"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 145660, "scanner": "repobility-threat-engine", "fingerprint": "8e06a7d03c4091c09228d3381b6ca44ab58ee7dcf744f0ed64c46e5bf94be830", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logging.info(f\"{params", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8e06a7d03c4091c09228d3381b6ca44ab58ee7dcf744f0ed64c46e5bf94be830"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/pretrained.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 145651, "scanner": "repobility-threat-engine", "fingerprint": "c15113840a0cb063ac045eebcad96121019c17a48a1d88ea589a67d4f5043792", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.jit.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|183|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/jit_pretrained_streaming.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 145650, "scanner": "repobility-threat-engine", "fingerprint": "4de08736153940ad1d4fda0f0d76320f94dee5053b2692f8dc3c4a97eb401df9", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.jit.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|212|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/jit_pretrained.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 145649, "scanner": "repobility-threat-engine", "fingerprint": "615c65503ac1b2d169075e096b26a1e53f075585f312fe76a328280100d4ed72", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|27|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/generate_averaged_model.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `handle_connection` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, elif=3, else=1, except=1, for=1, if=4, nested_bonus=9."}, "properties": {"repobilityId": 145642, "scanner": "repobility-threat-engine", "fingerprint": "2fd2f4a6b7763782caea56d1216e08d5886fe51459517d8714e9191971200e64", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 22 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "handle_connection", "breakdown": {"if": 4, "for": 1, "elif": 3, "else": 1, "except": 1, "continue": 3, "nested_bonus": 9}, "complexity": 22, "correlation_key": "fp|2fd2f4a6b7763782caea56d1216e08d5886fe51459517d8714e9191971200e64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/infer_and_client/sherpa_streaming_server.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `soundfile               # read wav (M0 mode)` has no version pin"}, "properties": {"repobilityId": 145641, "scanner": "repobility-supply-chain", "fingerprint": "18f4e4d7b823db8ccb773d0e342877cc32ea8d481aaf08ce47157b53eeae3fea", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|18f4e4d7b823db8ccb773d0e342877cc32ea8d481aaf08ce47157b53eeae3fea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/x-asr-live-demo/requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `sounddevice             # live microphone capture (M1 mode)` has no version pin"}, "properties": {"repobilityId": 145640, "scanner": "repobility-supply-chain", "fingerprint": "6a832e56eb5d0ba2e4cf6137222dc5fa648ae858064fe17308a3a1f8ab731994", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6a832e56eb5d0ba2e4cf6137222dc5fa648ae858064fe17308a3a1f8ab731994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/x-asr-live-demo/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `numpy` has no version pin"}, "properties": {"repobilityId": 145639, "scanner": "repobility-supply-chain", "fingerprint": "4b584a271fe0ee8fb086ade4b6519d93e672e19c67a38315dbfbff0d63a180bf", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b584a271fe0ee8fb086ade4b6519d93e672e19c67a38315dbfbff0d63a180bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/x-asr-live-demo/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `fireredvad              # official package (FireRedTeam / Xiaohongshu, Apache-2.0); pulls torch / kaldi_native_fbank, etc.` has no version pin"}, "properties": {"repobilityId": 145638, "scanner": "repobility-supply-chain", "fingerprint": "ffdfafe16bfc90c4f4c0241101e522ead1304c2a7b07d6ab2bf94a5931ebc5f0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ffdfafe16bfc90c4f4c0241101e522ead1304c2a7b07d6ab2bf94a5931ebc5f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/x-asr-live-demo/requirements-firered.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `sherpa-onnx` has no version pin"}, "properties": {"repobilityId": 145637, "scanner": "repobility-supply-chain", "fingerprint": "8f6347cd2758943253284060b4a438edb189b3102a00c1d2d6137518ecdb903c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8f6347cd2758943253284060b4a438edb189b3102a00c1d2d6137518ecdb903c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `librosa` has no version pin"}, "properties": {"repobilityId": 145636, "scanner": "repobility-supply-chain", "fingerprint": "709c6f29150f5c8660f91cf526562efd5ee03dc09a984f7234ca9ffc6a6b5a19", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|709c6f29150f5c8660f91cf526562efd5ee03dc09a984f7234ca9ffc6a6b5a19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `soundfile` has no version pin"}, "properties": {"repobilityId": 145635, "scanner": "repobility-supply-chain", "fingerprint": "c9743e8b130aca2551a1ab946535944fa59053259c07225927b5989ee2d79bcf", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c9743e8b130aca2551a1ab946535944fa59053259c07225927b5989ee2d79bcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `websockets` has no version pin"}, "properties": {"repobilityId": 145634, "scanner": "repobility-supply-chain", "fingerprint": "39fa43a8b1611345258f2a1c7d488f099ff0c5edcd85b0e538f2d5e6701ea508", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|39fa43a8b1611345258f2a1c7d488f099ff0c5edcd85b0e538f2d5e6701ea508"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `numpy` has no version pin"}, "properties": {"repobilityId": 145633, "scanner": "repobility-supply-chain", "fingerprint": "cac7e2f890221857198bcf9ec0a2686dab4826e69de8c815e25c08f27071d953", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cac7e2f890221857198bcf9ec0a2686dab4826e69de8c815e25c08f27071d953"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 145631, "scanner": "repobility-ast-engine", "fingerprint": "b154230faac34d57f3058a73ff218101146db73537054a78769fc7035f1766b1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b154230faac34d57f3058a73ff218101146db73537054a78769fc7035f1766b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/x-asr-live-demo/live_asr.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (list)"}, "properties": {"repobilityId": 145626, "scanner": "repobility-ast-engine", "fingerprint": "0ba3eeed487201b0dbbd79f6c01d8167a84b9d4aa21112d7727334b6e5ccebf1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ba3eeed487201b0dbbd79f6c01d8167a84b9d4aa21112d7727334b6e5ccebf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/zipformer.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 145570, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 145672, "scanner": "repobility-threat-engine", "fingerprint": "2b2fbdaaf9809db3baec56ceaafe4427139fabfc3d454ff656719bd93dfc986b", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"\u4f60\u662f\u8bed\u97f3\u8f6c\u5199(ASR)\u7684\u540e\u5904\u7406\u52a9\u624b\u3002\u4efb\u52a1:\u628a\u8fd9\u6bb5\u53e3\u8ff0\u6574\u7406\u6210\u8bf4\u8bdd\u4eba\u6700\u7ec8\u60f3\u8868\u8fbe\u7684\u6837\u5b50\u3002\u53ea\u505a\u4e0b\u9762\u5df2\u5f00\u542f\u89c4\u5219\u8981\u6c42\u7684\u589e\u5220,\u5176\u4f59\u5185\u5bb9\u4fdd\u6301\u539f\u6837\u2014\u2014\u4e0d\u8981\u6539\u5199\u7528\u8bcd\u3001\u4e0d\u8981\u81c6\u9020\u6216\u8865\u5145\u4fe1\u606f\u3001\u4e0d\u8981\u603b\u7ed3\u3001\u4e0d\u8981\u7ffb\u8bd1\u3002\\n\\n\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2b2fbdaaf9809db3baec56ceaafe4427139fabfc3d454ff656719bd93dfc986b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/windows_build/src/VibeXASR.Windows/Refine/CloudRefiner.cs"}, "region": {"startLine": 74}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `greedy_search` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=3, if=2, nested_bonus=4."}, "properties": {"repobilityId": 145644, "scanner": "repobility-threat-engine", "fingerprint": "ca2cc440ab57640b7cb3bb05349d9684cb3baea08b335536629e44097a4b35aa", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "greedy_search", "breakdown": {"if": 2, "for": 3, "nested_bonus": 4}, "complexity": 9, "correlation_key": "fp|ca2cc440ab57640b7cb3bb05349d9684cb3baea08b335536629e44097a4b35aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/jit_pretrained.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, if=3, nested_bonus=2."}, "properties": {"repobilityId": 145643, "scanner": "repobility-threat-engine", "fingerprint": "5a0296f37acc5f4eabfa1167e13be1d0ae19272a94e652d40b469da9f2211191", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "elif": 1, "else": 2, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|5a0296f37acc5f4eabfa1167e13be1d0ae19272a94e652d40b469da9f2211191"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/generate_averaged_model.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145600, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bc9bc4853a4f66634ad2e67c6577dacdbb9b0950ada00fb5df5c6c79c400249b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "projects/Vibe_XASR/macos_build/native/app/Sources/VibeIME/LocalAPIServer.swift", "duplicate_line": 263, "correlation_key": "fp|bc9bc4853a4f66634ad2e67c6577dacdbb9b0950ada00fb5df5c6c79c400249b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/windows_build/src/VibeXASR.Windows/Sharing/LocalApiServer.cs"}, "region": {"startLine": 323}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145599, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b888c7f55d07fb4662fc460a3d30998562bf3329b0c72ac25ac390f662af1ebf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "projects/Vibe_XASR/macos_build/native/app/Sources/CFireRed/include/firered_vad.h", "duplicate_line": 1, "correlation_key": "fp|b888c7f55d07fb4662fc460a3d30998562bf3329b0c72ac25ac390f662af1ebf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/native/firered_shim/firered_vad.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145598, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1e3793c50a778158288b5dd405daa1c298f41950a8cf36b6310337bb4f5b1b6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx-streaming.py", "duplicate_line": 613, "correlation_key": "fp|b1e3793c50a778158288b5dd405daa1c298f41950a8cf36b6310337bb4f5b1b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/streaming_decode.py"}, "region": {"startLine": 668}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145597, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c8e4d6d947bc4144051eee1e7bf80d97d2d202dfddc2536b4b75a8f0b5688ab1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx.py", "duplicate_line": 382, "correlation_key": "fp|c8e4d6d947bc4144051eee1e7bf80d97d2d202dfddc2536b4b75a8f0b5688ab1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/streaming_decode.py"}, "region": {"startLine": 619}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145596, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b43b50e7f1a16173c2e8c27d9843e2ea9bbdff0c619f529b2063003c42467cbb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export.py", "duplicate_line": 248, "correlation_key": "fp|b43b50e7f1a16173c2e8c27d9843e2ea9bbdff0c619f529b2063003c42467cbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/streaming_decode.py"}, "region": {"startLine": 322}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145595, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0077b7a3d814ec5f0dcceb7e380381818d843da122cad470b3b2248e1d34b25", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/decode.py", "duplicate_line": 158, "correlation_key": "fp|f0077b7a3d814ec5f0dcceb7e380381818d843da122cad470b3b2248e1d34b25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/streaming_decode.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145594, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dcfd0e26fd712c65d9a1203db4d1aec00c1bde54ba2d0ae92a7edd502cb64ae7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained_ctc.py", "duplicate_line": 223, "correlation_key": "fp|dcfd0e26fd712c65d9a1203db4d1aec00c1bde54ba2d0ae92a7edd502cb64ae7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/pretrained.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145593, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6b94f137107a7c8152aab56b51b3de64d2c225344d17181ee771d506ef75d87", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained.py", "duplicate_line": 54, "correlation_key": "fp|a6b94f137107a7c8152aab56b51b3de64d2c225344d17181ee771d506ef75d87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/pretrained.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145592, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7940a25a436fe32cc19750d1f38cab9641f5e1ad5f85e773ea75721d7845f7b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained_streaming.py", "duplicate_line": 56, "correlation_key": "fp|c7940a25a436fe32cc19750d1f38cab9641f5e1ad5f85e773ea75721d7845f7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/pretrained.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145591, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc9969edc62689502199140b19b80f84876b7b81a918c7d466715e6c24689125", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/onnx_pretrained.py", "duplicate_line": 75, "correlation_key": "fp|cc9969edc62689502199140b19b80f84876b7b81a918c7d466715e6c24689125"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/pretrained.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145590, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bd2ffbc3f7a1d860020255e23d84b152b967c8a4ecf7cfedcb9fde223408d33", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained_streaming.py", "duplicate_line": 57, "correlation_key": "fp|2bd2ffbc3f7a1d860020255e23d84b152b967c8a4ecf7cfedcb9fde223408d33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145589, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38637782072b3e588515ebfeb92076749b9a1ce89abdfb6292e0a62f80f11be8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained.py", "duplicate_line": 36, "correlation_key": "fp|38637782072b3e588515ebfeb92076749b9a1ce89abdfb6292e0a62f80f11be8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145588, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b51784a65a7da0ff7b0feac76b00f8feecc7c3977015c7fb980e44cb3ed45c42", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/onnx_pretrained-streaming.py", "duplicate_line": 75, "correlation_key": "fp|b51784a65a7da0ff7b0feac76b00f8feecc7c3977015c7fb980e44cb3ed45c42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145587, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b98aae68aaaa5b5c1d9a46240901179b8505156848ea2171696463b5eabb2af9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/onnx_decode.py", "duplicate_line": 13, "correlation_key": "fp|b98aae68aaaa5b5c1d9a46240901179b8505156848ea2171696463b5eabb2af9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145586, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09a0bd2f3064d6e1ee1f37f42fd0e8a0ed6cb648680a68a1ccc09534dcc2f15e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx.py", "duplicate_line": 3, "correlation_key": "fp|09a0bd2f3064d6e1ee1f37f42fd0e8a0ed6cb648680a68a1ccc09534dcc2f15e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145585, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2df05da9620502c2c36b3f50242f2a6eb7283cacc3c47db755f4bb68fbf1fba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained.py", "duplicate_line": 54, "correlation_key": "fp|c2df05da9620502c2c36b3f50242f2a6eb7283cacc3c47db755f4bb68fbf1fba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained-streaming.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145584, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2796f9c39c6b1c15bac30ba2e7c5e673ca094ecdc86375dd683b1984a5bf9d98", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained_streaming.py", "duplicate_line": 57, "correlation_key": "fp|2796f9c39c6b1c15bac30ba2e7c5e673ca094ecdc86375dd683b1984a5bf9d98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained-streaming.py"}, "region": {"startLine": 296}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145583, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a9c435cc729e6d4ef91ebcb74ef2ca547c9c6e7dab5d39720372d0abaec3ae5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/onnx_decode.py", "duplicate_line": 49, "correlation_key": "fp|1a9c435cc729e6d4ef91ebcb74ef2ca547c9c6e7dab5d39720372d0abaec3ae5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained-streaming.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145582, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9201f0a90236261945666fcef8d6335458655083acbb2ba22744d6185d48345", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx-streaming.py", "duplicate_line": 3, "correlation_key": "fp|a9201f0a90236261945666fcef8d6335458655083acbb2ba22744d6185d48345"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained-streaming.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145581, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2015626fd81b4c87b365a01927a4538042af85a6e0471d052505b624fc55be67", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx.py", "duplicate_line": 3, "correlation_key": "fp|2015626fd81b4c87b365a01927a4538042af85a6e0471d052505b624fc55be67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_check.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145580, "scanner": "repobility-ai-code-hygiene", "fingerprint": "511dddaf272594ce85ab84ce0f90a8530a8fcce513ddf3043f83addf1b0ed4b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained.py", "duplicate_line": 54, "correlation_key": "fp|511dddaf272594ce85ab84ce0f90a8530a8fcce513ddf3043f83addf1b0ed4b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/jit_pretrained_streaming.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145579, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5440f69c3fb328f0818fe7caa05cc0aabae17d457186b7bd49bad47cdeaa1ab3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/jit_pretrained.py", "duplicate_line": 41, "correlation_key": "fp|5440f69c3fb328f0818fe7caa05cc0aabae17d457186b7bd49bad47cdeaa1ab3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/jit_pretrained_ctc.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145578, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7cbc3fb20fa84b1dd3d7b07f96938399626ebfecf300ef7e52da38e85136892", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx-streaming.py", "duplicate_line": 127, "correlation_key": "fp|b7cbc3fb20fa84b1dd3d7b07f96938399626ebfecf300ef7e52da38e85136892"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/generate_averaged_model.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145577, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a0cb943d7a95de57ab85727a92177256f80cbc39653917320e47dd45f6a7508", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/decode.py", "duplicate_line": 153, "correlation_key": "fp|8a0cb943d7a95de57ab85727a92177256f80cbc39653917320e47dd45f6a7508"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/generate_averaged_model.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145576, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b88e69be87f2056d50c8886c19d7c5230f99f4b7eccb306000761cfe8b35cbe6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx.py", "duplicate_line": 425, "correlation_key": "fp|b88e69be87f2056d50c8886c19d7c5230f99f4b7eccb306000761cfe8b35cbe6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/export.py"}, "region": {"startLine": 359}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145575, "scanner": "repobility-ai-code-hygiene", "fingerprint": "760b3d200f225e51429e3bd30fe392b204395e15d3ca6b38f25e18a10c55a822", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx-streaming.py", "duplicate_line": 113, "correlation_key": "fp|760b3d200f225e51429e3bd30fe392b204395e15d3ca6b38f25e18a10c55a822"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/export.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145574, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e139618a2a4da1d3016792cd5831476eea3cce84951a862f34467b2d6e095779", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/decode.py", "duplicate_line": 158, "correlation_key": "fp|e139618a2a4da1d3016792cd5831476eea3cce84951a862f34467b2d6e095779"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/export.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145573, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c742e2bb7e61be269a4fe2ad2a85b51387e8714481ba9544c691b6c23add4e8c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/decode.py", "duplicate_line": 160, "correlation_key": "fp|c742e2bb7e61be269a4fe2ad2a85b51387e8714481ba9544c691b6c23add4e8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/export-onnx.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145572, "scanner": "repobility-ai-code-hygiene", "fingerprint": "291647cdc7c017593da5b0ac64356d31f22a8d5d45ca0922a0396b06cda57a5a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/export-onnx-streaming.py", "duplicate_line": 18, "correlation_key": "fp|291647cdc7c017593da5b0ac64356d31f22a8d5d45ca0922a0396b06cda57a5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/export-onnx.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145571, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60e62d9b1c59403ad94fee33b46004eda664864a901eae71acdf1f3257cf171a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "X-ASR-zh-en/zipformer/decode.py", "duplicate_line": 160, "correlation_key": "fp|60e62d9b1c59403ad94fee33b46004eda664864a901eae71acdf1f3257cf171a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/export-onnx-streaming.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 145671, "scanner": "repobility-threat-engine", "fingerprint": "23b3a8866f977365b65c193458613cbf74c53c278a263879e17e6d53966397fa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23b3a8866f977365b65c193458613cbf74c53c278a263879e17e6d53966397fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/windows_build/src/VibeXASR.Windows/Ui/TrayPopupForm.cs"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 145670, "scanner": "repobility-threat-engine", "fingerprint": "f5ea2d082cbfc5b67fa89aceb7582083ee84b2d968fb29d7699761afbbfe50f5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f5ea2d082cbfc5b67fa89aceb7582083ee84b2d968fb29d7699761afbbfe50f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/windows_build/src/VibeXASR.Windows/Dictation/DictationEngine.cs"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 145668, "scanner": "repobility-threat-engine", "fingerprint": "eb39507bf299715a7511d3dd71537b7ca4847bebec4e5ca54369aab2e6f8306c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eb39507bf299715a7511d3dd71537b7ca4847bebec4e5ca54369aab2e6f8306c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/package_release.sh"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 145667, "scanner": "repobility-threat-engine", "fingerprint": "62e5bde0aaf27968eace75c1e8f4af077dd6510a58eaa7817a13477a60dcac5c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62e5bde0aaf27968eace75c1e8f4af077dd6510a58eaa7817a13477a60dcac5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/native/app/Sources/VibeIME/CloudRefiner.swift"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 145666, "scanner": "repobility-threat-engine", "fingerprint": "ba796c0490126814b654be76800d05960cfcc8c6601e6406b58221ae0e0a92f6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba796c0490126814b654be76800d05960cfcc8c6601e6406b58221ae0e0a92f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/native/app/Sources/CFireRed/knf-feature-mfcc.cc"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 145665, "scanner": "repobility-threat-engine", "fingerprint": "25cce170e12f44578ddbcdc63a05cb26bf12fe20d2d160cf92e835766ca1b795", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|25cce170e12f44578ddbcdc63a05cb26bf12fe20d2d160cf92e835766ca1b795"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/native/app/Sources/CFireRed/knf-feature-fbank.cc"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 145664, "scanner": "repobility-threat-engine", "fingerprint": "462bb8b57887719306ec8a3cf2c050b455aeffaa9cbba6dae0ac34058459ea29", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|462bb8b57887719306ec8a3cf2c050b455aeffaa9cbba6dae0ac34058459ea29"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 145659, "scanner": "repobility-threat-engine", "fingerprint": "8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 145655, "scanner": "repobility-threat-engine", "fingerprint": "5e1cd49e9508fe15064966209199ffe409f3fa63530e16ba01e8a347e18e8f9c", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|300|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/pretrained.py"}, "region": {"startLine": 300}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 145654, "scanner": "repobility-threat-engine", "fingerprint": "0c8fa26b538d96f74fdcecfa768af68433c59739670367822991504ac173a83a", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|184|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/jit_pretrained_streaming.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 145653, "scanner": "repobility-threat-engine", "fingerprint": "6c837778b2c6313ce4c610385e14f14cd2e626fc106a9c6d3ded76c7ce6bd924", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|214|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/jit_pretrained.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 145652, "scanner": "repobility-threat-engine", "fingerprint": "8aab28f41b917aea519eec0f6d020cf7b67e01901aef4bb21289048fead6e12a", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8aab28f41b917aea519eec0f6d020cf7b67e01901aef4bb21289048fead6e12a"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 145648, "scanner": "repobility-threat-engine", "fingerprint": "91731defa0636f39d3548dd226673bb6e1f6aa408c0b2b5625534189d7bb4fc3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|91731defa0636f39d3548dd226673bb6e1f6aa408c0b2b5625534189d7bb4fc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/multi_dataset.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 145647, "scanner": "repobility-threat-engine", "fingerprint": "369b77312673c6dba5475e607780c7df72cac656718bce8a84f65318f0d41f21", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|369b77312673c6dba5475e607780c7df72cac656718bce8a84f65318f0d41f21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/encoder_interface.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 145646, "scanner": "repobility-threat-engine", "fingerprint": "009fc9011a149b0296c2e16e10ab9c38279b60baf8223425fd13af9d781d20bd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|009fc9011a149b0296c2e16e10ab9c38279b60baf8223425fd13af9d781d20bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/decoder.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 145645, "scanner": "repobility-threat-engine", "fingerprint": "d77c5009f48b7037f4b39dca2da19e88620f9ee944ab4de5a78fef76b97d4995", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "handle_connection", "breakdown": {"if": 4, "for": 1, "elif": 3, "else": 1, "except": 1, "continue": 3, "nested_bonus": 9}, "aggregated": true, "complexity": 22, "correlation_key": "fp|d77c5009f48b7037f4b39dca2da19e88620f9ee944ab4de5a78fef76b97d4995", "aggregated_count": 8}}}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 145669, "scanner": "repobility-threat-engine", "fingerprint": "fb9f110502df28a34ab5253f7be640fc1952d6fcb4d282f1d38cd6ee4a6d8941", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(args.input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|160|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/refiner_eval/eval_refiner.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 145663, "scanner": "repobility-threat-engine", "fingerprint": "b7b2582f1cce1415f82a846e6cb85df64c3d05b3fe059a87a6c91d2d6a99a6da", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b7b2582f1cce1415f82a846e6cb85df64c3d05b3fe059a87a6c91d2d6a99a6da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/native/app/Sources/VibeIME/ModelPaths.swift"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 145662, "scanner": "repobility-threat-engine", "fingerprint": "0a20b97889620379eebd8fe6e2ff8e3b66bfd86779e2cdf39c4c19ee78296294", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(b", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0a20b97889620379eebd8fe6e2ff8e3b66bfd86779e2cdf39c4c19ee78296294"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/native/app/Sources/VibeIME/CloudRefiner.swift"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 145661, "scanner": "repobility-threat-engine", "fingerprint": "2efe6d72113e38962e3cee7fd063eeddc43bc236f1a3d8716909d2ba70a35981", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2efe6d72113e38962e3cee7fd063eeddc43bc236f1a3d8716909d2ba70a35981"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/native/app/Package.swift"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 145658, "scanner": "repobility-threat-engine", "fingerprint": "c9a5d40b26d2bbd21540abe653f6341b14a5df4ab8417353dd8d348eb1ca78b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "File.Delete(tmp);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c9a5d40b26d2bbd21540abe653f6341b14a5df4ab8417353dd8d348eb1ca78b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/windows_build/src/VibeXASR.Windows/Storage/HistoryStore.cs"}, "region": {"startLine": 278}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 145657, "scanner": "repobility-threat-engine", "fingerprint": "fe18393874ee7815ef78932fc5ad83101eff41b62c7d9334985ef5aef739defc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bridge.delete(id: id)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fe18393874ee7815ef78932fc5ad83101eff41b62c7d9334985ef5aef739defc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "projects/Vibe_XASR/macos_build/native/ui_swift/Sources/VibeUI/HistoryWorkspaceModel.swift"}, "region": {"startLine": 203}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 145656, "scanner": "repobility-threat-engine", "fingerprint": "7b24b25e33f5e2a0f49b5eadd44ea1c68b6a6a38dee1123f16a94445d6d8aa8f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "test_cuts.update(\n                {\n                    \"aishell-2_test\": aishell2_test_", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7b24b25e33f5e2a0f49b5eadd44ea1c68b6a6a38dee1123f16a94445d6d8aa8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/multi_dataset.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `time.sleep` inside async function `main`"}, "properties": {"repobilityId": 145632, "scanner": "repobility-ast-engine", "fingerprint": "8e8d1d0c8921531243b11eaefad7e8ca9d38189eb10329510152e780f7453587", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e8d1d0c8921531243b11eaefad7e8ca9d38189eb10329510152e780f7453587"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/deployment/infer_and_client/sherpa_streaming_client.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_other_cuts"}, "properties": {"repobilityId": 145630, "scanner": "repobility-ast-engine", "fingerprint": "ea5e772ab986ea00a06eca7e528c944462085ab2ff6280075c5c4436defa1612", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea5e772ab986ea00a06eca7e528c944462085ab2ff6280075c5c4436defa1612"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/multi_dataset.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_clean_cuts"}, "properties": {"repobilityId": 145629, "scanner": "repobility-ast-engine", "fingerprint": "5de4b7d5e108334d0734f6c8403f9e68f00c6eb96fb6f3aef73133605151a7c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5de4b7d5e108334d0734f6c8403f9e68f00c6eb96fb6f3aef73133605151a7c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/multi_dataset.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_cuts"}, "properties": {"repobilityId": 145628, "scanner": "repobility-ast-engine", "fingerprint": "e169ca7678e36947d19bcc0ba56aa638af8448510b932c297e59ef5e5759e993", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e169ca7678e36947d19bcc0ba56aa638af8448510b932c297e59ef5e5759e993"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/multi_dataset.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dataloaders"}, "properties": {"repobilityId": 145627, "scanner": "repobility-ast-engine", "fingerprint": "ad86dc3bb2702aba6903a9d30eb7b86cd272d9d24758f9d2e09f82173148f9a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad86dc3bb2702aba6903a9d30eb7b86cd272d9d24758f9d2e09f82173148f9a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/asr_datamodule.py"}, "region": {"startLine": 367}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.joiner` used but never assigned in __init__"}, "properties": {"repobilityId": 145625, "scanner": "repobility-ast-engine", "fingerprint": "35adb5d5cdb4fbb2e4943108a1506e6d59c530a24698f49776870c2df782bb18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35adb5d5cdb4fbb2e4943108a1506e6d59c530a24698f49776870c2df782bb18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 239}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.joiner` used but never assigned in __init__"}, "properties": {"repobilityId": 145624, "scanner": "repobility-ast-engine", "fingerprint": "fb863d803dfd2191492d4d869c39dfdcc2c6991e3a4af61b680856c3fa7ff286", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb863d803dfd2191492d4d869c39dfdcc2c6991e3a4af61b680856c3fa7ff286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145623, "scanner": "repobility-ast-engine", "fingerprint": "31af3c5d16e04512ec017e293b6b1b4bf54a6810da9b482b0a5e5f465e5f6b5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31af3c5d16e04512ec017e293b6b1b4bf54a6810da9b482b0a5e5f465e5f6b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145622, "scanner": "repobility-ast-engine", "fingerprint": "c46b30142cce25e92bf242dedc364a9f7251e9ba0a71d33240d9620df25e60e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c46b30142cce25e92bf242dedc364a9f7251e9ba0a71d33240d9620df25e60e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145621, "scanner": "repobility-ast-engine", "fingerprint": "8bcbd1a6b2ffd676420bf85a9ce77dab360deab6bdbc5d39f0d8a92dff11a716", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bcbd1a6b2ffd676420bf85a9ce77dab360deab6bdbc5d39f0d8a92dff11a716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145620, "scanner": "repobility-ast-engine", "fingerprint": "045298a0314e93dd2daa4c70513265082e3900c7079bbc3127209c6f1bfe9d3a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|045298a0314e93dd2daa4c70513265082e3900c7079bbc3127209c6f1bfe9d3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145619, "scanner": "repobility-ast-engine", "fingerprint": "aeb84e980a914db265c06aa86594a693aed6ed91ddd6e14ffd915758e2264415", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aeb84e980a914db265c06aa86594a693aed6ed91ddd6e14ffd915758e2264415"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145618, "scanner": "repobility-ast-engine", "fingerprint": "a5c0d8231ca645f35d09b6356a2ab3e814366888bb6d151ae683f1ad3f034213", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5c0d8231ca645f35d09b6356a2ab3e814366888bb6d151ae683f1ad3f034213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145617, "scanner": "repobility-ast-engine", "fingerprint": "35cd4eb1dd4654f78e336090dc36dc881b3ae00d629faaf06a63504be8ac22a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35cd4eb1dd4654f78e336090dc36dc881b3ae00d629faaf06a63504be8ac22a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145616, "scanner": "repobility-ast-engine", "fingerprint": "62cd4169b0224f6e70d1bc670a712230efebb202a02d68a0eb235e8c927c5780", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62cd4169b0224f6e70d1bc670a712230efebb202a02d68a0eb235e8c927c5780"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.joiner_dim` used but never assigned in __init__"}, "properties": {"repobilityId": 145615, "scanner": "repobility-ast-engine", "fingerprint": "7ac5cb738ce32079aa26081ec4278c4c12c387a273125554af4bb75ac4dd320a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ac5cb738ce32079aa26081ec4278c4c12c387a273125554af4bb75ac4dd320a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.joiner` used but never assigned in __init__"}, "properties": {"repobilityId": 145614, "scanner": "repobility-ast-engine", "fingerprint": "c4b2802fb289dcc7db354eb3b3a906756141910f5feffaa4c38b60ae9b9c47ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4b2802fb289dcc7db354eb3b3a906756141910f5feffaa4c38b60ae9b9c47ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.joiner_dim` used but never assigned in __init__"}, "properties": {"repobilityId": 145613, "scanner": "repobility-ast-engine", "fingerprint": "16699500270bf7839de28f46c2aaaa627192d97fa211eb3a03939be3df2408d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16699500270bf7839de28f46c2aaaa627192d97fa211eb3a03939be3df2408d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.joiner` used but never assigned in __init__"}, "properties": {"repobilityId": 145612, "scanner": "repobility-ast-engine", "fingerprint": "1cefeab297ea76258541fb757fcd5177bb6303173ab702d2736ac6235ada77e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1cefeab297ea76258541fb757fcd5177bb6303173ab702d2736ac6235ada77e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vocab_size` used but never assigned in __init__"}, "properties": {"repobilityId": 145611, "scanner": "repobility-ast-engine", "fingerprint": "2c68b9c195ed68d8a9af02326d087c3d1c9b7908ae45abd088f5cd4769e28923", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c68b9c195ed68d8a9af02326d087c3d1c9b7908ae45abd088f5cd4769e28923"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.context_size` used but never assigned in __init__"}, "properties": {"repobilityId": 145610, "scanner": "repobility-ast-engine", "fingerprint": "3251b645e67840488a84ca8f7339bd48e14c3a172ac32a2d4d86085027e83495", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3251b645e67840488a84ca8f7339bd48e14c3a172ac32a2d4d86085027e83495"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145609, "scanner": "repobility-ast-engine", "fingerprint": "9a4738760146bdbb6bae1817d19deb0df4ccb5ba9a8634ea7946a7bee99fc356", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a4738760146bdbb6bae1817d19deb0df4ccb5ba9a8634ea7946a7bee99fc356"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vocab_size` used but never assigned in __init__"}, "properties": {"repobilityId": 145608, "scanner": "repobility-ast-engine", "fingerprint": "984c9c40c8ba7c504644ca5acdfa3d03d8f8a6c51dc0414f92f1e50f4740c181", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|984c9c40c8ba7c504644ca5acdfa3d03d8f8a6c51dc0414f92f1e50f4740c181"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.context_size` used but never assigned in __init__"}, "properties": {"repobilityId": 145607, "scanner": "repobility-ast-engine", "fingerprint": "5636d0c101d847ab9f569518267f34fbc62fccdf23a1e26be8bec684914e0b9b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5636d0c101d847ab9f569518267f34fbc62fccdf23a1e26be8bec684914e0b9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145606, "scanner": "repobility-ast-engine", "fingerprint": "4ae92105d4ce7889b47851ca3cd495c99b3c1eb4cd8417b02f94fe5de6d7ad42", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ae92105d4ce7889b47851ca3cd495c99b3c1eb4cd8417b02f94fe5de6d7ad42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145605, "scanner": "repobility-ast-engine", "fingerprint": "fcbe0d2a82d7771e6bf1698dbd23c9380cf5b080501b4d39e80e1e866b8db645", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fcbe0d2a82d7771e6bf1698dbd23c9380cf5b080501b4d39e80e1e866b8db645"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/onnx_pretrained.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.forward_cr_ctc` used but never assigned in __init__"}, "properties": {"repobilityId": 145604, "scanner": "repobility-ast-engine", "fingerprint": "82179215833b8956c0cefc90d4ee9bf14ed89bd9a0237d82b188215aaaab4437", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82179215833b8956c0cefc90d4ee9bf14ed89bd9a0237d82b188215aaaab4437"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/model.py"}, "region": {"startLine": 457}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.forward_ctc` used but never assigned in __init__"}, "properties": {"repobilityId": 145603, "scanner": "repobility-ast-engine", "fingerprint": "1915c54683a3fd172ebea71568c35b25a7c9aa14df0893391dc1974d2af307b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1915c54683a3fd172ebea71568c35b25a7c9aa14df0893391dc1974d2af307b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/model.py"}, "region": {"startLine": 449}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.forward_transducer` used but never assigned in __init__"}, "properties": {"repobilityId": 145602, "scanner": "repobility-ast-engine", "fingerprint": "37fd367c713cc46f60de3fe1089bb1ecfbaa98393d0ecf6be945f022df6f7863", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37fd367c713cc46f60de3fe1089bb1ecfbaa98393d0ecf6be945f022df6f7863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/model.py"}, "region": {"startLine": 429}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.forward_encoder` used but never assigned in __init__"}, "properties": {"repobilityId": 145601, "scanner": "repobility-ast-engine", "fingerprint": "3906d15fc6b5d40968f43d600ad05823b93916c715ae518af48d87d9c2f2020b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3906d15fc6b5d40968f43d600ad05823b93916c715ae518af48d87d9c2f2020b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X-ASR-zh-en/zipformer/model.py"}, "region": {"startLine": 422}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 145569, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}