{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-h4gh-qq45-vh27", "name": "cryptography: GHSA-h4gh-qq45-vh27", "shortDescription": {"text": "cryptography: GHSA-h4gh-qq45-vh27"}, "fullDescription": {"text": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `login` has cognitive complexity 17 (SonarSource scale). Cognitive complex", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `login` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all wei"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 17."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "GHSA-79v4-65xg-pq4g", "name": "cryptography: GHSA-79v4-65xg-pq4g", "shortDescription": {"text": "cryptography: GHSA-79v4-65xg-pq4g"}, "fullDescription": {"text": "Vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-r6ph-v2qm-q3c2", "name": "cryptography: GHSA-r6ph-v2qm-q3c2", "shortDescription": {"text": "cryptography: GHSA-r6ph-v2qm-q3c2"}, "fullDescription": {"text": "cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-35", "name": "cryptography: PYSEC-2026-35", "shortDescription": {"text": "cryptography: PYSEC-2026-35"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the \"peer name\" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "Blocking call `input` inside async function `login`", "shortDescription": {"text": "Blocking call `input` inside async function `login`"}, "fullDescription": {"text": "`input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.decompressed_body` used but never assigned in __init__", "shortDescription": {"text": "`self.decompressed_body` used but never assigned in __init__"}, "fullDescription": {"text": "Method `text` of class `HttpResponse` reads `self.decompressed_body`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC039", "name": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest: Single-pass digest of a password is cryptogra", "shortDescription": {"text": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest: Single-pass digest of a password is cryptographically strong as a hash, but is rainbow-table-attackable when used for passwords: there's no salt and no key-stretchin"}, "fullDescription": {"text": "Use a purpose-built password hash:\n  - Python: passlib.hash.argon2.hash(password)\n  - Python: bcrypt.hashpw(password.encode(), bcrypt.gensalt())\n  - Python: hashlib.pbkdf2_hmac('sha256', password, salt, 600000)\n  - PHP: password_hash($password, PASSWORD_ARGON2ID)\n  - Node.js: argon2.hash(password) or bcrypt.hash(password, 12)\nWhen rotating, accept both old + new for one session each, then re-hash on next login."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `stat` used but not imported", "shortDescription": {"text": "Missing import: `stat` used but not imported"}, "fullDescription": {"text": "The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1177"}, "properties": {"repository": "LagrangeDev/lagrange-python", "repoUrl": "https://github.com/LagrangeDev/lagrange-python", "branch": "main"}, "results": [{"ruleId": "GHSA-h4gh-qq45-vh27", "level": "warning", "message": {"text": "cryptography: GHSA-h4gh-qq45-vh27"}, "properties": {"repobilityId": 118034, "scanner": "osv-scanner", "fingerprint": "2ebec7d2bbc8f62157ecd18e2f167cf9febe9bdbb152b17d9929f0136fa24813", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-h4gh-qq45-vh27", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-H4GH-QQ45-VH27|pdm.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 118030, "scanner": "repobility-threat-engine", "fingerprint": "fcc0ad5dfbcba08fd13328bf84ddb93dd9b1fb7aa9330cfbfa65702d8b8b3659", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fcc0ad5dfbcba08fd13328bf84ddb93dd9b1fb7aa9330cfbfa65702d8b8b3659"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/binary/protobuf.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 118026, "scanner": "repobility-threat-engine", "fingerprint": "a63fe28d02dfbd62157c4a08f4fd3b6d9d55f8ffc68a764868dbe8850522c4b8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def load(cls, buffer: bytes) -> Self:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a63fe28d02dfbd62157c4a08f4fd3b6d9d55f8ffc68a764868dbe8850522c4b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/info/serialize.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 118024, "scanner": "repobility-threat-engine", "fingerprint": "aceb3703c76cf96109d6911072c8a1e8706365f473e00957d2b2aea52040c908", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|lagrange/info/serialize.py|56|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/info/serialize.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `login` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, except=1, if=5, nested_bonus=7, while=1."}, "properties": {"repobilityId": 118019, "scanner": "repobility-threat-engine", "fingerprint": "8a0b623a4599ffdc753366ac76da60c646c8f725b187b354fda1c97383396b9f", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "login", "breakdown": {"if": 5, "elif": 1, "else": 2, "while": 1, "except": 1, "nested_bonus": 7}, "complexity": 17, "correlation_key": "fp|8a0b623a4599ffdc753366ac76da60c646c8f725b187b354fda1c97383396b9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/client.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117995, "scanner": "repobility-ast-engine", "fingerprint": "a7923d414052ed079c6cb034f5d959a696f9949ba821c5f10fea0597e7fb0f60", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7923d414052ed079c6cb034f5d959a696f9949ba821c5f10fea0597e7fb0f60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 117978, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "GHSA-79v4-65xg-pq4g", "level": "note", "message": {"text": "cryptography: GHSA-79v4-65xg-pq4g"}, "properties": {"repobilityId": 118033, "scanner": "osv-scanner", "fingerprint": "bf049c2080df19e61de6f2549783d5fa06253d5fd16096a2df63cd40fc0bdbb8", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-12797"], "package": "cryptography", "rule_id": "GHSA-79v4-65xg-pq4g", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2024-12797|pdm.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `qrcode_login` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, else=1, if=3, nested_bonus=3, while=1."}, "properties": {"repobilityId": 118018, "scanner": "repobility-threat-engine", "fingerprint": "4152e47bd8f934295e5cd814334fd403d82486a77085cb136c865cc3765edfee", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "qrcode_login", "breakdown": {"if": 3, "else": 1, "break": 1, "while": 1, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|4152e47bd8f934295e5cd814334fd403d82486a77085cb136c865cc3765edfee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/base.py"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 118023, "scanner": "repobility-threat-engine", "fingerprint": "9181381a890035ba51dba84b32d01048c1633a0756df009e2b6c41bef5c9a865", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9181381a890035ba51dba84b32d01048c1633a0756df009e2b6c41bef5c9a865"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/server_push/events/group.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 118022, "scanner": "repobility-threat-engine", "fingerprint": "85ce5e034446063799d5c1daa6577a09d2dd56a968391ff5700843c1dad0d300", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85ce5e034446063799d5c1daa6577a09d2dd56a968391ff5700843c1dad0d300"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/client.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 118021, "scanner": "repobility-threat-engine", "fingerprint": "1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "qrcode_login", "breakdown": {"if": 3, "else": 1, "break": 1, "while": 1, "nested_bonus": 3}, "aggregated": true, "complexity": 9, "correlation_key": "fp|1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "aggregated_count": 14}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 118017, "scanner": "repobility-threat-engine", "fingerprint": "091a09b8c764f855918622fcf41c76ebcaf1ff1f761099248b190e861f32eaba", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|091a09b8c764f855918622fcf41c76ebcaf1ff1f761099248b190e861f32eaba", "aggregated_count": 10}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118016, "scanner": "repobility-threat-engine", "fingerprint": "a7327b6a23772303e29e90fe9eb01c75444a2b3dc1763d32257cb3f0f9796b3d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a7327b6a23772303e29e90fe9eb01c75444a2b3dc1763d32257cb3f0f9796b3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/message/elems.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118015, "scanner": "repobility-threat-engine", "fingerprint": "dfcb950eec43190c5e864874d8bd42bb9a11c3fc5559763c579cec4a22ecb79f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dfcb950eec43190c5e864874d8bd42bb9a11c3fc5559763c579cec4a22ecb79f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/message/decoder.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118014, "scanner": "repobility-threat-engine", "fingerprint": "f58f9396f72ef33b455978fa6a9f509803f78f7b30d16a04fc93ab0177f838d1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f58f9396f72ef33b455978fa6a9f509803f78f7b30d16a04fc93ab0177f838d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/base.py"}, "region": {"startLine": 341}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 118013, "scanner": "repobility-threat-engine", "fingerprint": "58c4da94b9afa5e01231817b007f3565b1e41c81ffd2047d0b8bd42d1b51c56a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|58c4da94b9afa5e01231817b007f3565b1e41c81ffd2047d0b8bd42d1b51c56a", "aggregated_count": 2}}}, {"ruleId": "GHSA-r6ph-v2qm-q3c2", "level": "error", "message": {"text": "cryptography: GHSA-r6ph-v2qm-q3c2"}, "properties": {"repobilityId": 118035, "scanner": "osv-scanner", "fingerprint": "f34799403909a5c27390d755646be9e24ffd33c73c0b3362e0115071970db20c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26007"], "package": "cryptography", "rule_id": "GHSA-r6ph-v2qm-q3c2", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2026-26007|pdm.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-35", "level": "error", "message": {"text": "cryptography: PYSEC-2026-35"}, "properties": {"repobilityId": 118032, "scanner": "osv-scanner", "fingerprint": "19180daccd3513962dfd45f8885e40d6973bbe9980647a8f538bb9c0a254dbff", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34073", "GHSA-m959-cc7f-wv43"], "package": "cryptography", "rule_id": "PYSEC-2026-35", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2026-34073|pdm.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-m959-cc7f-wv43", "PYSEC-2026-35"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["19180daccd3513962dfd45f8885e40d6973bbe9980647a8f538bb9c0a254dbff", "fcbac6cfae3144e398677013cf78ecf13890b1baab28ead686083d8b41ff198d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 118031, "scanner": "repobility-threat-engine", "fingerprint": "3db9f913223cfad88aab938e607921c3e2a14400d108d04df50b591f99045f5d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3db9f913223cfad88aab938e607921c3e2a14400d108d04df50b591f99045f5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/httpcat.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 118029, "scanner": "repobility-threat-engine", "fingerprint": "facf15ce114581b34c8b760559a8b5e36fadf823f4e88f03412c462359eb2d0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|facf15ce114581b34c8b760559a8b5e36fadf823f4e88f03412c462359eb2d0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/binary/protobuf.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_msg` has cognitive complexity 64 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=10, else=5, for=2, if=8, nested_bonus=35, or=1, ternary=2."}, "properties": {"repobilityId": 118020, "scanner": "repobility-threat-engine", "fingerprint": "f8464463cb06b4dd4d1bd80baf60a1cb06cd7cf1fd791061eaebd959df115a0b", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 64 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_msg", "breakdown": {"if": 8, "or": 1, "for": 2, "elif": 10, "else": 5, "ternary": 2, "continue": 1, "nested_bonus": 35}, "complexity": 64, "correlation_key": "fp|f8464463cb06b4dd4d1bd80baf60a1cb06cd7cf1fd791061eaebd959df115a0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/message/decoder.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 118012, "scanner": "repobility-threat-engine", "fingerprint": "59711bea88679848287f35b3195ae388cf38e6ae2628dbcb5b7ba5f7b7fe6bf7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|59711bea88679848287f35b3195ae388cf38e6ae2628dbcb5b7ba5f7b7fe6bf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/wtlogin/tlv/common.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 118011, "scanner": "repobility-threat-engine", "fingerprint": "a5ac4a9f3b08ceae1bd30074fefff9c4223f6c9d124c6916285baaefca815e86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a5ac4a9f3b08ceae1bd30074fefff9c4223f6c9d124c6916285baaefca815e86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/wtlogin/oicq.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 118010, "scanner": "repobility-threat-engine", "fingerprint": "92a5faea61b5dc5d2e2482e569c497edde60384bba7519a96ec61ab1e9de0603", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|92a5faea61b5dc5d2e2482e569c497edde60384bba7519a96ec61ab1e9de0603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/base.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `input` inside async function `login`"}, "properties": {"repobilityId": 118007, "scanner": "repobility-ast-engine", "fingerprint": "65298c37768c3465de81e95ea0aaac1a4ff889dd1876f7e75ba1b1c2b114758f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65298c37768c3465de81e95ea0aaac1a4ff889dd1876f7e75ba1b1c2b114758f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/client.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `input` inside async function `login`"}, "properties": {"repobilityId": 118006, "scanner": "repobility-ast-engine", "fingerprint": "d6cb0f99d395cf90540698a7128d593787dfb49d4fa195a16e52d0d6d9cbaffa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d6cb0f99d395cf90540698a7128d593787dfb49d4fa195a16e52d0d6d9cbaffa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/client.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decompressed_body` used but never assigned in __init__"}, "properties": {"repobilityId": 118005, "scanner": "repobility-ast-engine", "fingerprint": "6bad92fe1513ae497a5ab802d7158333ffc89d0216ee027b4918da5746c5fee1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bad92fe1513ae497a5ab802d7158333ffc89d0216ee027b4918da5746c5fee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/httpcat.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decompressed_body` used but never assigned in __init__"}, "properties": {"repobilityId": 118004, "scanner": "repobility-ast-engine", "fingerprint": "cb8172f16fce2f7a923eea491bfdc0fb61673a2d2e207f55d8f0f4993cdff301", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb8172f16fce2f7a923eea491bfdc0fb61673a2d2e207f55d8f0f4993cdff301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/httpcat.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._login` used but never assigned in __init__"}, "properties": {"repobilityId": 118002, "scanner": "repobility-ast-engine", "fingerprint": "e23e3c9c1a80b82a7018926b40864d94340442c6fea4266a758a3ef2f09a282a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e23e3c9c1a80b82a7018926b40864d94340442c6fea4266a758a3ef2f09a282a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/log.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._utils` used but never assigned in __init__"}, "properties": {"repobilityId": 118001, "scanner": "repobility-ast-engine", "fingerprint": "a6d443321bd943a80202a3ae0d134bf75d70164f4facab215b585499143d2692", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6d443321bd943a80202a3ae0d134bf75d70164f4facab215b585499143d2692"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/log.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._network` used but never assigned in __init__"}, "properties": {"repobilityId": 118000, "scanner": "repobility-ast-engine", "fingerprint": "4bb983108a4d552afe406391f1d343f9d790ff3014bbb8a34b0c5edb87b5d53a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4bb983108a4d552afe406391f1d343f9d790ff3014bbb8a34b0c5edb87b5d53a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/log.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._init` used but never assigned in __init__"}, "properties": {"repobilityId": 117999, "scanner": "repobility-ast-engine", "fingerprint": "9725aa2de2de0f0cd6080ac1387c4165fe1f77b958e02aceffc2b9751fe85d20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9725aa2de2de0f0cd6080ac1387c4165fe1f77b958e02aceffc2b9751fe85d20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/log.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._utils` used but never assigned in __init__"}, "properties": {"repobilityId": 117998, "scanner": "repobility-ast-engine", "fingerprint": "3497a3a21d458c8d6dcb3068b0a87d39151b77639b1711ee8c6d9c1ef5fe2ad2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3497a3a21d458c8d6dcb3068b0a87d39151b77639b1711ee8c6d9c1ef5fe2ad2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/log.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._network` used but never assigned in __init__"}, "properties": {"repobilityId": 117997, "scanner": "repobility-ast-engine", "fingerprint": "402295f5367bf674a07f65f614abba91696601d5d76e2906f397938e5eb32497", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|402295f5367bf674a07f65f614abba91696601d5d76e2906f397938e5eb32497"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/log.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._login` used but never assigned in __init__"}, "properties": {"repobilityId": 117996, "scanner": "repobility-ast-engine", "fingerprint": "61aaba39bc2198682418b896bec6ef46d539b2ae28f508f9d7ee8a06458bc73f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61aaba39bc2198682418b896bec6ef46d539b2ae28f508f9d7ee8a06458bc73f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/log.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._read_loop` used but never assigned in __init__"}, "properties": {"repobilityId": 117994, "scanner": "repobility-ast-engine", "fingerprint": "9a4b6c3217d3e7e1a500b35b24e1fb8fa07588a0a79f847a8c01ff4c06643b52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a4b6c3217d3e7e1a500b35b24e1fb8fa07588a0a79f847a8c01ff4c06643b52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_connected` used but never assigned in __init__"}, "properties": {"repobilityId": 117993, "scanner": "repobility-ast-engine", "fingerprint": "f7c446cc3758089f3dae56565391aa64117ffbc89e7bd936b60b7154470418f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7c446cc3758089f3dae56565391aa64117ffbc89e7bd936b60b7154470418f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.connect` used but never assigned in __init__"}, "properties": {"repobilityId": 117992, "scanner": "repobility-ast-engine", "fingerprint": "1ac3efa4e14286433d5d51be1cae4fb0370cf7682414cea516cf2f9b5ae9ccdd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ac3efa4e14286433d5d51be1cae4fb0370cf7682414cea516cf2f9b5ae9ccdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.reader` used but never assigned in __init__"}, "properties": {"repobilityId": 117991, "scanner": "repobility-ast-engine", "fingerprint": "d280647be5399b46d746235deb018ad0b85be18a27ef1ae20b189626b50a2da1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d280647be5399b46d746235deb018ad0b85be18a27ef1ae20b189626b50a2da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_error` used but never assigned in __init__"}, "properties": {"repobilityId": 117990, "scanner": "repobility-ast-engine", "fingerprint": "3a6b3529df5b956dedb3829bb559e71a7954f13e6cff561b2480c87bc65b357d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a6b3529df5b956dedb3829bb559e71a7954f13e6cff561b2480c87bc65b357d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.close` used but never assigned in __init__"}, "properties": {"repobilityId": 117989, "scanner": "repobility-ast-engine", "fingerprint": "b636dd24f0b76923c90751749876a5144e4608c4059d7c6b4ce67e275b24c6af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b636dd24f0b76923c90751749876a5144e4608c4059d7c6b4ce67e275b24c6af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_message` used but never assigned in __init__"}, "properties": {"repobilityId": 117988, "scanner": "repobility-ast-engine", "fingerprint": "1bb5baa378a25b5bcd4e9841e3e68e59d66f3c4aa4cc410d446f1594bb64f553", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1bb5baa378a25b5bcd4e9841e3e68e59d66f3c4aa4cc410d446f1594bb64f553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.stop` used but never assigned in __init__"}, "properties": {"repobilityId": 117987, "scanner": "repobility-ast-engine", "fingerprint": "f329595908686d6fbd49358dbe56649ed3b79c86ba0db34fbec6babc6a9682cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f329595908686d6fbd49358dbe56649ed3b79c86ba0db34fbec6babc6a9682cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_error` used but never assigned in __init__"}, "properties": {"repobilityId": 117986, "scanner": "repobility-ast-engine", "fingerprint": "ebbd63d4dd1369ae74b9f1dae6f2acd75f8ec710f17aec47b67f7909f2a8f8ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebbd63d4dd1369ae74b9f1dae6f2acd75f8ec710f17aec47b67f7909f2a8f8ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.closed` used but never assigned in __init__"}, "properties": {"repobilityId": 117985, "scanner": "repobility-ast-engine", "fingerprint": "06482c2043706e223a640aae8c877cde433abc4bc56f52ca4bee0a8561a42b1c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|06482c2043706e223a640aae8c877cde433abc4bc56f52ca4bee0a8561a42b1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.close` used but never assigned in __init__"}, "properties": {"repobilityId": 117984, "scanner": "repobility-ast-engine", "fingerprint": "3870fc3015f2f3f532800a87b3d213628425814c074ef82ff9a126413046b991", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3870fc3015f2f3f532800a87b3d213628425814c074ef82ff9a126413046b991"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.writer` used but never assigned in __init__"}, "properties": {"repobilityId": 117983, "scanner": "repobility-ast-engine", "fingerprint": "8107723c5b8ffd63295822d846cca37a361df9da9c0a4c31e49598976289ce1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8107723c5b8ffd63295822d846cca37a361df9da9c0a4c31e49598976289ce1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_disconnect` used but never assigned in __init__"}, "properties": {"repobilityId": 117982, "scanner": "repobility-ast-engine", "fingerprint": "e1a941ce57657a20188c14598b81801b79dc9d9d851c80c41bb8a89c9fffc5d4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e1a941ce57657a20188c14598b81801b79dc9d9d851c80c41bb8a89c9fffc5d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.ssl` used but never assigned in __init__"}, "properties": {"repobilityId": 117981, "scanner": "repobility-ast-engine", "fingerprint": "83b98848a89b3aa7f678116a1d3a30dd653f417a1bd6cac58ae138f1e707a0be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83b98848a89b3aa7f678116a1d3a30dd653f417a1bd6cac58ae138f1e707a0be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.port` used but never assigned in __init__"}, "properties": {"repobilityId": 117980, "scanner": "repobility-ast-engine", "fingerprint": "b59ee5947ef08a6071f0ca3b2910ce4b9f4b9c10ba9c4fb2fdf993a5157a0e31", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b59ee5947ef08a6071f0ca3b2910ce4b9f4b9c10ba9c4fb2fdf993a5157a0e31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.host` used but never assigned in __init__"}, "properties": {"repobilityId": 117979, "scanner": "repobility-ast-engine", "fingerprint": "3b75148e4c66e0198c59a9a7949dcf7fc258aa104654ea6fda478fa62836d0af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b75148e4c66e0198c59a9a7949dcf7fc258aa104654ea6fda478fa62836d0af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/network.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 117977, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 118028, "scanner": "repobility-threat-engine", "fingerprint": "8caf3195433a76677d2e1804a3a3e100018ea903aa55285b341cc43d1a76a8f7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8caf3195433a76677d2e1804a3a3e100018ea903aa55285b341cc43d1a76a8f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/info/serialize.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 118027, "scanner": "repobility-threat-engine", "fingerprint": "68c51f63ab0d961492c730572952c3a18bb4b1a7480a7e68ad592695bc6c4122", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|68c51f63ab0d961492c730572952c3a18bb4b1a7480a7e68ad592695bc6c4122"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/info/serialize.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 118025, "scanner": "repobility-threat-engine", "fingerprint": "46e7b1e5c86a6f7a9761e5e032c85af22c5093ff10fe5ad348733d07a1168d8c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|46e7b1e5c86a6f7a9761e5e032c85af22c5093ff10fe5ad348733d07a1168d8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/info/serialize.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC039", "level": "error", "message": {"text": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest: Single-pass digest of a password is cryptographically strong as a hash, but is rainbow-table-attackable when used for passwords: there's no salt and no key-stretching. Attackers with the hash database can crack 90%+ of common passwords offline in hours. CWE-916 (use of password hash without computational effort)."}, "properties": {"repobilityId": 118009, "scanner": "repobility-threat-engine", "fingerprint": "f352ff0d6cd7504e950b0861c054f3297f46bae253831997859ac993837f29f1", "category": "crypto", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hashlib.md5(password", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC039", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|68|sec039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/wtlogin/tlv/common.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC039", "level": "error", "message": {"text": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest: Single-pass digest of a password is cryptographically strong as a hash, but is rainbow-table-attackable when used for passwords: there's no salt and no key-stretching. Attackers with the hash database can crack 90%+ of common passwords offline in hours. CWE-916 (use of password hash without computational effort)."}, "properties": {"repobilityId": 118008, "scanner": "repobility-threat-engine", "fingerprint": "e50e4afdfbbb51e8d9010a8dbf7113c410c82bf2665be0d22450bf8306e73a77", "category": "crypto", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hashlib.md5(password", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC039", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|lagrange/client/base.py|244|sec039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/client/base.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 118003, "scanner": "repobility-ast-engine", "fingerprint": "8091c69fd60214470c585579a9c3944196cf1270351331efb309bbbd40bf0a11", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8091c69fd60214470c585579a9c3944196cf1270351331efb309bbbd40bf0a11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lagrange/utils/httpcat.py"}, "region": {"startLine": 106}}}]}]}]}