{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `validate` (dict): `def validate(... = []/{}/set())` \u2014 Python's default value is ", "shortDescription": {"text": "[MINED109] Mutable default argument in `validate` (dict): `def validate(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every f"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def validate(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "Set docs_url=None, redoc_url=None, and openapi_url=None for production apps unless the docs are intentionally public and protected by routing, ingress, or an authenticated docs handler."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /."}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /."}, "fullDescription": {"text": "Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 14.5% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 14.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Store the interval id and return a useEffect cleanup that calls clearInterval. Also clear the interval in explicit stop/end handlers when relevant."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC003", "name": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code.", "shortDescription": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "fullDescription": {"text": "Never commit secrets. Use .env files with .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC139", "name": "[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payme", "shortDescription": {"text": "[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks \u2014 exactly the surfaces that need tests \u2014 with no companion test file. AI agents rewrite handlers fluent"}, "fullDescription": {"text": "Require a companion test file for any change to auth/admin/users/payments/webhooks paths. CI gate: if `src/auth/*.py` changed in a PR, fail if `tests/auth/*.py` did not also change. For migrations, require an explicit rollback (`op.execute('-- rollback ...')`) plus a test that exercises both directions."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Add robots.txt at the web root or a framework-native robots route. Include an explicit Sitemap directive and disallow only private paths."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `annotation_is_pydantic_v1` has cognitive complexity 13 (SonarSource scale", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `annotation_is_pydantic_v1` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, a"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 13."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money (and 49 more): Same pattern found in 49 additional files. Review if needed.", "shortDescription": {"text": "[MINED009] Floats For Money (and 49 more): Same pattern found in 49 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 109 more): Same pattern found in 109 additional fil", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 109 more): Same pattern found in 109 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 57 more): Same pattern found in 57 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /items/ has no auth: Handler `read_items` is registered with router/app.post(...) but no Depends", "shortDescription": {"text": "[MINED112] FastAPI POST /items/ has no auth: Handler `read_items` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_raises_pydantic_v1_model_in_additional_responses_model: Test function `test_raise", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_raises_pydantic_v1_model_in_additional_responses_model: Test function `test_raises_pydantic_v1_model_in_additional_responses_model` runs code but contains no assert / expect / should call \u2014 it passes r"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.api_route` used but never assigned in __init__: Method `get` of class `APIRouter` reads `self.api_route", "shortDescription": {"text": "[MINED108] `self.api_route` used but never assigned in __init__: Method `get` of class `APIRouter` reads `self.api_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time t"}, "fullDescription": {"text": "Initialize `self.api_route = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PATCH /items/{item_id}."}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. T", "shortDescription": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import html` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/531"}, "properties": {"repository": "tiangolo/fastapi", "repoUrl": "https://github.com/tiangolo/fastapi.git", "branch": "master"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `validate` (dict): `def validate(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 32668, "scanner": "repobility-ast-engine", "fingerprint": "27ce56696574e5bfe9eec7ef9f7a8029fc36b8b0dd552c3ecec47dbdad1c77ce", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27ce56696574e5bfe9eec7ef9f7a8029fc36b8b0dd552c3ecec47dbdad1c77ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/_compat/v2.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `read_items` (list): `def read_items(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 32667, "scanner": "repobility-ast-engine", "fingerprint": "1ab717c4eb8ad7cd83d7ee003cba43e281b92d0dac8e0e90a5865837f267c6ae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ab717c4eb8ad7cd83d7ee003cba43e281b92d0dac8e0e90a5865837f267c6ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/query_params_str_validations/tutorial012_an_py310.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `read_items` (list): `def read_items(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 32666, "scanner": "repobility-ast-engine", "fingerprint": "db385ff2364927df4b6f9a82c58d60eeb5d6d1d1199842fec7172af2f6004762", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db385ff2364927df4b6f9a82c58d60eeb5d6d1d1199842fec7172af2f6004762"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/query_params_str_validations/tutorial013_an_py310.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 32638, "scanner": "repobility-ast-engine", "fingerprint": "7f522694feb2ab97f2d99c69b4cf1e6fdbb55f2b5ec8b5f75ebeb694d58787d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f522694feb2ab97f2d99c69b4cf1e6fdbb55f2b5ec8b5f75ebeb694d58787d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ws_router.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 32637, "scanner": "repobility-ast-engine", "fingerprint": "9b3be460fc567fc195c1841c2115e798919af51f952d3ec48b00f8f7b50c3f5a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b3be460fc567fc195c1841c2115e798919af51f952d3ec48b00f8f7b50c3f5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/concurrency.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 32636, "scanner": "repobility-ast-engine", "fingerprint": "a6c1712252e38915aad19483ed711161d0287b1813aa05b3a0bc09973fd725a4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6c1712252e38915aad19483ed711161d0287b1813aa05b3a0bc09973fd725a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/encoders.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 32635, "scanner": "repobility-ast-engine", "fingerprint": "ca110155173ed3a539e0b7f5f97e0764d7ac26c2d4734b9007dc20be830013a7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca110155173ed3a539e0b7f5f97e0764d7ac26c2d4734b9007dc20be830013a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 32609, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 32608, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 32604, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 32, "file_path": "fastapi/exceptions.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 109, "file_path": "fastapi/exceptions.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 41, "file_path": "fastapi/applications.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 53, "file_path": "fastapi/applications.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 110, "file_path": "fastapi/applications.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /."}, "properties": {"repobilityId": 32603, "scanner": "repobility-access-control", "fingerprint": "fb1cb9a46a6ad8542b0b873df3a0747efce9ae147500fa67cf9bb93af59908ce", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|59|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/websockets_/tutorial002_py310.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /heroes/{hero_id}."}, "properties": {"repobilityId": 32602, "scanner": "repobility-access-control", "fingerprint": "4e2638c95e068e94388125025cc86f42ce390fd7cec7e8b71d03481652ff7976", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/heroes/{hero_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|62|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial001_py310.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /heroes/{hero_id}."}, "properties": {"repobilityId": 32601, "scanner": "repobility-access-control", "fingerprint": "67cb5ae33a0477e131df6aca1fbb4d3a3efb11cbd769ed64b8800f814611d2c8", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/heroes/{hero_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|96|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial002_an_py310.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /heroes/{hero_id}."}, "properties": {"repobilityId": 32600, "scanner": "repobility-access-control", "fingerprint": "f3234b680a359ad9c0908c0044cd555b595f7db9b1f14bc6505040ffab017d0c", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/heroes/{hero_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|66|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial001_an_py310.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /heroes/{hero_id}."}, "properties": {"repobilityId": 32599, "scanner": "repobility-access-control", "fingerprint": "d7124fec07367885440f38b52c50d12b9facd5026cb6ad1963726ad22af9c3fc", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/heroes/{hero_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|95|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial002_py310.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /items/."}, "properties": {"repobilityId": 32598, "scanner": "repobility-access-control", "fingerprint": "60266ec9700edb282a02f27fc5fc4a3e209f5d3a217f62103e4d1c64059133a9", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|6|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/header_params/tutorial003_py310.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /items/."}, "properties": {"repobilityId": 32597, "scanner": "repobility-access-control", "fingerprint": "f495605ac6fbd11634942d745be98cedcc680c60d2feb9860373546d150abdec", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|8|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/header_params/tutorial003_an_py310.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /chat/stream."}, "properties": {"repobilityId": 32596, "scanner": "repobility-access-control", "fingerprint": "ed2548ebb00dbbcb3017411176942cef9e07d268867060bf4787128f91d23553", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/chat/stream", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|14|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/server_sent_events/tutorial005_py310.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}."}, "properties": {"repobilityId": 32595, "scanner": "repobility-access-control", "fingerprint": "a9e7720be8586bf52d8e0417255cc4627ae1217c9fc1b5e01a56024f0b806671", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/{item_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|fastapi/routing.py|3315|auc009", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 3315}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}."}, "properties": {"repobilityId": 32594, "scanner": "repobility-access-control", "fingerprint": "33e8fd873e28d92a895702efa85cde2d759a85887e981354888bb2484f08c923", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/{item_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|fastapi/applications.py|3034|auc009", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 3034}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /."}, "properties": {"repobilityId": 32593, "scanner": "repobility-access-control", "fingerprint": "4ecd6388e199b2da597db87488dc2a8b9610ec659650b66ff6cd79d0c7666d0b", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|6|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/bigger_applications/app_an_py310/internal/admin.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /info."}, "properties": {"repobilityId": 32592, "scanner": "repobility-access-control", "fingerprint": "0890eb2afa963e0d14133f0d5c2ca4fa93f98383a628568299658df8b0244415", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/info", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|8|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/settings/app01_py310/main.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /info."}, "properties": {"repobilityId": 32591, "scanner": "repobility-access-control", "fingerprint": "03c292a2bf6e1f3821efc2df46ed5a3eef2681ff044595c1fd2ee11e112941bf", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/info", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|16|auc004", "duplicate_count": 1, "identity_targets": ["unknown", "admin"], "duplicate_rule_ids": ["AUC004"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["03c292a2bf6e1f3821efc2df46ed5a3eef2681ff044595c1fd2ee11e112941bf", "cecaae2feb4f9fad3a322292ff408f240d2e3b461a734a43a2db15d20bd9f6f7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/settings/app03_an_py310/main.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /info."}, "properties": {"repobilityId": 32590, "scanner": "repobility-access-control", "fingerprint": "f6caa3dd52f38fff69cd44773aab9a889c94805434a4cc345d05563eaa42251c", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/info", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|15|auc004", "duplicate_count": 2, "identity_targets": ["unknown", "admin"], "duplicate_rule_ids": ["AUC004"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["22d5343d88c7b99308a548eb68e0e3ae7ac7f28af05533c682236c4f7e0b6b4b", "39326a95a3d5004e57f222f952caa5d852b04bd6206079733f34cfb0c92986db", "f6caa3dd52f38fff69cd44773aab9a889c94805434a4cc345d05563eaa42251c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/settings/tutorial001_py310.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /."}, "properties": {"repobilityId": 32589, "scanner": "repobility-access-control", "fingerprint": "a1e3552f7f447ec6772f3277fc7d3ede2c022e6bba18af1c5b5be94487c11dac", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|66|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/websockets_/tutorial003_py310.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 14.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 32580, "scanner": "repobility-access-control", "fingerprint": "9881722652e1d068ff5485a6a0d618275a227181f7279ad2d42371e839f498ab", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 448, "correlation_key": "fp|9881722652e1d068ff5485a6a0d618275a227181f7279ad2d42371e839f498ab", "auth_visible_percent": 14.5}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 32579, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI", "Flask", "GraphQL"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 32578, "scanner": "repobility-agent-runtime", "fingerprint": "852d971e2c4ecfe6ccffa3b7bd1194b54bbe59acf4557c1a4f090bb56c73f4e1", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|852d971e2c4ecfe6ccffa3b7bd1194b54bbe59acf4557c1a4f090bb56c73f4e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/docs/js/custom.js"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 32547, "scanner": "repobility-threat-engine", "fingerprint": "348d16a7ac4eab40bcf6292de909f7f05c5550005856ac02c1e1112499aa71f2", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"{{ sponsor.url }}\" target=\"_blank\" title=\"{{ sponsor.title }}\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|scripts/docs.py|191|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/docs.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 32541, "scanner": "repobility-threat-engine", "fingerprint": "3eca598398ad5119f0345b598c335a561f2b2f541b903dee354c356384754045", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|71|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial002_an_py310.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 32540, "scanner": "repobility-threat-engine", "fingerprint": "3cee9fee1f9b7ed71f5c5e0c3b166a7dae90fad8aa5efa199249ad43b098d486", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|50|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial001_py310.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 32539, "scanner": "repobility-threat-engine", "fingerprint": "af311c5efb0275f7f8de89ea9e94b1dfbc5c642bdb69f8dff363c6199030c6c7", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|54|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial001_an_py310.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 32533, "scanner": "repobility-threat-engine", "fingerprint": "05a2440f0d3e82bfe91ab90ca603d604d70c976dbfa7943303734d226026dbea", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_access_token", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|97|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/security/tutorial005_an_py310.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 32532, "scanner": "repobility-threat-engine", "fingerprint": "2fb6fb3e56e5df6d7213f2f73182c17ddb82d85adf519db14715b9f0faee02e6", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_access_token", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|81|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/security/tutorial004_py310.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 32531, "scanner": "repobility-threat-engine", "fingerprint": "e8916190cd2e1cc31a75a83ad8fadfce863500e080f58e87adc2f719d52466af", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_access_token", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|82|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/security/tutorial004_an_py310.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC003", "level": "warning", "message": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "properties": {"repobilityId": 32529, "scanner": "repobility-threat-engine", "fingerprint": "132608b865981698adcecb360cde3e15ef8d029bf0d9bb8b583a42578baaaaf0", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.9 bits) \u2014 may be placeholder or common string Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "SECRET_KEY = \"09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7\"", "reason": "Low entropy value (3.9 bits) \u2014 may be placeholder or common string", "rule_id": "SEC003", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|secret_key hex", "duplicate_count": 2, "duplicate_rule_ids": ["SEC003"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["132608b865981698adcecb360cde3e15ef8d029bf0d9bb8b583a42578baaaaf0", "2d85fc5110e2f8a9ab8eb45e163a55028339c25d0508a14494a3624ed0c84ab9", "d55e164f5f82a5bd9df5ff359e3590387eea8cb9ad480f5cde3336fa73d3a42f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/security/tutorial004_an_py310.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 32527, "scanner": "repobility-threat-engine", "fingerprint": "279ea54ffa80a02a85110238fda3ad4f1dcacfdbba819770ba1e07230a51d7bf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"John Doe\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|279ea54ffa80a02a85110238fda3ad4f1dcacfdbba819770ba1e07230a51d7bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/security/tutorial002_py310.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 32526, "scanner": "repobility-threat-engine", "fingerprint": "e315f2aab486620c5f6a5789a144559f0f8a8dbf1371a688902f42bfd78bbf73", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"John Doe\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e315f2aab486620c5f6a5789a144559f0f8a8dbf1371a688902f42bfd78bbf73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/security/tutorial002_an_py310.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 32525, "scanner": "repobility-threat-engine", "fingerprint": "cd32c1491b3e69b298695e03bb2de336f9cf508ce8a1944aaae27429fe4c40a6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"John Doe\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cd32c1491b3e69b298695e03bb2de336f9cf508ce8a1944aaae27429fe4c40a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/python_types/tutorial011_py310.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC139", "level": "warning", "message": {"text": "[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks \u2014 exactly the surfaces that need tests \u2014 with no companion test file. AI agents rewrite handlers fluently but skip the test diff almost every time, leaving high-blast-radius code uncovered. Distinct from generic 'no tests' because we target sensitive surfaces where the absence of tests is itself a risk signal. CWE-1078 (missing test coverage of security-critica"}, "properties": {"repobilityId": 32523, "scanner": "repobility-threat-engine", "fingerprint": "f9303f14091e9d65d65baa17a0e19b0500707261c733562eea14b5d372b9dfab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/users/\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC139", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f9303f14091e9d65d65baa17a0e19b0500707261c733562eea14b5d372b9dfab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/generate_clients/tutorial002_py310.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC139", "level": "warning", "message": {"text": "[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks \u2014 exactly the surfaces that need tests \u2014 with no companion test file. AI agents rewrite handlers fluently but skip the test diff almost every time, leaving high-blast-radius code uncovered. Distinct from generic 'no tests' because we target sensitive surfaces where the absence of tests is itself a risk signal. CWE-1078 (missing test coverage of security-critica"}, "properties": {"repobilityId": 32522, "scanner": "repobility-threat-engine", "fingerprint": "ff76d33fea8713c84e57a46a1548b918d0cf98c429681c75344883a5814d81ce", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/user/\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC139", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ff76d33fea8713c84e57a46a1548b918d0cf98c429681c75344883a5814d81ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/extra_models/tutorial002_py310.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC139", "level": "warning", "message": {"text": "[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks \u2014 exactly the surfaces that need tests \u2014 with no companion test file. AI agents rewrite handlers fluently but skip the test diff almost every time, leaving high-blast-radius code uncovered. Distinct from generic 'no tests' because we target sensitive surfaces where the absence of tests is itself a risk signal. CWE-1078 (missing test coverage of security-critica"}, "properties": {"repobilityId": 32521, "scanner": "repobility-threat-engine", "fingerprint": "6593429d9c26842ee6dce395927175a79914f491901ff26d8ce393a00a49d052", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/user/\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC139", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6593429d9c26842ee6dce395927175a79914f491901ff26d8ce393a00a49d052"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/extra_models/tutorial001_py310.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 32494, "scanner": "repobility-threat-engine", "fingerprint": "be48f4b7b0fdfef86f311bfcdfb863de203587a44c4395ec8a88d5c5929d0b5d", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "catch (_) {}", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|be48f4b7b0fdfef86f311bfcdfb863de203587a44c4395ec8a88d5c5929d0b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/docs/js/custom.js"}, "region": {"startLine": 200}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 32607, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 32606, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 32605, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32577, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d679d46f9a34e06e1d248b79af49d7196eae198f35278fac4bc8d5ea97ef3876", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/schema_extra_example/tutorial004_an_py310.py", "duplicate_line": 16, "correlation_key": "fp|d679d46f9a34e06e1d248b79af49d7196eae198f35278fac4bc8d5ea97ef3876"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/schema_extra_example/tutorial004_py310.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32576, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6fce7d2f0a588033a6781b39ca94b9ef79d9c3f0303fed6caceb7e6f05afb32e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/schema_extra_example/tutorial003_py310.py", "duplicate_line": 1, "correlation_key": "fp|6fce7d2f0a588033a6781b39ca94b9ef79d9c3f0303fed6caceb7e6f05afb32e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/schema_extra_example/tutorial004_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32575, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e4fccf546313da8eeaa8b6fe2aa5e30430a4f03d7289bdadd80761fd3838a69e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/schema_extra_example/tutorial003_an_py310.py", "duplicate_line": 1, "correlation_key": "fp|e4fccf546313da8eeaa8b6fe2aa5e30430a4f03d7289bdadd80761fd3838a69e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/schema_extra_example/tutorial004_an_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32574, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6da8501295b8563013cc69202ba8804b76b2063e88567ca79db7e585acbf8d43", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/response_model/tutorial005_py310.py", "duplicate_line": 1, "correlation_key": "fp|6da8501295b8563013cc69202ba8804b76b2063e88567ca79db7e585acbf8d43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/response_model/tutorial006_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32573, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2aa03d72c106f8473784e3e626961a9422e899ba4211cc13cb3fd554dd31030e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/extra_models/tutorial001_py310.py", "duplicate_line": 1, "correlation_key": "fp|2aa03d72c106f8473784e3e626961a9422e899ba4211cc13cb3fd554dd31030e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/response_model/tutorial003_py310.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32572, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c85c6832f5bc679134d4522ba235bfcf7c996ebac74e94bc36d788069d3c4aac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/request_files/tutorial002_an_py310.py", "duplicate_line": 10, "correlation_key": "fp|c85c6832f5bc679134d4522ba235bfcf7c996ebac74e94bc36d788069d3c4aac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/request_files/tutorial003_py310.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32571, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d9dcffb5193401dcb494956d623d3be22925db1fcc31d464f04c0aec653ee97", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/request_files/tutorial003_an_py310.py", "duplicate_line": 15, "correlation_key": "fp|1d9dcffb5193401dcb494956d623d3be22925db1fcc31d464f04c0aec653ee97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/request_files/tutorial003_py310.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32570, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b38e6fda756380d306848b65aedecfdf9ec819b49e03b2421c9bf4fdf914577", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/request_files/tutorial002_an_py310.py", "duplicate_line": 10, "correlation_key": "fp|4b38e6fda756380d306848b65aedecfdf9ec819b49e03b2421c9bf4fdf914577"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/request_files/tutorial003_an_py310.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32569, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e44a0dca2bf9591ae0c2c2cede860be84038d39ab2268e0ced51a1c10a109e58", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/request_files/tutorial002_an_py310.py", "duplicate_line": 7, "correlation_key": "fp|e44a0dca2bf9591ae0c2c2cede860be84038d39ab2268e0ced51a1c10a109e58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/request_files/tutorial002_py310.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32568, "scanner": "repobility-ai-code-hygiene", "fingerprint": "01c2f6d6f573ef2659376aaad29481aae0d04d16aa941a5f5eeec50b08421e29", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/path_operation_configuration/tutorial003_py310.py", "duplicate_line": 1, "correlation_key": "fp|01c2f6d6f573ef2659376aaad29481aae0d04d16aa941a5f5eeec50b08421e29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/path_operation_configuration/tutorial005_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32567, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db030bed1696c021607f26823e1dd67d6c1da932de812d52fcb39d75953950cb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/path_operation_advanced_configuration/tutorial004_py310.py", "duplicate_line": 1, "correlation_key": "fp|db030bed1696c021607f26823e1dd67d6c1da932de812d52fcb39d75953950cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/path_operation_configuration/tutorial004_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32566, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87891791ea027d916f52364d9b990e75215324110a5782f5c2a181c6fa219322", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/metadata/tutorial001_1_py310.py", "duplicate_line": 1, "correlation_key": "fp|87891791ea027d916f52364d9b990e75215324110a5782f5c2a181c6fa219322"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/metadata/tutorial001_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32565, "scanner": "repobility-ai-code-hygiene", "fingerprint": "149a9dd5415679618848b70162f543804d4625c4d1075f84708b2bc85d759182", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/generate_clients/tutorial002_py310.py", "duplicate_line": 4, "correlation_key": "fp|149a9dd5415679618848b70162f543804d4625c4d1075f84708b2bc85d759182"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/generate_clients/tutorial003_py310.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32564, "scanner": "repobility-ai-code-hygiene", "fingerprint": "029e9cd3d113760a53d79711a752ce694e940642780c23533c1fcc04c68a87cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/extra_data_types/tutorial001_an_py310.py", "duplicate_line": 13, "correlation_key": "fp|029e9cd3d113760a53d79711a752ce694e940642780c23533c1fcc04c68a87cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/extra_data_types/tutorial001_py310.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32563, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1cb08157f38cadc78fce79b82d679f8ee5c17ec808fbe4836972fbd3c5e027d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/dependency_testing/tutorial001_an_py310.py", "duplicate_line": 12, "correlation_key": "fp|f1cb08157f38cadc78fce79b82d679f8ee5c17ec808fbe4836972fbd3c5e027d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependency_testing/tutorial001_py310.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32562, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3de3cf7bd9083bfb10c6069dfb00bc36b91dac28e1dbdd45387f20cfb1f53b9c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/dependencies/tutorial013_an_py310.py", "duplicate_line": 1, "correlation_key": "fp|3de3cf7bd9083bfb10c6069dfb00bc36b91dac28e1dbdd45387f20cfb1f53b9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial014_an_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32561, "scanner": "repobility-ai-code-hygiene", "fingerprint": "390b444c92b265c797e7cea6d9b9b4f95caf32709a0ddeb368e7002761b8edcd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/dependencies/tutorial008b_an_py310.py", "duplicate_line": 2, "correlation_key": "fp|390b444c92b265c797e7cea6d9b9b4f95caf32709a0ddeb368e7002761b8edcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008b_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32560, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e6df1cb6f9c30db62ba5864fddd0acb19ef4241d6c9eaff650da89040a0c7a5e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/custom_request_and_route/tutorial002_an_py310.py", "duplicate_line": 3, "correlation_key": "fp|e6df1cb6f9c30db62ba5864fddd0acb19ef4241d6c9eaff650da89040a0c7a5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/custom_request_and_route/tutorial002_py310.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32559, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27b091511f0755c966028202fe426b0420f36d4ba9465a731e175220322c94a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/custom_request_and_route/tutorial001_an_py310.py", "duplicate_line": 4, "correlation_key": "fp|27b091511f0755c966028202fe426b0420f36d4ba9465a731e175220322c94a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/custom_request_and_route/tutorial001_py310.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32558, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bf45a1443d215117a36692b2d0641bf3f4de50ad0945522419f341072d361dae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_updates/tutorial001_py310.py", "duplicate_line": 1, "correlation_key": "fp|bf45a1443d215117a36692b2d0641bf3f4de50ad0945522419f341072d361dae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_updates/tutorial002_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32557, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8678bd26846913f9be9e30e44e59630685c8aef93b27b73ce4f42ca3a96fdd76", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_nested_models/tutorial006_py310.py", "duplicate_line": 2, "correlation_key": "fp|8678bd26846913f9be9e30e44e59630685c8aef93b27b73ce4f42ca3a96fdd76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_nested_models/tutorial007_py310.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32556, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04065d03af0d5a40a6f10430689b50f0aad71095e5c9babf6dcddeb72bfa42c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_nested_models/tutorial005_py310.py", "duplicate_line": 1, "correlation_key": "fp|04065d03af0d5a40a6f10430689b50f0aad71095e5c9babf6dcddeb72bfa42c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_nested_models/tutorial007_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32555, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7fc7285bbffb56d354f744285fc239fff48a2168b515ef9d4e3d94baeb82f4b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_nested_models/tutorial005_py310.py", "duplicate_line": 1, "correlation_key": "fp|7fc7285bbffb56d354f744285fc239fff48a2168b515ef9d4e3d94baeb82f4b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_nested_models/tutorial006_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32554, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39c0ab21dbc22d844e7cbf2c1697c4121a714c125254a54f05ffa4167e1ab1fa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_nested_models/tutorial004_py310.py", "duplicate_line": 6, "correlation_key": "fp|39c0ab21dbc22d844e7cbf2c1697c4121a714c125254a54f05ffa4167e1ab1fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_nested_models/tutorial005_py310.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32553, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33aa8d34331d322a9de0b61a6281fe10b98cccd93ff6f9ac38d9479b948a9c6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_multiple_params/tutorial004_an_py310.py", "duplicate_line": 4, "correlation_key": "fp|33aa8d34331d322a9de0b61a6281fe10b98cccd93ff6f9ac38d9479b948a9c6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_multiple_params/tutorial004_py310.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32552, "scanner": "repobility-ai-code-hygiene", "fingerprint": "95d7775853ddc175e74f7f869efb68de4365cc9fee0b7bc83e1d1a1ba859464c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_multiple_params/tutorial003_an_py310.py", "duplicate_line": 2, "correlation_key": "fp|95d7775853ddc175e74f7f869efb68de4365cc9fee0b7bc83e1d1a1ba859464c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_multiple_params/tutorial004_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32551, "scanner": "repobility-ai-code-hygiene", "fingerprint": "709d295a5f2bc78bee1af288847084cf1d80786640aa1e92525a0b9ea3f5f153", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_multiple_params/tutorial003_an_py310.py", "duplicate_line": 1, "correlation_key": "fp|709d295a5f2bc78bee1af288847084cf1d80786640aa1e92525a0b9ea3f5f153"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_multiple_params/tutorial004_an_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32550, "scanner": "repobility-ai-code-hygiene", "fingerprint": "038810be8b177e891f2f163b8aef86d6ed935a8d9c1d06d0a770331a7fbd1fd9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/body_multiple_params/tutorial003_an_py310.py", "duplicate_line": 2, "correlation_key": "fp|038810be8b177e891f2f163b8aef86d6ed935a8d9c1d06d0a770331a7fbd1fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_multiple_params/tutorial003_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32549, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9460c5b8e65eba9f0ebee8c74ab08b1c801251e535268fbacb1814cc27261829", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/background_tasks/tutorial002_an_py310.py", "duplicate_line": 2, "correlation_key": "fp|9460c5b8e65eba9f0ebee8c74ab08b1c801251e535268fbacb1814cc27261829"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/background_tasks/tutorial002_py310.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32548, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a06c3b98887d5bdbdfccd557cceb37802b3b00f788057b308100f6daccb6bb4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "docs_src/app_testing/app_b_an_py310/main.py", "duplicate_line": 2, "correlation_key": "fp|1a06c3b98887d5bdbdfccd557cceb37802b3b00f788057b308100f6daccb6bb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/app_testing/app_b_py310/main.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `annotation_is_pydantic_v1` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=2, if=5, nested_bonus=6."}, "properties": {"repobilityId": 32537, "scanner": "repobility-threat-engine", "fingerprint": "5ef076eea27ad522afe9e5908da0418e20c16bed7587f84a4705fc26b842f86c", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "annotation_is_pydantic_v1", "breakdown": {"if": 5, "for": 2, "nested_bonus": 6}, "complexity": 13, "correlation_key": "fp|5ef076eea27ad522afe9e5908da0418e20c16bed7587f84a4705fc26b842f86c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/_compat/shared.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_current_user` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, for=1, if=4, nested_bonus=1."}, "properties": {"repobilityId": 32536, "scanner": "repobility-threat-engine", "fingerprint": "78f95a3a942cdab4966084a417543b3026290373cfb33d7cbb09d8178bd7d1cc", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_current_user", "breakdown": {"if": 4, "for": 1, "else": 1, "except": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|78f95a3a942cdab4966084a417543b3026290373cfb33d7cbb09d8178bd7d1cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/security/tutorial005_py310.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_current_user` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, for=1, if=4, nested_bonus=1."}, "properties": {"repobilityId": 32535, "scanner": "repobility-threat-engine", "fingerprint": "4fb15ac1f6a1a469aea206ba34882aa9e077d353c8980bd0cdfc4db0dd9d44eb", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_current_user", "breakdown": {"if": 4, "for": 1, "else": 1, "except": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|4fb15ac1f6a1a469aea206ba34882aa9e077d353c8980bd0cdfc4db0dd9d44eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/security/tutorial005_an_py310.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 32499, "scanner": "repobility-threat-engine", "fingerprint": "c9753c70ed943715a363c497bf8beeeae520fd32c7cdd916ea13e1d2d9067ef7", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|docs/en/docs/js/termynal.js|226|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/docs/js/termynal.js"}, "region": {"startLine": 226}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32546, "scanner": "repobility-threat-engine", "fingerprint": "4434170c810fa43bf20566276ceaa9e55e65938a7f2140721f4fd2599ad87936", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4434170c810fa43bf20566276ceaa9e55e65938a7f2140721f4fd2599ad87936"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32542, "scanner": "repobility-threat-engine", "fingerprint": "c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 46 more): Same pattern found in 46 additional files. Review if needed."}, "properties": {"repobilityId": 32538, "scanner": "repobility-threat-engine", "fingerprint": "c44279f9af9ce201dbd5b62333c3fc8e432cf9c0649e68a1e7b8c3a3ea4fb9f8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 46 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get_current_user", "breakdown": {"if": 4, "for": 1, "else": 1, "except": 1, "nested_bonus": 1}, "aggregated": true, "complexity": 8, "correlation_key": "fp|c44279f9af9ce201dbd5b62333c3fc8e432cf9c0649e68a1e7b8c3a3ea4fb9f8", "aggregated_count": 46}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32534, "scanner": "repobility-threat-engine", "fingerprint": "7b9ccdd419b3878e3d2ec8efb74d8ee23f94729fa3ed8ff97305e33614909ea3", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7b9ccdd419b3878e3d2ec8efb74d8ee23f94729fa3ed8ff97305e33614909ea3"}}}, {"ruleId": "SEC003", "level": "none", "message": {"text": "[SEC003] Hardcoded Secret (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32530, "scanner": "repobility-threat-engine", "fingerprint": "a90dfb2efed389f32f08c3d33ebbf863cb8a7ca0a4b834b4a6eb5d8e704d77a2", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a90dfb2efed389f32f08c3d33ebbf863cb8a7ca0a4b834b4a6eb5d8e704d77a2"}}}, {"ruleId": "SEC134", "level": "none", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 32528, "scanner": "repobility-threat-engine", "fingerprint": "a2e9233412f7423aa7d6083ecc64070a79b45e16876aa3e71da29a02c0781516", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a2e9233412f7423aa7d6083ecc64070a79b45e16876aa3e71da29a02c0781516"}}}, {"ruleId": "SEC139", "level": "none", "message": {"text": "[SEC139] AI-generated migration/route without companion test file (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 32524, "scanner": "repobility-threat-engine", "fingerprint": "d3735f3358749d9b3c2cda96bfdab8ef3eb0d51ad624dd662d687f3aa1792ffa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC139", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d3735f3358749d9b3c2cda96bfdab8ef3eb0d51ad624dd662d687f3aa1792ffa"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 32520, "scanner": "repobility-threat-engine", "fingerprint": "1adf5b7b06aa7259d25fd8145774584f601d557647f01126af978deebbbdbcec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1adf5b7b06aa7259d25fd8145774584f601d557647f01126af978deebbbdbcec", "aggregated_count": 6}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 32519, "scanner": "repobility-threat-engine", "fingerprint": "9d6e6c9a3bce2ae37bc53b6f7be67cb0de4c46d18a22be65ae9b8b9f0a686978", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9d6e6c9a3bce2ae37bc53b6f7be67cb0de4c46d18a22be65ae9b8b9f0a686978"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008c_an_py310.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 32518, "scanner": "repobility-threat-engine", "fingerprint": "31624eb72077445e011280654ce563d2b9c778f436379c6a34fd0fca00616c16", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|31624eb72077445e011280654ce563d2b9c778f436379c6a34fd0fca00616c16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008b_py310.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 32517, "scanner": "repobility-threat-engine", "fingerprint": "169c538d0109a4697da0469fd4a53a13180c1a82cab2f541967bd82bb14cf67d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|169c538d0109a4697da0469fd4a53a13180c1a82cab2f541967bd82bb14cf67d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008b_an_py310.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 32516, "scanner": "repobility-threat-engine", "fingerprint": "782b35fe2be2b25845698f37beaaef3524528d1bc7dfc5351c5dbeac247431c5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|782b35fe2be2b25845698f37beaaef3524528d1bc7dfc5351c5dbeac247431c5", "aggregated_count": 11}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 32515, "scanner": "repobility-threat-engine", "fingerprint": "594db4a6935f2af7f149b06d71b82ac83d9503aa6e302d0d8ac34d0d9e428233", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|594db4a6935f2af7f149b06d71b82ac83d9503aa6e302d0d8ac34d0d9e428233"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008c_an_py310.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 32514, "scanner": "repobility-threat-engine", "fingerprint": "08756d148415213c661fe5096cb0b9826fefe66d6cb696cb8aafeb468ab50e2d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|08756d148415213c661fe5096cb0b9826fefe66d6cb696cb8aafeb468ab50e2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008b_py310.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 32513, "scanner": "repobility-threat-engine", "fingerprint": "d025062ef747ab494da385ffa0243675cdcf007b79265e246cc07f40a7a84b6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d025062ef747ab494da385ffa0243675cdcf007b79265e246cc07f40a7a84b6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008b_an_py310.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 32512, "scanner": "repobility-threat-engine", "fingerprint": "c0243c95a960df79d347d546f02c8d708977edbd4a97478c529e24c680ef3789", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c0243c95a960df79d347d546f02c8d708977edbd4a97478c529e24c680ef3789", "aggregated_count": 4}}}, {"ruleId": "MINED009", "level": "none", "message": {"text": "[MINED009] Floats For Money (and 49 more): Same pattern found in 49 additional files. Review if needed."}, "properties": {"repobilityId": 32508, "scanner": "repobility-threat-engine", "fingerprint": "50e83a7d8db710b3f96ef07b8ddff76415c4efd96485aee3316bb53d03bedfee", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 49 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|50e83a7d8db710b3f96ef07b8ddff76415c4efd96485aee3316bb53d03bedfee", "aggregated_count": 49}}}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 109 more): Same pattern found in 109 additional files. Review if needed."}, "properties": {"repobilityId": 32504, "scanner": "repobility-threat-engine", "fingerprint": "a9e717ced5e63b0e088a4d0420c3842148d4894ec99574928262f0bd80f70d10", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 109 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 109 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a9e717ced5e63b0e088a4d0420c3842148d4894ec99574928262f0bd80f70d10"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32498, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32497, "scanner": "repobility-threat-engine", "fingerprint": "d64285a4fabaf8402eaebbcd807c7123a8f104f0e31b2692cb4cd063a85375d2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d64285a4fabaf8402eaebbcd807c7123a8f104f0e31b2692cb4cd063a85375d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/metadata/tutorial001_py310.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32496, "scanner": "repobility-threat-engine", "fingerprint": "a1504fde4ce186d341de00c33429a55c2a42c9d400b1cb8feb776cf1fdd5c21a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a1504fde4ce186d341de00c33429a55c2a42c9d400b1cb8feb776cf1fdd5c21a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/metadata/tutorial001_1_py310.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32495, "scanner": "repobility-threat-engine", "fingerprint": "1b6d8bce0262bc5e3c933bcfc15da455473765975ff15a7c0f68c5004811d760", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b6d8bce0262bc5e3c933bcfc15da455473765975ff15a7c0f68c5004811d760"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/docs/js/init_kapa_widget.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 32493, "scanner": "repobility-threat-engine", "fingerprint": "6c3f82464378fe1a4b64f3217771ead9df7f9d6422c844d488207b0784e788cf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c3f82464378fe1a4b64f3217771ead9df7f9d6422c844d488207b0784e788cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/generate_clients/tutorial004.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 32492, "scanner": "repobility-threat-engine", "fingerprint": "a1676912577349113523efc525a6b52b606b9dd370cd0cb19e6ef86169d27315", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a1676912577349113523efc525a6b52b606b9dd370cd0cb19e6ef86169d27315"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/docs/js/custom.js"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "properties": {"repobilityId": 32491, "scanner": "repobility-threat-engine", "fingerprint": "8fcdaadba82d2e15e04a2d89dd3a783be748db0b11e03faeaba894d7c04a6d4a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 57 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 57 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8fcdaadba82d2e15e04a2d89dd3a783be748db0b11e03faeaba894d7c04a6d4a"}}}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /items/ has no auth: Handler `read_items` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32693, "scanner": "repobility-route-auth", "fingerprint": "6dc24edd4bb90993d8152ed3847793176a5b5c1943597b346d8781561bc5662b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6dc24edd4bb90993d8152ed3847793176a5b5c1943597b346d8781561bc5662b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_regex_deprecated_body.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /body-embed has no auth: Handler `send_body_embed` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32692, "scanner": "repobility-route-auth", "fingerprint": "4b373bf90f22e659919844e317f61b036d84369cd62e2578a296ac6d0652822a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4b373bf90f22e659919844e317f61b036d84369cd62e2578a296ac6d0652822a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_required_noneable.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST / has no auth: Handler `foo` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32691, "scanner": "repobility-route-auth", "fingerprint": "9ae1b947922189a2bf0b1a3b1583ac4bc43f00a00db9b8f1e39538014a5cb3ac", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|9ae1b947922189a2bf0b1a3b1583ac4bc43f00a00db9b8f1e39538014a5cb3ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_compat.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST / has no auth: Handler `foo` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32690, "scanner": "repobility-route-auth", "fingerprint": "14ce347f681662c405398645e8c50b61c178290cd6077196a908dfb31eb5a4d4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|14ce347f681662c405398645e8c50b61c178290cd6077196a908dfb31eb5a4d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_compat.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /items/ has no auth: Handler `save_union_different_body` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32689, "scanner": "repobility-route-auth", "fingerprint": "e2d96cb73ef058af762b3d3f4952a9420648db13d97bba5b2e3ba75bcc9658ca", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e2d96cb73ef058af762b3d3f4952a9420648db13d97bba5b2e3ba75bcc9658ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_union_inherited_body.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /pet/annotated has no auth: Handler `create_pet_annotated` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32688, "scanner": "repobility-route-auth", "fingerprint": "b7c2b62b4a76418b9cc759ccbe0231be42408991daff87b96de9621a0b6ede77", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|b7c2b62b4a76418b9cc759ccbe0231be42408991daff87b96de9621a0b6ede77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_union_body_discriminator_annotated.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /pet/assignment has no auth: Handler `create_pet_assignment` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32687, "scanner": "repobility-route-auth", "fingerprint": "e4070712d86f35441d00be987f32c2e58f7021d719dab36be91614de5b735045", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e4070712d86f35441d00be987f32c2e58f7021d719dab36be91614de5b735045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_union_body_discriminator_annotated.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /foo has no auth: Handler `foo` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32686, "scanner": "repobility-route-auth", "fingerprint": "38e542ccffe3095171ff10d9646fa98215b8382743956518a15fd0a733917ce6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|38e542ccffe3095171ff10d9646fa98215b8382743956518a15fd0a733917ce6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_additional_properties.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PUT /items/{item_id} has no auth: Handler `save_item_no_body` is registered with router/app.put(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32685, "scanner": "repobility-route-auth", "fingerprint": "7e3994a13aa1d5bd56a0aa5a0d57dbee6b2cc4288e625699ba102f3be3605cee", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|7e3994a13aa1d5bd56a0aa5a0d57dbee6b2cc4288e625699ba102f3be3605cee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_put_no_body.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /shops has no auth: Handler `create_shop` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32684, "scanner": "repobility-route-auth", "fingerprint": "1d85df46ebcc01027239e72dc883ad91f336197e00c784c1c775a07450991510", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|1d85df46ebcc01027239e72dc883ad91f336197e00c784c1c775a07450991510"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_request_body_parameters_media_type.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /products has no auth: Handler `create_product` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32683, "scanner": "repobility-route-auth", "fingerprint": "139defdbb46daad8269cb2221d7fec32b79836762e0f3321fa45f1a962dc4884", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|139defdbb46daad8269cb2221d7fec32b79836762e0f3321fa45f1a962dc4884"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_request_body_parameters_media_type.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /form/python-tuple has no auth: Handler `post_form_param_tuple` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32682, "scanner": "repobility-route-auth", "fingerprint": "0d34cb8204e6d1131f066b7827b639adcbaeec054c6c4132e625d7f0913b6696", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|0d34cb8204e6d1131f066b7827b639adcbaeec054c6c4132e625d7f0913b6696"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_forms_from_non_typing_sequences.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /form/python-set has no auth: Handler `post_form_param_set` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32681, "scanner": "repobility-route-auth", "fingerprint": "9cef60e2243b215a1868b288a479f96a98073d628e653d08deb72a9f54d6dcb9", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|9cef60e2243b215a1868b288a479f96a98073d628e653d08deb72a9f54d6dcb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_forms_from_non_typing_sequences.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /form/python-list has no auth: Handler `post_form_param_list` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32680, "scanner": "repobility-route-auth", "fingerprint": "6620aabfc1cd07c810c7f65c9f97397fa0ed0a83fcba1a0c5a93add2da20f329", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6620aabfc1cd07c810c7f65c9f97397fa0ed0a83fcba1a0c5a93add2da20f329"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_forms_from_non_typing_sequences.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST / has no auth: Handler `post` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32679, "scanner": "repobility-route-auth", "fingerprint": "df5aa206e8696c48a10de317d10b8f2e4bcf9e4f43450d432cadf3c8bb0a144b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|df5aa206e8696c48a10de317d10b8f2e4bcf9e4f43450d432cadf3c8bb0a144b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_additional_properties_bool.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /sequence has no auth: Handler `endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32678, "scanner": "repobility-route-auth", "fingerprint": "d0cd8bdcb5e0df97b2ed5b61979896f4d999099fd9bcbdc4bb5c16f0c1a57601", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d0cd8bdcb5e0df97b2ed5b61979896f4d999099fd9bcbdc4bb5c16f0c1a57601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pydantic_v1_error.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /union has no auth: Handler `endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32677, "scanner": "repobility-route-auth", "fingerprint": "3af7a075e0610332dd4a4373963999071b8de5cf4887e74859f7a37b4caad18f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|3af7a075e0610332dd4a4373963999071b8de5cf4887e74859f7a37b4caad18f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pydantic_v1_error.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /param has no auth: Handler `endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32676, "scanner": "repobility-route-auth", "fingerprint": "df788f8df99f9b1ce9d0675540805c96608b6fe6f7d4453dc41deba4068a6b72", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|df788f8df99f9b1ce9d0675540805c96608b6fe6f7d4453dc41deba4068a6b72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pydantic_v1_error.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /tuple-form/ has no auth: Handler `hello` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32675, "scanner": "repobility-route-auth", "fingerprint": "9e6b1fdd41bfa9f82087ee8b7b8c927d2d76daac6f52105ae078f602c4ca72a4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|9e6b1fdd41bfa9f82087ee8b7b8c927d2d76daac6f52105ae078f602c4ca72a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tuples.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /tuple-of-models/ has no auth: Handler `post_tuple_of_models` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32674, "scanner": "repobility-route-auth", "fingerprint": "815bd9748bee51986c3b008721a0ec03d7f568ae0cfa2ca0bdd7bcd10990405c", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|815bd9748bee51986c3b008721a0ec03d7f568ae0cfa2ca0bdd7bcd10990405c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tuples.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /model-with-tuple/ has no auth: Handler `post_model_with_tuple` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32673, "scanner": "repobility-route-auth", "fingerprint": "15b143c29bf821105359ed2857397ef6c612b2e941c8c4ffa54ec4adbd748e55", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|15b143c29bf821105359ed2857397ef6c612b2e941c8c4ffa54ec4adbd748e55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tuples.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /form-extra-allow/ has no auth: Handler `post_form_extra_allow` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32672, "scanner": "repobility-route-auth", "fingerprint": "5566970739269f1f6a6118c27a3fb5b20ab798ac263a38e193af27b35411f9f0", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|5566970739269f1f6a6118c27a3fb5b20ab798ac263a38e193af27b35411f9f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_forms_single_model.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /items/ has no auth: Handler `save_union_body_discriminator` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32671, "scanner": "repobility-route-auth", "fingerprint": "f6828fe6d3402dc69eb0677ce77e2a9e80158ad4f3e8e79c5d5d27517559b340", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f6828fe6d3402dc69eb0677ce77e2a9e80158ad4f3e8e79c5d5d27517559b340"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_union_body_discriminator.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /uploadfile/ has no auth: Handler `create_upload_file` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32670, "scanner": "repobility-route-auth", "fingerprint": "b6183452bf3c8c53963dff6dd377b2e6912a4f14e3e074b19f649420ede51270", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|b6183452bf3c8c53963dff6dd377b2e6912a4f14e3e074b19f649420ede51270"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_datastructures.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /form/ has no auth: Handler `post_form` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 32669, "scanner": "repobility-route-auth", "fingerprint": "90313c4f6233b03dde5f2c9dce8d295c2779dc8b392fe0ec7c807d13127056da", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|90313c4f6233b03dde5f2c9dce8d295c2779dc8b392fe0ec7c807d13127056da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_forms_single_param.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_raises_pydantic_v1_model_in_additional_responses_model: Test function `test_raises_pydantic_v1_model_in_additional_responses_model` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32664, "scanner": "repobility-ast-engine", "fingerprint": "e77a604bd828c1246d7cf83036d14fa9bd2139af7528682841e1922e534f3cd5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e77a604bd828c1246d7cf83036d14fa9bd2139af7528682841e1922e534f3cd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pydantic_v1_error.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_raises_pydantic_v1_model_in_response_model: Test function `test_raises_pydantic_v1_model_in_response_model` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32663, "scanner": "repobility-ast-engine", "fingerprint": "bac64dfc7ac8e825944914d0031a7477a4110232da5da69173fe82cd51e7e7e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bac64dfc7ac8e825944914d0031a7477a4110232da5da69173fe82cd51e7e7e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pydantic_v1_error.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_raises_pydantic_v1_model_in_return_type: Test function `test_raises_pydantic_v1_model_in_return_type` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32662, "scanner": "repobility-ast-engine", "fingerprint": "462665f860ad9706779314330cdfd614ca820a0d197a16ebcbbec0b51fa773db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|462665f860ad9706779314330cdfd614ca820a0d197a16ebcbbec0b51fa773db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pydantic_v1_error.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_raises_pydantic_v1_model_in_endpoint_param: Test function `test_raises_pydantic_v1_model_in_endpoint_param` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32661, "scanner": "repobility-ast-engine", "fingerprint": "1b17778a3141ff78e04d141b033d39bcbd5395bcd5e52be0d5aedc19e376f947", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b17778a3141ff78e04d141b033d39bcbd5395bcd5e52be0d5aedc19e376f947"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pydantic_v1_error.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_include_empty: Test function `test_include_empty` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32660, "scanner": "repobility-ast-engine", "fingerprint": "377d8062cdfe8d21c83e4376be78494b635b0602a11817e637d029d9e854db29", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|377d8062cdfe8d21c83e4376be78494b635b0602a11817e637d029d9e854db29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_empty_router.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_broken_scope: Test function `test_broken_scope` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32659, "scanner": "repobility-ast-engine", "fingerprint": "1fe7e437e8e6d811bfb0e65f824b97c5f61036a14af074ff0a38dc481c6bccde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fe7e437e8e6d811bfb0e65f824b97c5f61036a14af074ff0a38dc481c6bccde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_dependency_yield_scope.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_override_server_error_exception_raises: Test function `test_override_server_error_exception_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32658, "scanner": "repobility-ast-engine", "fingerprint": "9ee62d7263f7b876e53c5873e8fcfa517b41aaa8fedd2183e0765e8950f3b3fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ee62d7263f7b876e53c5873e8fcfa517b41aaa8fedd2183e0765e8950f3b3fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_exception_handlers.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_list: Test function `test_invalid_list` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32657, "scanner": "repobility-ast-engine", "fingerprint": "b986fd0951ec3380fc114deb25c9c72a679cde89e36ab3c14c987d04b9cf46cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b986fd0951ec3380fc114deb25c9c72a679cde89e36ab3c14c987d04b9cf46cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate_response.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_double_invalid: Test function `test_double_invalid` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32656, "scanner": "repobility-ast-engine", "fingerprint": "8d756bdd90b81788122ad4701bca5da0289b0e97dc7b871237e42eefb3b5963b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d756bdd90b81788122ad4701bca5da0289b0e97dc7b871237e42eefb3b5963b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate_response.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_none: Test function `test_invalid_none` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32655, "scanner": "repobility-ast-engine", "fingerprint": "ddc3e3f569a95d6bb4c277907a64d6316d698a04597cb1fb28f23d3104ad4ec9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddc3e3f569a95d6bb4c277907a64d6316d698a04597cb1fb28f23d3104ad4ec9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate_response.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid: Test function `test_invalid` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32654, "scanner": "repobility-ast-engine", "fingerprint": "0da479da5ea0b24c7d0b4c4ad86f6a45705d59bb77782dc15f3200f677d72158", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0da479da5ea0b24c7d0b4c4ad86f6a45705d59bb77782dc15f3200f677d72158"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate_response.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_list: Test function `test_invalid_list` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32653, "scanner": "repobility-ast-engine", "fingerprint": "95c16ba9c21908e6145a5e16894171d050ddd04cc676962db038cec796cb2c2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95c16ba9c21908e6145a5e16894171d050ddd04cc676962db038cec796cb2c2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate_response_dataclass.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_double_invalid: Test function `test_double_invalid` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32652, "scanner": "repobility-ast-engine", "fingerprint": "b4fa3e70c69c606368d226920139874d8581f9d0cdb8dc30ba64b7e3112a9b3b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4fa3e70c69c606368d226920139874d8581f9d0cdb8dc30ba64b7e3112a9b3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate_response_dataclass.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid: Test function `test_invalid` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32651, "scanner": "repobility-ast-engine", "fingerprint": "0232627f7dda4af36c72245dfc6001c6351848a2a38f79458e12402d086b829e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0232627f7dda4af36c72245dfc6001c6351848a2a38f79458e12402d086b829e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate_response_dataclass.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_router_circular_import: Test function `test_router_circular_import` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32650, "scanner": "repobility-ast-engine", "fingerprint": "8cb40faf683ef7a20f26f855acb95211bd876f3e2e47d568e69a9a837d1d0593", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cb40faf683ef7a20f26f855acb95211bd876f3e2e47d568e69a9a837d1d0593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_router_circular_import.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_broken_session_stream_raise: Test function `test_broken_session_stream_raise` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32649, "scanner": "repobility-ast-engine", "fingerprint": "7efa3ec6c197eda7ae61c689a18c251f5d0700a85bd64a67602454b5c3a1aa56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7efa3ec6c197eda7ae61c689a18c251f5d0700a85bd64a67602454b5c3a1aa56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_dependency_after_yield_streaming.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_broken_session_data: Test function `test_broken_session_data` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32648, "scanner": "repobility-ast-engine", "fingerprint": "fe33e267f56ff1b9001b039382ba51f93d17f684e3536c076add2f155dfd4874", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe33e267f56ff1b9001b039382ba51f93d17f684e3536c076add2f155dfd4874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_dependency_after_yield_streaming.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_simple_dict: Test function `test_invalid_simple_dict` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32646, "scanner": "repobility-ast-engine", "fingerprint": "1b2973eb15f10022a49537a70a21cb787dcaddb6b36d9cdda28c660a4709b9f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b2973eb15f10022a49537a70a21cb787dcaddb6b36d9cdda28c660a4709b9f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_invalid_path_param.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_simple_set: Test function `test_invalid_simple_set` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32645, "scanner": "repobility-ast-engine", "fingerprint": "1d327b5d2e208403577e3e50ed5c5ac80b67e8a34aae2a85b259a0579668eb91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d327b5d2e208403577e3e50ed5c5ac80b67e8a34aae2a85b259a0579668eb91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_invalid_path_param.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_simple_tuple: Test function `test_invalid_simple_tuple` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32644, "scanner": "repobility-ast-engine", "fingerprint": "c42f9635ca4d524bf75e20763ec5555bf83b5c9b4eba2334e453808c001f50ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c42f9635ca4d524bf75e20763ec5555bf83b5c9b4eba2334e453808c001f50ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_invalid_path_param.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_simple_list: Test function `test_invalid_simple_list` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32643, "scanner": "repobility-ast-engine", "fingerprint": "1920e081f0a3442a2f5648f5fced4cfc147d6868e3840502b2ae2c5544df10ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1920e081f0a3442a2f5648f5fced4cfc147d6868e3840502b2ae2c5544df10ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_invalid_path_param.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_dict: Test function `test_invalid_dict` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32642, "scanner": "repobility-ast-engine", "fingerprint": "6d20650c5a0d30723e4658d3fe85b50115c442715f17e8cf03a82357d65be492", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d20650c5a0d30723e4658d3fe85b50115c442715f17e8cf03a82357d65be492"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_invalid_path_param.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_tuple: Test function `test_invalid_tuple` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32641, "scanner": "repobility-ast-engine", "fingerprint": "62369f5bdb12ad7a665299cb02dfb649335b1eba8705b7fa0e0914eea344bb66", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62369f5bdb12ad7a665299cb02dfb649335b1eba8705b7fa0e0914eea344bb66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_invalid_path_param.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_sequence: Test function `test_invalid_sequence` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32640, "scanner": "repobility-ast-engine", "fingerprint": "5359f949895dcbb3ec10d5fa7b57766c01e33f2fcecbd760e465ecb1a988746e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5359f949895dcbb3ec10d5fa7b57766c01e33f2fcecbd760e465ecb1a988746e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_invalid_path_param.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_upload_file_invalid_pydantic_v2: Test function `test_upload_file_invalid_pydantic_v2` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 32639, "scanner": "repobility-ast-engine", "fingerprint": "ad2ab29a6e62264993e163b0eb9c881a32009ddf82bf91193abcb16f62988789", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad2ab29a6e62264993e163b0eb9c881a32009ddf82bf91193abcb16f62988789"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_datastructures.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.api_route` used but never assigned in __init__: Method `get` of class `APIRouter` reads `self.api_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32634, "scanner": "repobility-ast-engine", "fingerprint": "e36c470de9b0352a3f5f89226b94897ddc72270c58921b175fc985b7c5a349ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e36c470de9b0352a3f5f89226b94897ddc72270c58921b175fc985b7c5a349ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 2181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_websocket_route` used but never assigned in __init__: Method `include_router` of class `APIRouter` reads `self.add_websocket_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32633, "scanner": "repobility-ast-engine", "fingerprint": "f6ad80495fecfe338e4bf4b14dc24867ca1d2b8dc9a2719f29279ecc6a8cd8a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6ad80495fecfe338e4bf4b14dc24867ca1d2b8dc9a2719f29279ecc6a8cd8a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1819}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_api_websocket_route` used but never assigned in __init__: Method `include_router` of class `APIRouter` reads `self.add_api_websocket_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32632, "scanner": "repobility-ast-engine", "fingerprint": "02c47ff079edba923d15318de0eb8a48c9e3bb978d9b09d51937497868fe42df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02c47ff079edba923d15318de0eb8a48c9e3bb978d9b09d51937497868fe42df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1812}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_route` used but never assigned in __init__: Method `include_router` of class `APIRouter` reads `self.add_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32631, "scanner": "repobility-ast-engine", "fingerprint": "a62f1f803b2de61f17242bd74463909d091f3b79519385e9a539be79c970c39a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a62f1f803b2de61f17242bd74463909d091f3b79519385e9a539be79c970c39a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1799}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_api_route` used but never assigned in __init__: Method `include_router` of class `APIRouter` reads `self.add_api_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32630, "scanner": "repobility-ast-engine", "fingerprint": "f5afc3255cd6964841984074913a6fbe0f9b03ab799096fcb76769cc996a9171", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5afc3255cd6964841984074913a6fbe0f9b03ab799096fcb76769cc996a9171"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1762}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_event_handler` used but never assigned in __init__: Method `include_router` of class `APIRouter` reads `self.add_event_handler`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32629, "scanner": "repobility-ast-engine", "fingerprint": "fa2c5f285a79e698125b0c91ff1f2dad943f03742c35003508ac5abc7bef601b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa2c5f285a79e698125b0c91ff1f2dad943f03742c35003508ac5abc7bef601b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1825}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_event_handler` used but never assigned in __init__: Method `include_router` of class `APIRouter` reads `self.add_event_handler`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32628, "scanner": "repobility-ast-engine", "fingerprint": "ba819aa2510a8b54a9093a256c250547fd23861fe620443dd09688cbed5e684f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba819aa2510a8b54a9093a256c250547fd23861fe620443dd09688cbed5e684f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1823}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_websocket_route` used but never assigned in __init__: Method `websocket_route` of class `APIRouter` reads `self.add_websocket_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32627, "scanner": "repobility-ast-engine", "fingerprint": "2df8d16bf7ed96fb613089111b16d3e1762ba93e0d1ad79a8277d071ff1a37d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2df8d16bf7ed96fb613089111b16d3e1762ba93e0d1ad79a8277d071ff1a37d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1573}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_api_websocket_route` used but never assigned in __init__: Method `websocket` of class `APIRouter` reads `self.add_api_websocket_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32626, "scanner": "repobility-ast-engine", "fingerprint": "51b19b6e8a3c4dc48e1384e5ac3c4046870495badf986e99e8847c8dbb1ab644", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51b19b6e8a3c4dc48e1384e5ac3c4046870495badf986e99e8847c8dbb1ab644"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1562}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.routes` used but never assigned in __init__: Method `add_api_websocket_route` of class `APIRouter` reads `self.routes`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32625, "scanner": "repobility-ast-engine", "fingerprint": "09c22b51bf54bf684afc457456f6d68ce0c5cce66ee7bdf8c6e2860281591b29", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09c22b51bf54bf684afc457456f6d68ce0c5cce66ee7bdf8c6e2860281591b29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1500}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_api_route` used but never assigned in __init__: Method `api_route` of class `APIRouter` reads `self.add_api_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32624, "scanner": "repobility-ast-engine", "fingerprint": "2aca45fdd62d46181b91cd69799d4c30b2910e56eb4c9b51fa397dde4f7e032a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2aca45fdd62d46181b91cd69799d4c30b2910e56eb4c9b51fa397dde4f7e032a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1450}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.routes` used but never assigned in __init__: Method `add_api_route` of class `APIRouter` reads `self.routes`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32623, "scanner": "repobility-ast-engine", "fingerprint": "e136963ff8bff4d12cc230a2df6c8b6cf674f56afea56933238c9772b626d77c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e136963ff8bff4d12cc230a2df6c8b6cf674f56afea56933238c9772b626d77c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1417}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_route` used but never assigned in __init__: Method `route` of class `APIRouter` reads `self.add_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32622, "scanner": "repobility-ast-engine", "fingerprint": "130511d05a1936f62318443e188afc2ab0d682092d0a4beb0aff39ae7dafdd17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|130511d05a1936f62318443e188afc2ab0d682092d0a4beb0aff39ae7dafdd17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 1325}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_exception_handler` used but never assigned in __init__: Method `exception_handler` of class `FastAPI` reads `self.add_exception_handler`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32621, "scanner": "repobility-ast-engine", "fingerprint": "5b6d9d001775ab7c7bcb0b11d4ece63ea44d8f4e29f61b088de2c16d4c57a859", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b6d9d001775ab7c7bcb0b11d4ece63ea44d8f4e29f61b088de2c16d4c57a859"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 4688}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_middleware` used but never assigned in __init__: Method `middleware` of class `FastAPI` reads `self.add_middleware`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32620, "scanner": "repobility-ast-engine", "fingerprint": "2e696a76e3e4db4a0e3da9c9ada159aa74076b040e94d7eec353562643b68b68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e696a76e3e4db4a0e3da9c9ada159aa74076b040e94d7eec353562643b68b68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 4641}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_api_websocket_route` used but never assigned in __init__: Method `websocket` of class `FastAPI` reads `self.add_api_websocket_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32619, "scanner": "repobility-ast-engine", "fingerprint": "d2dce3f2f926fefa3c4b1b53b1fd23858462a7100fcfa85461b5dbcd5502770c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d2dce3f2f926fefa3c4b1b53b1fd23858462a7100fcfa85461b5dbcd5502770c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 1348}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_route` used but never assigned in __init__: Method `setup` of class `FastAPI` reads `self.add_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32618, "scanner": "repobility-ast-engine", "fingerprint": "98b2af9862f6c5c8c99de168388f03dea996890b0d207982b1adc084d957febd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98b2af9862f6c5c8c99de168388f03dea996890b0d207982b1adc084d957febd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 1140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.openapi` used but never assigned in __init__: Method `setup` of class `FastAPI` reads `self.openapi`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32617, "scanner": "repobility-ast-engine", "fingerprint": "e2619832c982e02020e481248498008659c6966a5f8cf6ce250369776283fd2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2619832c982e02020e481248498008659c6966a5f8cf6ce250369776283fd2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 1106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_route` used but never assigned in __init__: Method `setup` of class `FastAPI` reads `self.add_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32616, "scanner": "repobility-ast-engine", "fingerprint": "7333752aa7fa555255641abbfc411a5c628dca443302e291ab46b9a9379b56b3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7333752aa7fa555255641abbfc411a5c628dca443302e291ab46b9a9379b56b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 1154}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_route` used but never assigned in __init__: Method `setup` of class `FastAPI` reads `self.add_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32615, "scanner": "repobility-ast-engine", "fingerprint": "8bb382266b2a66b6cdccb626113906d37bd57aa7c8e8dc9e35b18b403b03f816", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bb382266b2a66b6cdccb626113906d37bd57aa7c8e8dc9e35b18b403b03f816"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 1133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_route` used but never assigned in __init__: Method `setup` of class `FastAPI` reads `self.add_route`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32614, "scanner": "repobility-ast-engine", "fingerprint": "db372ef0b28a171e03b74fc13927a48a4a75ad0bc642c9badc3d79f25624a9f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db372ef0b28a171e03b74fc13927a48a4a75ad0bc642c9badc3d79f25624a9f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 1116}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.routes` used but never assigned in __init__: Method `openapi` of class `FastAPI` reads `self.routes`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32613, "scanner": "repobility-ast-engine", "fingerprint": "4744b82538216017d60daf877c22515b199cf44b4fbfa0bc286856acef14e6ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4744b82538216017d60daf877c22515b199cf44b4fbfa0bc286856acef14e6ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 1092}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._format_endpoint_context` used but never assigned in __init__: Method `__str__` of class `ValidationException` reads `self._format_endpoint_context`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32612, "scanner": "repobility-ast-engine", "fingerprint": "99d6b5330b9583e925025767cbdbbaaccbec489c65e36ac8ae8bd0325eec4f95", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99d6b5330b9583e925025767cbdbbaaccbec489c65e36ac8ae8bd0325eec4f95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/exceptions.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.default` used but never assigned in __init__: Method `__repr__` of class `Body` reads `self.default`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32611, "scanner": "repobility-ast-engine", "fingerprint": "88c38bee35305e73b0eb7edd3b0c7322028bb037384f2c984bb0a980ab405ca6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88c38bee35305e73b0eb7edd3b0c7322028bb037384f2c984bb0a980ab405ca6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/params.py"}, "region": {"startLine": 578}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.default` used but never assigned in __init__: Method `__repr__` of class `Param` reads `self.default`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 32610, "scanner": "repobility-ast-engine", "fingerprint": "bb7c9e2a62188895d29adf34cfee9d5140d02b27badb394e2855f7fb40c21178", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb7c9e2a62188895d29adf34cfee9d5140d02b27badb394e2855f7fb40c21178"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/params.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PATCH /items/{item_id}."}, "properties": {"repobilityId": 32588, "scanner": "repobility-access-control", "fingerprint": "1c6a657fd8c2ed452f1e4f589db9bf6241a629b727140ebc851fbfff686083e3", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/items/{item_id}", "method": "PATCH", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|28|auc003", "duplicate_count": 1, "identity_targets": ["unknown", "owner"], "duplicate_rule_ids": ["AUC003"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["1c6a657fd8c2ed452f1e4f589db9bf6241a629b727140ebc851fbfff686083e3", "d71802cea174ac8559e850852a2be1e7a2306d084cc4bfb1319c7ddb6d142faa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_updates/tutorial002_py310.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /items/{item_id}."}, "properties": {"repobilityId": 32587, "scanner": "repobility-access-control", "fingerprint": "1f410904bae83ab416242ba15ed903ffb3155405577fcf9a42b6c8700979732c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/items/{item_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|23|auc003", "duplicate_count": 1, "identity_targets": ["unknown", "owner"], "duplicate_rule_ids": ["AUC003"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["1f410904bae83ab416242ba15ed903ffb3155405577fcf9a42b6c8700979732c", "eb39280e53e927cfd9d8208fd495b44ea2d47ebb4b63e63852bb837c87c530c8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body_updates/tutorial002_py310.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /items/{item_id}."}, "properties": {"repobilityId": 32586, "scanner": "repobility-access-control", "fingerprint": "273b7209079785bc616761a31c61fe2b4b325dde66fe7b8216c078190e6e4ce5", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/{item_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|fastapi/param_functions.py|317|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/param_functions.py"}, "region": {"startLine": 317}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /items/{item_id}."}, "properties": {"repobilityId": 32585, "scanner": "repobility-access-control", "fingerprint": "37f2a6db7e83040ee53af39f532578747c2fd42f089f1268c9cbc56523c6d11d", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/{item_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|fastapi/routing.py|3315|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 3315}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /items/{item_id}."}, "properties": {"repobilityId": 32584, "scanner": "repobility-access-control", "fingerprint": "6ab3f5718cf4386144da2fde697f1ed640abfc7c6147bece6d4fb44d49da6933", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/{item_id}", "method": "PUT", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|fastapi/routing.py|2556|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/routing.py"}, "region": {"startLine": 2556}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /items/{item_id}."}, "properties": {"repobilityId": 32583, "scanner": "repobility-access-control", "fingerprint": "159c6bf844c1d468187b2b7a55e792e3421bcbd453b1a84db1f5a26c1c320872", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/{item_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|fastapi/applications.py|3034|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 3034}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /items/{item_id}."}, "properties": {"repobilityId": 32582, "scanner": "repobility-access-control", "fingerprint": "1a35e0d264cf383bf0f87ba3f76dbece88d65d12a2e5d3a157468494ab4db6c7", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/{item_id}", "method": "PUT", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|fastapi/applications.py|2283|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/applications.py"}, "region": {"startLine": 2283}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /items/{item_id}."}, "properties": {"repobilityId": 32581, "scanner": "repobility-access-control", "fingerprint": "e55a88cbc7e72d77b1c1ce50d2b5c9074bbfbb417982bd15df9fd10e120ccc84", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/items/{item_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|fastapi/exceptions.py|37|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fastapi/exceptions.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 32545, "scanner": "repobility-threat-engine", "fingerprint": "c0aa7ed60eac1edac645cbab7c1eb985cca1a088e1b9b6bdfc2bb36e442b4e7a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(select", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c0aa7ed60eac1edac645cbab7c1eb985cca1a088e1b9b6bdfc2bb36e442b4e7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial002_an_py310.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 32544, "scanner": "repobility-threat-engine", "fingerprint": "4e3026f65b443a91b6460cc9fdbedc4c0cc1f19a3e2d352f5824f8c293fd5b50", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(select", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4e3026f65b443a91b6460cc9fdbedc4c0cc1f19a3e2d352f5824f8c293fd5b50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial001_py310.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 32543, "scanner": "repobility-threat-engine", "fingerprint": "7530e0a56a2f0bcf929294056229a265bcf4732c106fe77489818cfc4282746c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(select", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7530e0a56a2f0bcf929294056229a265bcf4732c106fe77489818cfc4282746c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/sql_databases/tutorial001_an_py310.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 32511, "scanner": "repobility-threat-engine", "fingerprint": "1ed10f9bcad843e13fec6be6e7f2ac2814dee4caa3af140d923aaec5f8814845", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1ed10f9bcad843e13fec6be6e7f2ac2814dee4caa3af140d923aaec5f8814845"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008c_an_py310.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 32510, "scanner": "repobility-threat-engine", "fingerprint": "ea43e0dec281074c298e06da386eeb348480bff17cc44e6e64f621e82d5d5a1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea43e0dec281074c298e06da386eeb348480bff17cc44e6e64f621e82d5d5a1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008b_py310.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 32509, "scanner": "repobility-threat-engine", "fingerprint": "86fbb9fef5997b2186451cc46fb0cc86c6049147a266109037f8e655a94a1c24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|86fbb9fef5997b2186451cc46fb0cc86c6049147a266109037f8e655a94a1c24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/dependencies/tutorial008b_an_py310.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 32507, "scanner": "repobility-threat-engine", "fingerprint": "a11f7d9e965ea6ab8a2b339a10227460ba336f5ba53c1a6a8c14c8545dd56936", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a11f7d9e965ea6ab8a2b339a10227460ba336f5ba53c1a6a8c14c8545dd56936"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body/tutorial003_py310.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 32506, "scanner": "repobility-threat-engine", "fingerprint": "eaaea7f281343036dc23b2fd2cd9bee96d2c6642f023fb918dedde531347add1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eaaea7f281343036dc23b2fd2cd9bee96d2c6642f023fb918dedde531347add1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body/tutorial002_py310.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 32505, "scanner": "repobility-threat-engine", "fingerprint": "a313eff18b9e5e67aa55fa56f9627e5d2a7263fe5c6bed2e4e5d8989855badcb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a313eff18b9e5e67aa55fa56f9627e5d2a7263fe5c6bed2e4e5d8989855badcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body/tutorial001_py310.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 32503, "scanner": "repobility-threat-engine", "fingerprint": "05786ff378db1ef8223cfd9e28df0a17c51737405f769c2aa12b7fd0ca677a5a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/items/\")\nasync def create_item(item: Item, x_token: <redacted>, Header()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|05786ff378db1ef8223cfd9e28df0a17c51737405f769c2aa12b7fd0ca677a5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/app_testing/app_b_an_py310/main.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 32502, "scanner": "repobility-threat-engine", "fingerprint": "eede59aa15033a1f66b3542b106df3b3aa018d19032f429a453ccf5cbffaac77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.put(\"/items/{item_id}\")\nasync def upsert_item(\n    item_id: str,\n    name: str | None = Body(de", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|eede59aa15033a1f66b3542b106df3b3aa018d19032f429a453ccf5cbffaac77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/additional_status_codes/tutorial001_py310.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 32501, "scanner": "repobility-threat-engine", "fingerprint": "7681253577e3ef6a5eb1d266e3cf720ea3d9cb191c35207bce9490fc9bfbc00e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.put(\"/items/{item_id}\")\nasync def upsert_item(\n    item_id: str,\n    name: Annotated[str | None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7681253577e3ef6a5eb1d266e3cf720ea3d9cb191c35207bce9490fc9bfbc00e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/additional_status_codes/tutorial001_an_py310.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 32500, "scanner": "repobility-threat-engine", "fingerprint": "4753da456f366968f27bffef37ffa256a9b02caa5cb9123ea422b13dd3599a0d", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `<span ${this._attributes(line)}>${line.value || ''}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4753da456f366968f27bffef37ffa256a9b02caa5cb9123ea422b13dd3599a0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/docs/js/termynal.js"}, "region": {"startLine": 226}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32490, "scanner": "repobility-threat-engine", "fingerprint": "6caa04c1ccf755134c6f8a9cce17a9767d09dfd425899237df15ad8088399b17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "result.update({\"q\": q})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6caa04c1ccf755134c6f8a9cce17a9767d09dfd425899237df15ad8088399b17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body/tutorial004_py310.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32489, "scanner": "repobility-threat-engine", "fingerprint": "c402f77fbc1018d710e2001c0f20ce3d613f7147b4a0f2e36bf902d70878fb24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "item_dict.update({\"price_with_tax\": price_with_tax})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c402f77fbc1018d710e2001c0f20ce3d613f7147b4a0f2e36bf902d70878fb24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs_src/body/tutorial002_py310.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32488, "scanner": "repobility-threat-engine", "fingerprint": "500ca7df7d3db38b3b75a48da937413adca8016edc9230e78c99655ef5fb6f9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Promise.all(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|500ca7df7d3db38b3b75a48da937413adca8016edc9230e78c99655ef5fb6f9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/docs/js/custom.js"}, "region": {"startLine": 166}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 32487, "scanner": "repobility-threat-engine", "fingerprint": "ed536730d2dcb0e9f81edc4899eef5975d668329cddff3961c11b50cfcc7e69a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url (n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ed536730d2dcb0e9f81edc4899eef5975d668329cddff3961c11b50cfcc7e69a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/doc_parsing_utils.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 32486, "scanner": "repobility-threat-engine", "fingerprint": "8558e5f2c672f5e97f03fcf45f586a6957099f100158b72253fb06b3c9d35e16", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8558e5f2c672f5e97f03fcf45f586a6957099f100158b72253fb06b3c9d35e16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/docs/js/custom.js"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 32665, "scanner": "repobility-ast-engine", "fingerprint": "1c31ce7e2958f2c62f9810c8e7aacf0916af894e2df2df0782cfb234be96588b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c31ce7e2958f2c62f9810c8e7aacf0916af894e2df2df0782cfb234be96588b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_local_docs.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 32647, "scanner": "repobility-ast-engine", "fingerprint": "97875f24cdba763d7d58335f4bcf602bec7ea5097a12e13d95186bd090b324cb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97875f24cdba763d7d58335f4bcf602bec7ea5097a12e13d95186bd090b324cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_swagger_ui_escape.py"}, "region": {"startLine": 11}}}]}]}]}