{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `batch_demangle` has cognitive complexity 18 (SonarSource scale). Cognitiv", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `batch_demangle` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursio"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 18."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "AIC009", "name": "Multiple AI-agent scaffold marker files are present", "shortDescription": {"text": "Multiple AI-agent scaffold marker files are present"}, "fullDescription": {"text": "Keep one current agent instruction file if it helps contributors, remove stale progress/completion markers, and make sure the README, tests, and CI describe the real supported behavior."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 21 more): Same pattern found in 21 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `ghcr.io/esphome/docker-base (no tag)` not pinned by digest: `FROM ghcr.io/esphome/docker-bas", "shortDescription": {"text": "[MINED118] Dockerfile FROM `ghcr.io/esphome/docker-base (no tag)` not pinned by digest: `FROM ghcr.io/esphome/docker-base (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build "}, "fullDescription": {"text": "Replace with: `FROM ghcr.io/esphome/docker-base (no tag)@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-clang-format` pinned to mutable rev `v13.0.1`: `.pre-c", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-clang-format` pinned to mutable rev `v13.0.1`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-clang-format` at `rev: v13.0.1`. If `{rev}` is a br"}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `socket.sendall` inside async function `test_noise_corrupt_encrypted_frame`: `socket.sendall` i", "shortDescription": {"text": "[MINED110] Blocking call `socket.sendall` inside async function `test_noise_corrupt_encrypted_frame`: `socket.sendall` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other cor"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_check_error_empty_data: Test function `test_check_error_empty_data` runs code but", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_check_error_empty_data: Test function `test_check_error_empty_data` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying any"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._add_file` used but never assigned in __init__: Method `_discover_component_files` of class `ConfigBund", "shortDescription": {"text": "[MINED108] `self._add_file` used but never assigned in __init__: Method `_discover_component_files` of class `ConfigBundleCreator` reads `self._add_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises"}, "fullDescription": {"text": "Initialize `self._add_file = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED040", "name": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes.", "shortDescription": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, ", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `glob` used but not imported: The file uses `glob.something(...)` but never imports `glob`. T", "shortDescription": {"text": "[MINED107] Missing import: `glob` used but not imported: The file uses `glob.something(...)` but never imports `glob`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import glob` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python obje", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1280"}, "properties": {"repository": "esphome/esphome", "repoUrl": "https://github.com/esphome/esphome", "branch": "dev"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 130002, "scanner": "repobility-ast-engine", "fingerprint": "9dabde02863d24f2be447ea9257c552ec236a901574b42c6875d773b4d359453", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9dabde02863d24f2be447ea9257c552ec236a901574b42c6875d773b4d359453"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_syslog.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 130001, "scanner": "repobility-ast-engine", "fingerprint": "20eaf803c2c742f9b1ab1e3350865658d9302e68e0a9056a1774cc804f36772f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20eaf803c2c742f9b1ab1e3350865658d9302e68e0a9056a1774cc804f36772f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_udp.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129971, "scanner": "repobility-ast-engine", "fingerprint": "4988b3537048e9210bf46b59323784d3c4c5005b401d96f90460acfb1757e2c7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4988b3537048e9210bf46b59323784d3c4c5005b401d96f90460acfb1757e2c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/build_helpers.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129970, "scanner": "repobility-ast-engine", "fingerprint": "eedc5a4bd2868ef1faade7804ab0be1c2f127748ff6eb4d16c247d3d507537cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eedc5a4bd2868ef1faade7804ab0be1c2f127748ff6eb4d16c247d3d507537cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/build_helpers.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129969, "scanner": "repobility-ast-engine", "fingerprint": "7e546dc561a6a65fa8d5a4adb1bf47e7dc933fc507235225351d4a0a62f1b336", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e546dc561a6a65fa8d5a4adb1bf47e7dc933fc507235225351d4a0a62f1b336"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/test_component_grouping.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129966, "scanner": "repobility-ast-engine", "fingerprint": "fc8f9ed329a3b34471477301459fdd1344bd04554ff84fefe906c02de1f316d1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc8f9ed329a3b34471477301459fdd1344bd04554ff84fefe906c02de1f316d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/determine-jobs.py"}, "region": {"startLine": 297}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129965, "scanner": "repobility-ast-engine", "fingerprint": "871774fc833ca275892f434f390cb76d9ad8a6706087b1e5c5cc0de781ea913d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|871774fc833ca275892f434f390cb76d9ad8a6706087b1e5c5cc0de781ea913d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/analyze_component_buses.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129964, "scanner": "repobility-ast-engine", "fingerprint": "a2e9063c89548221ac01934dbfd7d279ee0accda1e4e923293146b2802cd17e5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2e9063c89548221ac01934dbfd7d279ee0accda1e4e923293146b2802cd17e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/analyze_component_buses.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129963, "scanner": "repobility-ast-engine", "fingerprint": "3f25c7dbded1da9f6908eadf202b38a906384c384dbdb904b79e29bf32fca934", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f25c7dbded1da9f6908eadf202b38a906384c384dbdb904b79e29bf32fca934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/analyze_component_buses.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129960, "scanner": "repobility-ast-engine", "fingerprint": "6fb1ae9254d215641c860fdafb3aacc0eaae236ba1df0be3c05dbad0e8321d1c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6fb1ae9254d215641c860fdafb3aacc0eaae236ba1df0be3c05dbad0e8321d1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/merge_component_configs.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129959, "scanner": "repobility-ast-engine", "fingerprint": "bd26c20b92d163e56968817c92979b8939c503064dd7ca7c9ccedea6b2c8547b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd26c20b92d163e56968817c92979b8939c503064dd7ca7c9ccedea6b2c8547b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/stress_test_connect.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129958, "scanner": "repobility-ast-engine", "fingerprint": "db4c7bd772bf654e4f73784538faf9f08d8a11474644620cd96ae843260e38f8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db4c7bd772bf654e4f73784538faf9f08d8a11474644620cd96ae843260e38f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/test_build_components.py"}, "region": {"startLine": 482}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129955, "scanner": "repobility-ast-engine", "fingerprint": "7fc94c83f14f3a41c0f60460296cc8a17114d376103eb39a679e05c045f70ab7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fc94c83f14f3a41c0f60460296cc8a17114d376103eb39a679e05c045f70ab7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/__main__.py"}, "region": {"startLine": 978}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129953, "scanner": "repobility-ast-engine", "fingerprint": "cc16faba688818394d79e07799620b86c768957a9277309c7dbea524b341286f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc16faba688818394d79e07799620b86c768957a9277309c7dbea524b341286f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/async_thread.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129952, "scanner": "repobility-ast-engine", "fingerprint": "120b38b5d7a2773f79ab8c6d7a1091ead12a746b21975f1c506e2760ec7625b4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|120b38b5d7a2773f79ab8c6d7a1091ead12a746b21975f1c506e2760ec7625b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/storage_json.py"}, "region": {"startLine": 404}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129951, "scanner": "repobility-ast-engine", "fingerprint": "3bb4851b8b18d91713e4f9c94ec6e26628151454cb773ce68b266e64c9b4dda3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3bb4851b8b18d91713e4f9c94ec6e26628151454cb773ce68b266e64c9b4dda3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/storage_json.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129950, "scanner": "repobility-ast-engine", "fingerprint": "d22b443097b5d43c8e244a96fea9c3ba143c52c94c9b0c5131547c17708862be", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d22b443097b5d43c8e244a96fea9c3ba143c52c94c9b0c5131547c17708862be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/storage_json.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129948, "scanner": "repobility-ast-engine", "fingerprint": "1c97ca34b01de563ce04634a2b0408b423f1c6d37ca5196ebd7983b467af80b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c97ca34b01de563ce04634a2b0408b423f1c6d37ca5196ebd7983b467af80b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/compiled_config.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129931, "scanner": "repobility-ast-engine", "fingerprint": "c007fbd671cb90e7ca3efbbf79bd5f952621944877d6176cd1909565d1933e8f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c007fbd671cb90e7ca3efbbf79bd5f952621944877d6176cd1909565d1933e8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/vscode.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 129930, "scanner": "repobility-ast-engine", "fingerprint": "6b9225d5c444518cedf2f7a5b6d479a024fe311078cc3e3f9f48889420c5b6f7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b9225d5c444518cedf2f7a5b6d479a024fe311078cc3e3f9f48889420c5b6f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/vscode.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 129918, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 129917, "scanner": "repobility-docker", "fingerprint": "e0e9b4de00cbf0b1d0c929aaab36ed0f267026831a6f0b9f47b33fa8fc4eda78", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "base-${BUILD_TYPE}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e0e9b4de00cbf0b1d0c929aaab36ed0f267026831a6f0b9f47b33fa8fc4eda78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 97}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 129916, "scanner": "repobility-docker", "fingerprint": "a709d92a6b281159bfb3476be135aeb9f65514d3b60b788c8e88e65a9e2b5577", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a709d92a6b281159bfb3476be135aeb9f65514d3b60b788c8e88e65a9e2b5577", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 100}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 129904, "scanner": "repobility-agent-runtime", "fingerprint": "d453e7f49903366a251507652e33717d48f6acf0ae9e09dd92d5326c1e229e5d", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d453e7f49903366a251507652e33717d48f6acf0ae9e09dd92d5326c1e229e5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/__main__.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 129872, "scanner": "repobility-ai-code-hygiene", "fingerprint": "475589d058e6f22f403bf4c5164e09a9f1fddfebbd9ae3e8a1f84085d974fe58", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|475589d058e6f22f403bf4c5164e09a9f1fddfebbd9ae3e8a1f84085d974fe58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32_hosted/update/esp32_hosted_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 129871, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21c30a3dafb293b0811e23cadd2d95c2d490b8021fa598f856fe888cab18008e", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|21c30a3dafb293b0811e23cadd2d95c2d490b8021fa598f856fe888cab18008e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32_hosted/update/esp32_hosted_update.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 129842, "scanner": "repobility-threat-engine", "fingerprint": "37999ba99e458d9e63f9767f22dd74a6a3a240d410a8efc7d624e8a2815a7ca5", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|120|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dashboard_import/__init__.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 129841, "scanner": "repobility-threat-engine", "fingerprint": "3f765b94adbb78363643d3256c3c2b3b919b97c24b23c5ba825f4293d004d85e", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "evidence": {"match": "Password=\" LOG_SECRET(\"", "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|5|password log_secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/captive_portal/captive_portal.cpp"}, "region": {"startLine": 54}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `batch_demangle` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=2, if=8, nested_bonus=5, or=1, ternary=1."}, "properties": {"repobilityId": 129821, "scanner": "repobility-threat-engine", "fingerprint": "8c0c21cf957e8fc8090eb819a48656dbb66636e527219b73f73176ab2c086ed1", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 18 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "batch_demangle", "breakdown": {"if": 8, "or": 1, "for": 2, "except": 1, "ternary": 1, "nested_bonus": 5}, "complexity": 18, "correlation_key": "fp|8c0c21cf957e8fc8090eb819a48656dbb66636e527219b73f73176ab2c086ed1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/analyze_memory/demangle.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=5, else=1, for=1, if=8, nested_bonus=5, ternary=1."}, "properties": {"repobilityId": 129820, "scanner": "repobility-threat-engine", "fingerprint": "f5ced7f185bb1e5e0e3deec31bc46a3b0ac0f5d4e200c733b464298809727a73", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 8, "for": 1, "elif": 5, "else": 1, "ternary": 1, "nested_bonus": 5}, "complexity": 21, "correlation_key": "fp|f5ced7f185bb1e5e0e3deec31bc46a3b0ac0f5d4e200c733b464298809727a73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/generate_tags.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 129911, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 129910, "scanner": "repobility-docker", "fingerprint": "aa0b6f15b017a47186dfd4f467cbcb3b3265649978caa023fe085a63dec2334e", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aa0b6f15b017a47186dfd4f467cbcb3b3265649978caa023fe085a63dec2334e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 129909, "scanner": "repobility-docker", "fingerprint": "42cc1eb49da473873145f53e555f0120a15e397a1f012e49f39b2d3255f84263", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|42cc1eb49da473873145f53e555f0120a15e397a1f012e49f39b2d3255f84263"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 129908, "scanner": "repobility-docker", "fingerprint": "1d5f9209b1d3454861c9195dd10ed08b416092c1eaec0a49339fe6ab53e7834d", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|1d5f9209b1d3454861c9195dd10ed08b416092c1eaec0a49339fe6ab53e7834d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 129907, "scanner": "repobility-docker", "fingerprint": "30300c0b74d27404784c7610b4dd834f9c197548ed2211d0bebc02dd16f27223", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|30300c0b74d27404784c7610b4dd834f9c197548ed2211d0bebc02dd16f27223"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 129906, "scanner": "repobility-docker", "fingerprint": "179d43de40992caa13b02b7092766189f38d302012185affb6273b8d05ee0be2", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|179d43de40992caa13b02b7092766189f38d302012185affb6273b8d05ee0be2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 129903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f6d72baa87652f99349e17a02c973e0403c8ddf1c8244b3a1b72387ac8112b82", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "SBO", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "esphome/components/api/api_server.cpp", "correlation_key": "fp|f6d72baa87652f99349e17a02c973e0403c8ddf1c8244b3a1b72387ac8112b82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/http_request/update/http_request_update.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68e1476cf842d82708529d0476207b8569ff2a29fd49f9f0551db4ccb811e152", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bme280_base/__init__.py", "duplicate_line": 48, "correlation_key": "fp|68e1476cf842d82708529d0476207b8569ff2a29fd49f9f0551db4ccb811e152"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bmp3xx_base/__init__.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0894f745c2a0fd49abec2c2394c427d52ee561f6223903905321b9c3d173f1a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bmp280_base/__init__.py", "duplicate_line": 1, "correlation_key": "fp|0894f745c2a0fd49abec2c2394c427d52ee561f6223903905321b9c3d173f1a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bmp3xx_base/__init__.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "256f4379694d5818b49776c67128f03e39532690b88b575b8edc363c97998881", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bme280_base/bme280_base.h", "duplicate_line": 3, "correlation_key": "fp|256f4379694d5818b49776c67128f03e39532690b88b575b8edc363c97998881"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bmp280_base/bmp280_base.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dca4333315aaafaadbc979746d0115e4dce144b54cef33e633b0701a79dfdcad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bme280_base/bme280_base.cpp", "duplicate_line": 223, "correlation_key": "fp|dca4333315aaafaadbc979746d0115e4dce144b54cef33e633b0701a79dfdcad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bmp280_base/bmp280_base.cpp"}, "region": {"startLine": 179}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "630def5e7304622cffb1d9d24c589ec23c55dc1cb5f002b476622f9abc41dfb3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bme280_base/__init__.py", "duplicate_line": 37, "correlation_key": "fp|630def5e7304622cffb1d9d24c589ec23c55dc1cb5f002b476622f9abc41dfb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bmp280_base/__init__.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129897, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e8e19d8dad912026e34b725c956221ce28eb8733ec21e313d3a642cca007ccf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bme680_bsec/sensor.py", "duplicate_line": 1, "correlation_key": "fp|8e8e19d8dad912026e34b725c956221ce28eb8733ec21e313d3a642cca007ccf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bme68x_bsec2/sensor.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129896, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5f66538f211dd841d50f87ffecd36eae7bc549a7fc2f219d7dc9a191401fa70", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bme680_bsec/bme680_bsec.cpp", "duplicate_line": 68, "correlation_key": "fp|e5f66538f211dd841d50f87ffecd36eae7bc549a7fc2f219d7dc9a191401fa70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bme68x_bsec2/bme68x_bsec2.cpp"}, "region": {"startLine": 129}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129895, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d8e7452b9680b9a0d6ab26a737119165db4b63d89d66f5b12afeb9c0940eaa8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bme280_base/__init__.py", "duplicate_line": 40, "correlation_key": "fp|3d8e7452b9680b9a0d6ab26a737119165db4b63d89d66f5b12afeb9c0940eaa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bme680/sensor.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129894, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d19d68348b08159dd87f094a610a59d509068e6466df07ee2e329a8196f4f43", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/ble_presence/binary_sensor.py", "duplicate_line": 58, "correlation_key": "fp|3d19d68348b08159dd87f094a610a59d509068e6466df07ee2e329a8196f4f43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ble_rssi/sensor.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129893, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ec5651a572cc86abdaa44a11099595872fa29dbe8fd2e5cf88867bcb755d1fc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/ble_presence/ble_presence_device.h", "duplicate_line": 5, "correlation_key": "fp|3ec5651a572cc86abdaa44a11099595872fa29dbe8fd2e5cf88867bcb755d1fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ble_rssi/ble_rssi_sensor.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129892, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e138fd02358cf40b34320de8a1de2a4c137853f1111cad33d7ebf10e5f4e7b34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/ble_client/sensor/ble_sensor.h", "duplicate_line": 4, "correlation_key": "fp|e138fd02358cf40b34320de8a1de2a4c137853f1111cad33d7ebf10e5f4e7b34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ble_client/text_sensor/ble_text_sensor.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129891, "scanner": "repobility-ai-code-hygiene", "fingerprint": "367e2ebe38dac321e7cb93348bd0015a1f51ae3ce0d1d88fe0162adc3e9e3c20", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/ble_client/sensor/ble_sensor.cpp", "duplicate_line": 8, "correlation_key": "fp|367e2ebe38dac321e7cb93348bd0015a1f51ae3ce0d1d88fe0162adc3e9e3c20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ble_client/text_sensor/ble_text_sensor.cpp"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129890, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a5faa08863674e3f17d03397ba8946e2e1f23ad60eafacbef60cd3fbb586ca9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/ble_client/sensor/__init__.py", "duplicate_line": 105, "correlation_key": "fp|2a5faa08863674e3f17d03397ba8946e2e1f23ad60eafacbef60cd3fbb586ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ble_client/text_sensor/__init__.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129889, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7191ba3641ce2b1170e2132217c726ddcd80bfa1c78d354c3d7e8fc97844db9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/ble_client/__init__.py", "duplicate_line": 190, "correlation_key": "fp|b7191ba3641ce2b1170e2132217c726ddcd80bfa1c78d354c3d7e8fc97844db9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ble_client/text_sensor/__init__.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f050c84b4a25174909a603b035e9f92e77272c22c4477b4d62f48fb8d9b3ff00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/ble_client/__init__.py", "duplicate_line": 190, "correlation_key": "fp|f050c84b4a25174909a603b035e9f92e77272c22c4477b4d62f48fb8d9b3ff00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ble_client/sensor/__init__.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e4c0ac1fec887eacfc572f21f0aac968ad2d9913aae01c7ce9f60630547e8f66", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/ble_client/__init__.py", "duplicate_line": 190, "correlation_key": "fp|e4c0ac1fec887eacfc572f21f0aac968ad2d9913aae01c7ce9f60630547e8f66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ble_client/output/__init__.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129886, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9eff81232d5daaba06907bc4c5de9704a09b57082b463a8edbe260293530fa6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bl0939/sensor.py", "duplicate_line": 80, "correlation_key": "fp|9eff81232d5daaba06907bc4c5de9704a09b57082b463a8edbe260293530fa6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bl0942/sensor.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129885, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e8166d5d409fa1964e02a8032fbff02231c491564c7a596dfb44764e497212a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/bl0940/sensor.py", "duplicate_line": 114, "correlation_key": "fp|e8166d5d409fa1964e02a8032fbff02231c491564c7a596dfb44764e497212a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bl0942/sensor.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129884, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37c91add6ff5a56559590c607744e58971002ad21b000046016baa73bc312b44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/am2315c/sensor.py", "duplicate_line": 21, "correlation_key": "fp|37c91add6ff5a56559590c607744e58971002ad21b000046016baa73bc312b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/b_parasite/sensor.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7fc901bd683f81d29d95843703e5b9f3b2b38a89308cabb69351e8940777d775", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/audio_file/media_source/__init__.py", "duplicate_line": 22, "correlation_key": "fp|7fc901bd683f81d29d95843703e5b9f3b2b38a89308cabb69351e8940777d775"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/audio_http/media_source.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b5e8b9cce801f92b2af78f6e1b1ab36099cc6906b01c425e3252b08a137c499", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/audio_file/media_source/audio_file_media_source.cpp", "duplicate_line": 81, "correlation_key": "fp|2b5e8b9cce801f92b2af78f6e1b1ab36099cc6906b01c425e3252b08a137c499"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/audio_http/audio_http_media_source.cpp"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a38ee601985cc3a69d061c450ce8bc1514500e6d8abaebfaf2ce5a54490d007d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/atm90e26/sensor.py", "duplicate_line": 58, "correlation_key": "fp|a38ee601985cc3a69d061c450ce8bc1514500e6d8abaebfaf2ce5a54490d007d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/atm90e32/sensor.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21c6c16c38e428ca7a6bd8883023c381e1745f3f87539dc192b2a2268498ef68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/aqi/aqi_calculator.h", "duplicate_line": 28, "correlation_key": "fp|21c6c16c38e428ca7a6bd8883023c381e1745f3f87539dc192b2a2268498ef68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/aqi/caqi_calculator.h"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129879, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2eddc2daeaad33f6242b1739ad5d93660dd01b3c01b1baf27d182d59c60c8f04", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/api/api_frame_helper_noise.cpp", "duplicate_line": 129, "correlation_key": "fp|2eddc2daeaad33f6242b1739ad5d93660dd01b3c01b1baf27d182d59c60c8f04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/api/api_frame_helper_plaintext.cpp"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129878, "scanner": "repobility-ai-code-hygiene", "fingerprint": "513475cb146b1c4cf8d7532a169621447a79564b65e2a7fbb5d389b7dfef15fd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/api/api_frame_helper.cpp", "duplicate_line": 3, "correlation_key": "fp|513475cb146b1c4cf8d7532a169621447a79564b65e2a7fbb5d389b7dfef15fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/api/api_frame_helper_plaintext.cpp"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129877, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4eff126c9b32641c6bee76180be16d7ec1c209e361f90c4040631510e5a18a29", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/api/api_frame_helper.cpp", "duplicate_line": 3, "correlation_key": "fp|4eff126c9b32641c6bee76180be16d7ec1c209e361f90c4040631510e5a18a29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/api/api_frame_helper_noise.cpp"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129876, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71faae61d64f55735e77826f67bcbcfdd2d42682f7a40c7e031812aadfd1264f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/am43/cover/am43_cover.cpp", "duplicate_line": 82, "correlation_key": "fp|71faae61d64f55735e77826f67bcbcfdd2d42682f7a40c7e031812aadfd1264f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/anova/anova.cpp"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129875, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0edfd5749a4866c8cb3c77685eb1154f9bbc3ece09b39575959de31ee8a54c40", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/am2315c/sensor.py", "duplicate_line": 1, "correlation_key": "fp|0edfd5749a4866c8cb3c77685eb1154f9bbc3ece09b39575959de31ee8a54c40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/am2320/sensor.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129874, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77dcb4b2a0a5b0b2eb09de72526cdc3a18db6f8631c367b9bf678961b7c6c291", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "esphome/components/adc/adc_sensor_esp8266.cpp", "duplicate_line": 4, "correlation_key": "fp|77dcb4b2a0a5b0b2eb09de72526cdc3a18db6f8631c367b9bf678961b7c6c291"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/adc/adc_sensor_libretiny.cpp"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129873, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba87cfa0ee02fc0b231fdc0c52e7c58dc804740ccd402467fe695606a8aca469", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".github/scripts/auto-label-pr/detectors.js", "duplicate_line": 277, "correlation_key": "fp|ba87cfa0ee02fc0b231fdc0c52e7c58dc804740ccd402467fe695606a8aca469"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/auto-label-pr/index.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 129870, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e88ba99886f110b4430984bfacd35688fb28b5cd174109be67d5de331ef9021", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8e88ba99886f110b4430984bfacd35688fb28b5cd174109be67d5de331ef9021"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/mqtt/mqtt_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 129869, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a98e589fc8109597c71ae25ca67b1b5acaa1306f498e79c26e04ade39ce585c7", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a98e589fc8109597c71ae25ca67b1b5acaa1306f498e79c26e04ade39ce585c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/mqtt/mqtt_update.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 129868, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9561a89e8946208bc636a391e102e9e6bab4c947ebe2fb4135ad4b3a7c23f84", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|c9561a89e8946208bc636a391e102e9e6bab4c947ebe2fb4135ad4b3a7c23f84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/http_request/update/http_request_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 129867, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bac07ba066ff472da8709f3b4b627607c7011c77659c2483850e58a07aba82be", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|bac07ba066ff472da8709f3b4b627607c7011c77659c2483850e58a07aba82be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/http_request/update/http_request_update.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 129866, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3ed5162167a3c34d8dfb9790450903723e116dc75bf50d6001b3155a3c2df47", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|c3ed5162167a3c34d8dfb9790450903723e116dc75bf50d6001b3155a3c2df47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32_hosted/update/esp32_hosted_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 129865, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71ec1e5fa9e03e88e003d1bbfb8926f5d54c72bede32e25e0ef65f2bee3a048e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|71ec1e5fa9e03e88e003d1bbfb8926f5d54c72bede32e25e0ef65f2bee3a048e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32_hosted/update/esp32_hosted_update.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 129864, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8af9020eab116f8971056757c18ec32f569d48591b44c014b38e637631828a8f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "temp", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8af9020eab116f8971056757c18ec32f569d48591b44c014b38e637631828a8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dallas_temp/dallas_temp.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 129863, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7aa662d94897234738b70c5bf5bdc5b15c39d851852d87417b5fb66f1205d7ed", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "temp", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|7aa662d94897234738b70c5bf5bdc5b15c39d851852d87417b5fb66f1205d7ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dallas_temp/dallas_temp.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC009", "level": "note", "message": {"text": "Multiple AI-agent scaffold marker files are present"}, "properties": {"repobilityId": 129862, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb", "category": "quality", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains several AI-agent scaffold marker files.", "evidence": {"markers": [".github/copilot-instructions.md", "AGENTS.md", "CLAUDE.md", "GEMINI.md"], "rule_id": "AIC009", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/copilot-instructions.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 129915, "scanner": "repobility-docker", "fingerprint": "7354b615fc54d1bd73cf1119d88ee11194b14d2db0b86aaff606dce25ff05e72", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "base-${BUILD_TYPE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|7354b615fc54d1bd73cf1119d88ee11194b14d2db0b86aaff606dce25ff05e72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 97}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 129914, "scanner": "repobility-docker", "fingerprint": "9d327e8cd408efc96e6955a1475a48ce45e44cee10decbee3b85b18fbbe4546b", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "base-source-${BUILD_TYPE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|9d327e8cd408efc96e6955a1475a48ce45e44cee10decbee3b85b18fbbe4546b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 129913, "scanner": "repobility-docker", "fingerprint": "38c94b2acea371b024939e43740f635b3df1a1f124774e4e1b67882406a5005d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ghcr.io/esphome/docker-base:${BUILD_OS}-ha-addon-${BUILD_BASE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|38c94b2acea371b024939e43740f635b3df1a1f124774e4e1b67882406a5005d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 129912, "scanner": "repobility-docker", "fingerprint": "79f1fd17041be520f0cbf2563f6b06acf91c1977d26dcfc581e94152128f8f23", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ghcr.io/esphome/docker-base:${BUILD_OS}-${BUILD_BASE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|79f1fd17041be520f0cbf2563f6b06acf91c1977d26dcfc581e94152128f8f23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 129905, "scanner": "repobility-docker", "fingerprint": "749be5153d9b42ff77a0bacfa50eca336f7fac02d9ea1ed4e8962911f0b4da61", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ghcr.io/esphome/docker-base:debian-${BUILD_BASE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|749be5153d9b42ff77a0bacfa50eca336f7fac02d9ea1ed4e8962911f0b4da61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 129861, "scanner": "repobility-threat-engine", "fingerprint": "42d5c653d23d71efe0089e059b6eae225b8b34d0aaa72696bbe827cd898e1722", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|42d5c653d23d71efe0089e059b6eae225b8b34d0aaa72696bbe827cd898e1722"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/micronova/__init__.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 129860, "scanner": "repobility-threat-engine", "fingerprint": "a702474aee68866092e9a244d4f921092781d4ec9b50502dc108ff841a855dd7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a702474aee68866092e9a244d4f921092781d4ec9b50502dc108ff841a855dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/i2s_audio/__init__.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 129859, "scanner": "repobility-threat-engine", "fingerprint": "f9092c7db1546b8df36ffe44baf03acc87e7c0c55f1409e26b4cd1dddddb5297", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f9092c7db1546b8df36ffe44baf03acc87e7c0c55f1409e26b4cd1dddddb5297"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/hub75/boards/__init__.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 129858, "scanner": "repobility-threat-engine", "fingerprint": "2eaab8f590234775531b0af5c0b5d781dabb04b06006b4e2a5ef6e77992ce9f7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2eaab8f590234775531b0af5c0b5d781dabb04b06006b4e2a5ef6e77992ce9f7", "aggregated_count": 8}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 129854, "scanner": "repobility-threat-engine", "fingerprint": "3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "aggregated_count": 1}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 129848, "scanner": "repobility-threat-engine", "fingerprint": "36d5f00cf406198fa436b98b63c3303c1ddae452f7930115ccf2f26e9372d30f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|36d5f00cf406198fa436b98b63c3303c1ddae452f7930115ccf2f26e9372d30f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dashboard_import/__init__.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 129843, "scanner": "repobility-threat-engine", "fingerprint": "231dba18075df6de399666f97d16473fc809d7507d5d353a289acd0fbe8b0e11", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|231dba18075df6de399666f97d16473fc809d7507d5d353a289acd0fbe8b0e11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dashboard_import/__init__.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 129840, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 129839, "scanner": "repobility-threat-engine", "fingerprint": "05bbc5c1a9952f43cc0d311d2943468d22fce14d0b4d418521ff67be9bc0e15a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05bbc5c1a9952f43cc0d311d2943468d22fce14d0b4d418521ff67be9bc0e15a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bmp3xx_base/bmp3xx_base.h"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 129838, "scanner": "repobility-threat-engine", "fingerprint": "d371f9c74076f36bca0e279de984e0f0b87c18c12617312b5a7197cbba87b5d4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d371f9c74076f36bca0e279de984e0f0b87c18c12617312b5a7197cbba87b5d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/audio_http/audio_http_media_source.cpp"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 129837, "scanner": "repobility-threat-engine", "fingerprint": "b2bd8a4932bf7b2ad7e9a7406b3d606b83191a97b3f5453675c2d45ab5c38359", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b2bd8a4932bf7b2ad7e9a7406b3d606b83191a97b3f5453675c2d45ab5c38359"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/audio_file/__init__.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 129836, "scanner": "repobility-threat-engine", "fingerprint": "21f9b19bf145e822b0c5c5789b2278cc43f3990a124eca4b75955feb3ebfffc3", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|21f9b19bf145e822b0c5c5789b2278cc43f3990a124eca4b75955feb3ebfffc3"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 129832, "scanner": "repobility-threat-engine", "fingerprint": "aa1cd71561e05e95642798878be0af8ceb3a68e6c4fc5321d404c6e036a65d1a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|aa1cd71561e05e95642798878be0af8ceb3a68e6c4fc5321d404c6e036a65d1a", "aggregated_count": 19}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 129831, "scanner": "repobility-threat-engine", "fingerprint": "65f9a49bfca6ad6d8a44512116abb9af2e9bb97890da8db0549592eb1712c24d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65f9a49bfca6ad6d8a44512116abb9af2e9bb97890da8db0549592eb1712c24d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32/gpio_esp32.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 129830, "scanner": "repobility-threat-engine", "fingerprint": "b7ee4c0e2edd1b5e0b57641008bbca07ebbe8537571ce21df225e94e820ca4d4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b7ee4c0e2edd1b5e0b57641008bbca07ebbe8537571ce21df225e94e820ca4d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32/gpio.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 129829, "scanner": "repobility-threat-engine", "fingerprint": "c39102085712ca76026962624a56e9e004f126eedcb7f402c735ce184bbaffce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c39102085712ca76026962624a56e9e004f126eedcb7f402c735ce184bbaffce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/adc/__init__.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 129828, "scanner": "repobility-threat-engine", "fingerprint": "2d0677d09afb5e514e6b4dfddf9df0427d880a43e5c6e02440beb52222931198", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2d0677d09afb5e514e6b4dfddf9df0427d880a43e5c6e02440beb52222931198", "aggregated_count": 10}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 129827, "scanner": "repobility-threat-engine", "fingerprint": "51ef66239da83ff60e46b83b257cc95a38eb9254532ff9c62e91b2d649d58ef6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|51ef66239da83ff60e46b83b257cc95a38eb9254532ff9c62e91b2d649d58ef6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32_ble_client/ble_characteristic.cpp"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 129826, "scanner": "repobility-threat-engine", "fingerprint": "f5dd29b2f2c4d5ac51154e0f1ac636fd249b4247d9a840ecd4082d9095791686", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f5dd29b2f2c4d5ac51154e0f1ac636fd249b4247d9a840ecd4082d9095791686"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32/preferences.cpp"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 129825, "scanner": "repobility-threat-engine", "fingerprint": "4541e451fc57ae2e7b61e506c561c376eb289b4c0f5bcf23cf6ea33291b6525f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4541e451fc57ae2e7b61e506c561c376eb289b4c0f5bcf23cf6ea33291b6525f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/ac_dimmer/hw_timer_esp_idf.cpp"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 129824, "scanner": "repobility-threat-engine", "fingerprint": "0cc9d8355926f44ca39c7e2dc281b758ec088ce854c2664d6cbf6530087bb6e5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0cc9d8355926f44ca39c7e2dc281b758ec088ce854c2664d6cbf6530087bb6e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ha-addon-rootfs/etc/cont-init.d/40-device-builder.sh"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 129823, "scanner": "repobility-threat-engine", "fingerprint": "2beaa23a41fc308819cee8e444a12e2451fd5037db12680204e805bbaddacd49", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2beaa23a41fc308819cee8e444a12e2451fd5037db12680204e805bbaddacd49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ha-addon-rootfs/etc/cont-init.d/30-esphome-fork.sh"}, "region": {"startLine": 32}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 72 more): Same pattern found in 72 additional files. Review if needed."}, "properties": {"repobilityId": 129822, "scanner": "repobility-threat-engine", "fingerprint": "7b644dc6da792c50b665551471cb4192e5f1c7269a05cdd5f97bed219c214cde", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 72 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 7, "for": 4, "elif": 4, "else": 1, "nested_bonus": 11}, "aggregated": true, "complexity": 27, "correlation_key": "fp|7b644dc6da792c50b665551471cb4192e5f1c7269a05cdd5f97bed219c214cde", "aggregated_count": 72}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 129818, "scanner": "repobility-threat-engine", "fingerprint": "8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "aggregated_count": 1}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 129817, "scanner": "repobility-threat-engine", "fingerprint": "e6718c93477214d25f3b98d053001322bc4f4d355723e12118efb40573056693", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e6718c93477214d25f3b98d053001322bc4f4d355723e12118efb40573056693"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/auto-label-pr/reviews.js"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 129816, "scanner": "repobility-threat-engine", "fingerprint": "50db6c0ff69b6d08f3c8317a9c6662c11444211e3d6e17657aebc5874fb90f6c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50db6c0ff69b6d08f3c8317a9c6662c11444211e3d6e17657aebc5874fb90f6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/auto-label-pr/labels.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 129815, "scanner": "repobility-threat-engine", "fingerprint": "aae6e874336ae06003370a81f518de7617a91e9e67e207e3a9bd89a52c578207", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aae6e874336ae06003370a81f518de7617a91e9e67e207e3a9bd89a52c578207"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/auto-label-pr/index.js"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ghcr.io/esphome/docker-base (no tag)` not pinned by digest: `FROM ghcr.io/esphome/docker-base (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 130016, "scanner": "repobility-supply-chain", "fingerprint": "631eedfbd96f735c53ab3cdef94b51aa29ed66046b3de795f3b2236b3dc66894", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|631eedfbd96f735c53ab3cdef94b51aa29ed66046b3de795f3b2236b3dc66894"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ghcr.io/esphome/docker-base (no tag)` not pinned by digest: `FROM ghcr.io/esphome/docker-base (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 130015, "scanner": "repobility-supply-chain", "fingerprint": "d528a3a995543361ee771343aa88664ed9202d7b0e7a60968bb0359ecc6e2ce7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d528a3a995543361ee771343aa88664ed9202d7b0e7a60968bb0359ecc6e2ce7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ghcr.io/esphome/docker-base:debian-` not pinned by digest: `FROM ghcr.io/esphome/docker-base:debian-` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 130014, "scanner": "repobility-supply-chain", "fingerprint": "7edd13ce57f581f70f32a13c210654787394e2fa9171d17c4f23697e30f76b65", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7edd13ce57f581f70f32a13c210654787394e2fa9171d17c4f23697e30f76b65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-clang-format` pinned to mutable rev `v13.0.1`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-clang-format` at `rev: v13.0.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 130013, "scanner": "repobility-supply-chain", "fingerprint": "7c98b099c3c469c90dd1cf811eec96fe6d0b9cdfdd90f1c5de5ae5b7c25977f4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c98b099c3c469c90dd1cf811eec96fe6d0b9cdfdd90f1c5de5ae5b7c25977f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/adrienverge/yamllint.git` pinned to mutable rev `v1.37.1`: `.pre-commit-config.yaml` references `https://github.com/adrienverge/yamllint.git` at `rev: v1.37.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 130012, "scanner": "repobility-supply-chain", "fingerprint": "4b4ffd76020447aaf99055541479a64c41f56f7f06a50040bd52e3fd160f9b27", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b4ffd76020447aaf99055541479a64c41f56f7f06a50040bd52e3fd160f9b27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/asottile/pyupgrade` pinned to mutable rev `v3.21.2`: `.pre-commit-config.yaml` references `https://github.com/asottile/pyupgrade` at `rev: v3.21.2`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 130011, "scanner": "repobility-supply-chain", "fingerprint": "893c83f80f1bceca78227a3e9d33d33bfe3aa0e117bdbf5a948587d8294dca5d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|893c83f80f1bceca78227a3e9d33d33bfe3aa0e117bdbf5a948587d8294dca5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v5.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v5.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 130010, "scanner": "repobility-supply-chain", "fingerprint": "650efa8a2e2617c53537dbeb59c85cae86e78dcac3ae9b1e4520e039679e53f2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|650efa8a2e2617c53537dbeb59c85cae86e78dcac3ae9b1e4520e039679e53f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/PyCQA/flake8` pinned to mutable rev `7.3.0`: `.pre-commit-config.yaml` references `https://github.com/PyCQA/flake8` at `rev: 7.3.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 130009, "scanner": "repobility-supply-chain", "fingerprint": "7a48f39dbaaa53b744c347c8ae289cd769022d5abcd65e5149798f9d7fc2c712", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7a48f39dbaaa53b744c347c8ae289cd769022d5abcd65e5149798f9d7fc2c712"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `socket.sendall` inside async function `test_noise_corrupt_encrypted_frame`: `socket.sendall` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 130000, "scanner": "repobility-ast-engine", "fingerprint": "c9eb4e1c86e21a4f1a19f3a9edf081d4e2207f1129c1cc4b817d1d6c0d5c9e78", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9eb4e1c86e21a4f1a19f3a9edf081d4e2207f1129c1cc4b817d1d6c0d5c9e78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_oversized_payloads.py"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_check_error_empty_data: Test function `test_check_error_empty_data` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129995, "scanner": "repobility-ast-engine", "fingerprint": "30abe6fbbc61ba18cbe130da9976e66923b5bcb173555f7df8b08964b10c45d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30abe6fbbc61ba18cbe130da9976e66923b5bcb173555f7df8b08964b10c45d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_espota2.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_check_error_unexpected_response: Test function `test_check_error_unexpected_response` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129994, "scanner": "repobility-ast-engine", "fingerprint": "30f101000070be424c0c53af3a1354d457a0a910f46d8f735100d5587bddf265", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30f101000070be424c0c53af3a1354d457a0a910f46d8f735100d5587bddf265"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_espota2.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_check_error_with_various_errors: Test function `test_check_error_with_various_errors` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129993, "scanner": "repobility-ast-engine", "fingerprint": "e2e27c009b5d697d64f0c1a2e00d4b8cf6f3dbee5bfa09d543a54e0f3c22d31e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2e27c009b5d697d64f0c1a2e00d4b8cf6f3dbee5bfa09d543a54e0f3c22d31e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_espota2.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_receive_exactly_socket_error: Test function `test_receive_exactly_socket_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129992, "scanner": "repobility-ast-engine", "fingerprint": "ea8ef60fc8a0aa33764b1873c0ec78661cdfe2530bd4ec4aa2f645c5d4cdf81d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea8ef60fc8a0aa33764b1873c0ec78661cdfe2530bd4ec4aa2f645c5d4cdf81d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_espota2.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_receive_exactly_with_error_response: Test function `test_receive_exactly_with_error_response` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129991, "scanner": "repobility-ast-engine", "fingerprint": "1a439476fd48203b40e5ef6e9520becda1cb97ef500029d75ca9e2374a13dcac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a439476fd48203b40e5ef6e9520becda1cb97ef500029d75ca9e2374a13dcac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_espota2.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_esphome_storage_json_save: Test function `test_esphome_storage_json_save` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129990, "scanner": "repobility-ast-engine", "fingerprint": "c9d833c9212f806bad82547a98f1d15923d0fa113b1adaad2183853d7491d4b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9d833c9212f806bad82547a98f1d15923d0fa113b1adaad2183853d7491d4b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_storage_json.py"}, "region": {"startLine": 674}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_storage_json_apply_to_core_raises_on_invalid_framework_version: Test function `test_storage_json_apply_to_core_raises_on_invalid_framework_version` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129989, "scanner": "repobility-ast-engine", "fingerprint": "5d6973d7f346380ec12468d6aa2c0efcf71d6374cea771a13f2f626958d8d155", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d6973d7f346380ec12468d6aa2c0efcf71d6374cea771a13f2f626958d8d155"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_storage_json.py"}, "region": {"startLine": 587}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_storage_json_save: Test function `test_storage_json_save` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129988, "scanner": "repobility-ast-engine", "fingerprint": "1d7f75b2800ab2bdc0be85d768cdff933966fe5b73725af3bb199cb39dd5a1a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d7f75b2800ab2bdc0be85d768cdff933966fe5b73725af3bb199cb39dd5a1a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_storage_json.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_load_skips_platform_component_already_wrapped: Test function `test_load_skips_platform_component_already_wrapped` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129987, "scanner": "repobility-ast-engine", "fingerprint": "611d40904062a7511605285a1df33e7ee2c900e31e815ac9808bd5e33a4471a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|611d40904062a7511605285a1df33e7ee2c900e31e815ac9808bd5e33a4471a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_test_helpers.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_load_skips_already_wrapped: Test function `test_load_skips_already_wrapped` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129986, "scanner": "repobility-ast-engine", "fingerprint": "cca083c5a816d2425bd9b07c924c345b4868b0d8a12ce8ce6b6e7315ff52cb7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cca083c5a816d2425bd9b07c924c345b4868b0d8a12ce8ce6b6e7315ff52cb7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_test_helpers.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_platform_components_raises_for_invalid_domain: Test function `test_get_platform_components_raises_for_invalid_domain` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129985, "scanner": "repobility-ast-engine", "fingerprint": "54b2ba04239a84ff10b1887cd0f3a7cb53215270a7ed560595629b33dc57d327", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54b2ba04239a84ff10b1887cd0f3a7cb53215270a7ed560595629b33dc57d327"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_test_helpers.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_should_run_benchmarks_with_branch: Test function `test_should_run_benchmarks_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129984, "scanner": "repobility-ast-engine", "fingerprint": "ed4c73258331133c0e1ae7661df9dea66cd8ba2b368b1f89936a60a4d82544bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed4c73258331133c0e1ae7661df9dea66cd8ba2b368b1f89936a60a4d82544bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 2525}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_count_changed_cpp_files_with_branch: Test function `test_count_changed_cpp_files_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129983, "scanner": "repobility-ast-engine", "fingerprint": "5d4fcb3be1e4d3696b87676cc59925cfb2ecd89ede66225547f224c2c427e6ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d4fcb3be1e4d3696b87676cc59925cfb2ecd89ede66225547f224c2c427e6ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 1126}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_should_run_clang_format_with_branch: Test function `test_should_run_clang_format_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129982, "scanner": "repobility-ast-engine", "fingerprint": "6db0dc09c7227139da4d368acf84e716616aee4e2d9de1a6fa8a209769c03fcf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6db0dc09c7227139da4d368acf84e716616aee4e2d9de1a6fa8a209769c03fcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 1092}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_should_run_native_idf_with_branch: Test function `test_should_run_native_idf_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129981, "scanner": "repobility-ast-engine", "fingerprint": "c3e56ef080fc7e66a0e0f782a3cdae7f986b5d6f8d4b125edc31c0126f87a8ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3e56ef080fc7e66a0e0f782a3cdae7f986b5d6f8d4b125edc31c0126f87a8ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 1060}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_native_idf_components_to_test_with_branch: Test function `test_native_idf_components_to_test_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129980, "scanner": "repobility-ast-engine", "fingerprint": "a2789564eea6b24443a361890bfd4ade6ac401c4c0b9c908a3cf10d3816b3016", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2789564eea6b24443a361890bfd4ade6ac401c4c0b9c908a3cf10d3816b3016"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 1022}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_should_run_device_builder_with_branch: Test function `test_should_run_device_builder_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129979, "scanner": "repobility-ast-engine", "fingerprint": "14234bce0a2de8fa11e191f667cf5f92c6f679eb6eba4d09d7636726c24320b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14234bce0a2de8fa11e191f667cf5f92c6f679eb6eba4d09d7636726c24320b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 908}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_should_run_core_ci_with_branch: Test function `test_should_run_core_ci_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129978, "scanner": "repobility-ast-engine", "fingerprint": "79b1f6f762eb531786401c7a587d9644aea4ec626404e5863756898b6272b3da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|79b1f6f762eb531786401c7a587d9644aea4ec626404e5863756898b6272b3da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 849}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_should_run_import_time_with_branch: Test function `test_should_run_import_time_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129977, "scanner": "repobility-ast-engine", "fingerprint": "c19889c029efe5fc64ca9843c0edb807e39828d4a1cf07b60870b1b6b5687f60", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c19889c029efe5fc64ca9843c0edb807e39828d4a1cf07b60870b1b6b5687f60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 767}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_should_run_python_linters_with_branch: Test function `test_should_run_python_linters_with_branch` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129976, "scanner": "repobility-ast-engine", "fingerprint": "f159cc6781884c99e816092c79959c2e3b234cb8dcec182747801c6ef7f71f0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f159cc6781884c99e816092c79959c2e3b234cb8dcec182747801c6ef7f71f0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_determine_jobs.py"}, "region": {"startLine": 723}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_root_cumulative_us_missing_module_raises: Test function `test_root_cumulative_us_missing_module_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129975, "scanner": "repobility-ast-engine", "fingerprint": "a3cd69b023027450647d49e09ddbf5a868e38ddef34e43b5f254de6aa3431cb1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3cd69b023027450647d49e09ddbf5a868e38ddef34e43b5f254de6aa3431cb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_check_import_time.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_local_development_no_remotes_configured: Test function `test_local_development_no_remotes_configured` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129974, "scanner": "repobility-ast-engine", "fingerprint": "b05d15d752d3bfdd63af0faa9ded3fad5d5c57ea26c5e0045619d81d220e4b99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b05d15d752d3bfdd63af0faa9ded3fad5d5c57ea26c5e0045619d81d220e4b99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_helpers.py"}, "region": {"startLine": 368}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_changed_files_github_actions_pull_request_other_error: Test function `test_get_changed_files_github_actions_pull_request_other_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129973, "scanner": "repobility-ast-engine", "fingerprint": "05318b07f5234db1845d28143d30f23d7a86b6cc1b2d93fc72dd3feb5661bc87", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05318b07f5234db1845d28143d30f23d7a86b6cc1b2d93fc72dd3feb5661bc87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/script/test_helpers.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_component_group: Test function `test_component_group` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129968, "scanner": "repobility-ast-engine", "fingerprint": "c47e26b43df35f9ac15c33be7ce8b8581228109b7a83fad36e0c0945060b408a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c47e26b43df35f9ac15c33be7ce8b8581228109b7a83fad36e0c0945060b408a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/test_component_grouping.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_components: Test function `test_components` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129956, "scanner": "repobility-ast-engine", "fingerprint": "46878c952f8d527952b1ad6405fa2af6ce09666b411ed87394054a233945efb2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46878c952f8d527952b1ad6405fa2af6ce09666b411ed87394054a233945efb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/test_build_components.py"}, "region": {"startLine": 979}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._add_file` used but never assigned in __init__: Method `_discover_component_files` of class `ConfigBundleCreator` reads `self._add_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129945, "scanner": "repobility-ast-engine", "fingerprint": "1e0e7b894e218731b5e992b9d7482534d2ebd7a790ce1a11a6a783d8547fefee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e0e7b894e218731b5e992b9d7482534d2ebd7a790ce1a11a6a783d8547fefee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._add_directory` used but never assigned in __init__: Method `_discover_component_files` of class `ConfigBundleCreator` reads `self._add_directory`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129944, "scanner": "repobility-ast-engine", "fingerprint": "4870289212f8a46a6bd56e2bfe3abf85f418e29433683a96c0c7c895e55dc9c5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4870289212f8a46a6bd56e2bfe3abf85f418e29433683a96c0c7c895e55dc9c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._add_directory` used but never assigned in __init__: Method `_discover_component_files` of class `ConfigBundleCreator` reads `self._add_directory`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129943, "scanner": "repobility-ast-engine", "fingerprint": "5ff98175560e55b85c707121f30fc528773365c928cf869f3b13fd327c866d7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ff98175560e55b85c707121f30fc528773365c928cf869f3b13fd327c866d7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 326}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._walk_config_for_files` used but never assigned in __init__: Method `_discover_component_files` of class `ConfigBundleCreator` reads `self._walk_config_for_files`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129942, "scanner": "repobility-ast-engine", "fingerprint": "96ed25d828cd815e1321eab79f9cf8dbc83b74f967b0fd107167da90f718f3f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96ed25d828cd815e1321eab79f9cf8dbc83b74f967b0fd107167da90f718f3f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._add_file` used but never assigned in __init__: Method `_discover_yaml_includes` of class `ConfigBundleCreator` reads `self._add_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129941, "scanner": "repobility-ast-engine", "fingerprint": "86d3e434e2f804d12b4f3da284337a99f8123694bd1948fb74b9e0fb56142fe9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|86d3e434e2f804d12b4f3da284337a99f8123694bd1948fb74b9e0fb56142fe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 277}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._add_file` used but never assigned in __init__: Method `_add_directory` of class `ConfigBundleCreator` reads `self._add_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129940, "scanner": "repobility-ast-engine", "fingerprint": "5d6805a549063f2d8161d746dfd82372b669cc90dd6cc50549a3ebcd19dcd12d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d6805a549063f2d8161d746dfd82372b669cc90dd6cc50549a3ebcd19dcd12d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._relative_to_config_dir` used but never assigned in __init__: Method `_add_file` of class `ConfigBundleCreator` reads `self._relative_to_config_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129939, "scanner": "repobility-ast-engine", "fingerprint": "156e93d6369682c47e9909dd461df2e62f5a2893270299d21f4b04cce4ba2a73", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|156e93d6369682c47e9909dd461df2e62f5a2893270299d21f4b04cce4ba2a73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._add_to_tar` used but never assigned in __init__: Method `create_bundle` of class `ConfigBundleCreator` reads `self._add_to_tar`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129938, "scanner": "repobility-ast-engine", "fingerprint": "2fab72519f9e0d76271f84e9f1ea52ca069278b58e4bd06f2678ea288b2f4031", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2fab72519f9e0d76271f84e9f1ea52ca069278b58e4bd06f2678ea288b2f4031"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_manifest` used but never assigned in __init__: Method `create_bundle` of class `ConfigBundleCreator` reads `self._build_manifest`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129937, "scanner": "repobility-ast-engine", "fingerprint": "748e7604cc26b4a1c446e508c3322a94852d69e6f909309c36a2b5d266b2b18c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|748e7604cc26b4a1c446e508c3322a94852d69e6f909309c36a2b5d266b2b18c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_filtered_secrets` used but never assigned in __init__: Method `create_bundle` of class `ConfigBundleCreator` reads `self._build_filtered_secrets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129936, "scanner": "repobility-ast-engine", "fingerprint": "5384dfe2a7f89a901e921dbbcc7f4ca3ae4059266ad5f802963caf655d7211c5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5384dfe2a7f89a901e921dbbcc7f4ca3ae4059266ad5f802963caf655d7211c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.discover_files` used but never assigned in __init__: Method `create_bundle` of class `ConfigBundleCreator` reads `self.discover_files`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129935, "scanner": "repobility-ast-engine", "fingerprint": "e18aa3a2da3f0e3ae61ae22376b1f7f56ebb1d771ff8f37e8efcdde925dfc38d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e18aa3a2da3f0e3ae61ae22376b1f7f56ebb1d771ff8f37e8efcdde925dfc38d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._discover_component_files` used but never assigned in __init__: Method `discover_files` of class `ConfigBundleCreator` reads `self._discover_component_files`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129934, "scanner": "repobility-ast-engine", "fingerprint": "fa40055a14924135e0beefd8aa84832442331a3356ebc1b05a6003c7206143a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa40055a14924135e0beefd8aa84832442331a3356ebc1b05a6003c7206143a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._discover_yaml_includes` used but never assigned in __init__: Method `discover_files` of class `ConfigBundleCreator` reads `self._discover_yaml_includes`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129933, "scanner": "repobility-ast-engine", "fingerprint": "be82d6e169233cff5ad9526195a28f92139033a81aafb6e4555edb3d7bd2cd2d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be82d6e169233cff5ad9526195a28f92139033a81aafb6e4555edb3d7bd2cd2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._add_file` used but never assigned in __init__: Method `discover_files` of class `ConfigBundleCreator` reads `self._add_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129932, "scanner": "repobility-ast-engine", "fingerprint": "5d991dd10e6c62658d935a10b7af944ed35a6e2c8f6d2edbc9b7dfda8820240e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d991dd10e6c62658d935a10b7af944ed35a6e2c8f6d2edbc9b7dfda8820240e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/bundle.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.zeroconf` used but never assigned in __init__: Method `async_resolve_host` of class `AsyncEsphomeZeroconf` reads `self.zeroconf`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129929, "scanner": "repobility-ast-engine", "fingerprint": "c92fd5f13e4ce03060968f557455d26ea3e3534281b37faf5c874d7c246aa940", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c92fd5f13e4ce03060968f557455d26ea3e3534281b37faf5c874d7c246aa940"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/zeroconf.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.update_device_mdns` used but never assigned in __init__: Method `_process_service_info` of class `DashboardImportDiscovery` reads `self.update_device_mdns`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129928, "scanner": "repobility-ast-engine", "fingerprint": "96e46f6861e36587c8fcf85ee6cf673dca8ecb6b9f022ffbb5c8685fbb700e09", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96e46f6861e36587c8fcf85ee6cf673dca8ecb6b9f022ffbb5c8685fbb700e09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/zeroconf.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._process_service_info` used but never assigned in __init__: Method `_async_process_service_info` of class `DashboardImportDiscovery` reads `self._process_service_info`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129927, "scanner": "repobility-ast-engine", "fingerprint": "5600dc8e4cb906984ffc46d5836e42cfd22c719e468ab9ceb099f32ea659e59d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5600dc8e4cb906984ffc46d5836e42cfd22c719e468ab9ceb099f32ea659e59d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/zeroconf.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_process_service_info` used but never assigned in __init__: Method `browser_callback` of class `DashboardImportDiscovery` reads `self._async_process_service_info`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129926, "scanner": "repobility-ast-engine", "fingerprint": "533d4619cbcd0a576ca5983533dd6a5b271bc97fc24266b46a5e4c87907cf5fc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|533d4619cbcd0a576ca5983533dd6a5b271bc97fc24266b46a5e4c87907cf5fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/zeroconf.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._process_service_info` used but never assigned in __init__: Method `browser_callback` of class `DashboardImportDiscovery` reads `self._process_service_info`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129925, "scanner": "repobility-ast-engine", "fingerprint": "bd2d57d9be8cd6993420469d4c7d0bebd2c8757d723277d8dd7c0c3ec8a8e25d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd2d57d9be8cd6993420469d4c7d0bebd2c8757d723277d8dd7c0c3ec8a8e25d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/zeroconf.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_color_replace` used but never assigned in __init__: Method `write` of class `RedirectText` reads `self._write_color_replace`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129924, "scanner": "repobility-ast-engine", "fingerprint": "ee00729b975208119e62c757b37b08d4223ced70c43768347d598c9e656fb53d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee00729b975208119e62c757b37b08d4223ced70c43768347d598c9e656fb53d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/util.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_color_replace` used but never assigned in __init__: Method `write` of class `RedirectText` reads `self._write_color_replace`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129923, "scanner": "repobility-ast-engine", "fingerprint": "b8bca0b853008a1c85397a6eaead554436972dc9571a3885e20764e63fc54331", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b8bca0b853008a1c85397a6eaead554436972dc9571a3885e20764e63fc54331"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/util.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_color_replace` used but never assigned in __init__: Method `write` of class `RedirectText` reads `self._write_color_replace`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129922, "scanner": "repobility-ast-engine", "fingerprint": "166dbd2496d8f3c304388d25c0f099c0e86803787e3e7652710ed0fe3d0563ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|166dbd2496d8f3c304388d25c0f099c0e86803787e3e7652710ed0fe3d0563ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/util.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_color_replace` used but never assigned in __init__: Method `write` of class `RedirectText` reads `self._write_color_replace`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129921, "scanner": "repobility-ast-engine", "fingerprint": "a3c0589290c3a145757b2cfae89de49e90e8ffe9fb4fe80c23742f106070b85b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3c0589290c3a145757b2cfae89de49e90e8ffe9fb4fe80c23742f106070b85b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/util.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_key` used but never assigned in __init__: Method `get_to_code` of class `PinRegistry` reads `self.get_key`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129920, "scanner": "repobility-ast-engine", "fingerprint": "c0a6cb33968e31cf63a76b09ede1ccf5985a3ae278068d78bb716c31afc81b79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0a6cb33968e31cf63a76b09ede1ccf5985a3ae278068d78bb716c31afc81b79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/pins.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_key` used but never assigned in __init__: Method `validate` of class `PinRegistry` reads `self.get_key`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129919, "scanner": "repobility-ast-engine", "fingerprint": "4666a7c21bfbbaa3961647cc153b3fccc0fb0c986a2e40cdc5febc81696b364c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4666a7c21bfbbaa3961647cc153b3fccc0fb0c986a2e40cdc5febc81696b364c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/pins.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 129857, "scanner": "repobility-threat-engine", "fingerprint": "3d7feb9e52d968c0f1a41d4c08f11b90e114fb9d622a5ba6dd6c5d833b7e2049", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d7feb9e52d968c0f1a41d4c08f11b90e114fb9d622a5ba6dd6c5d833b7e2049"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/hmac_md5/hmac_md5.cpp"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 129856, "scanner": "repobility-threat-engine", "fingerprint": "7f1aaba0fa8cc737455d839c431930f561ffc270ad8fde153d360c902bd5d9d4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7f1aaba0fa8cc737455d839c431930f561ffc270ad8fde153d360c902bd5d9d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/hmac_md5/__init__.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 129855, "scanner": "repobility-threat-engine", "fingerprint": "75e78e1d9b921fa55acf223c30d5094365f222e732d544bb99d85fe30bbf4935", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|75e78e1d9b921fa55acf223c30d5094365f222e732d544bb99d85fe30bbf4935"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/globals/__init__.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 129853, "scanner": "repobility-threat-engine", "fingerprint": "a3c265b726a0c9687de77cf3288e959265bcb73d53a3a12659da2da1704d7aa6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a3c265b726a0c9687de77cf3288e959265bcb73d53a3a12659da2da1704d7aa6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/host/gpio.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 129852, "scanner": "repobility-threat-engine", "fingerprint": "e228c4075e1a03a712aa7c0ccdf47b3f3150859684133909276ab39bba96efb2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e228c4075e1a03a712aa7c0ccdf47b3f3150859684133909276ab39bba96efb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp8266/gpio.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 129851, "scanner": "repobility-threat-engine", "fingerprint": "2907081d89500b8d59abbe2bcae7eac7f92c9a01ac1df34805bf354f3d9d7475", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2907081d89500b8d59abbe2bcae7eac7f92c9a01ac1df34805bf354f3d9d7475"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32/gpio.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 129850, "scanner": "repobility-threat-engine", "fingerprint": "b603e1ad54d7c5b25bf2742626c948eaaf40377ef70c61a55a2a5ffd9fda1e3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "defaults.update(kwargs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b603e1ad54d7c5b25bf2742626c948eaaf40377ef70c61a55a2a5ffd9fda1e3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/epaper_spi/models/__init__.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 129849, "scanner": "repobility-threat-engine", "fingerprint": "3d7ab98aa09d35a597c6562eec9820fdeb50def4249ad8dd2a249fd6b1cfaf63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pref.save(&buffer);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3d7ab98aa09d35a597c6562eec9820fdeb50def4249ad8dd2a249fd6b1cfaf63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/debug/debug_esp32.cpp"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 129847, "scanner": "repobility-threat-engine", "fingerprint": "052bb933dfdcfe0eff81cdf78e8151c242aedf37e747f52f9e5e98146c84db3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|052bb933dfdcfe0eff81cdf78e8151c242aedf37e747f52f9e5e98146c84db3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dashboard_import/__init__.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 129835, "scanner": "repobility-threat-engine", "fingerprint": "a9019681cdbb21de94fefc3b228d3b7436b8168ed2adca27fdf5a09b1f20a912", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a9019681cdbb21de94fefc3b228d3b7436b8168ed2adca27fdf5a09b1f20a912"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/bme68x_bsec2/__init__.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 129834, "scanner": "repobility-threat-engine", "fingerprint": "f2eec9160f7e53bbfe1e479f2daef5b8e3138a59194db6f5ce1fd395aec68406", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f2eec9160f7e53bbfe1e479f2daef5b8e3138a59194db6f5ce1fd395aec68406"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/audio_http/audio_http_media_source.cpp"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 129833, "scanner": "repobility-threat-engine", "fingerprint": "b070aa726ba67067cadd9fd1d7c9de489a24e42a4e09028e1e6790e6a806afa5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b070aa726ba67067cadd9fd1d7c9de489a24e42a4e09028e1e6790e6a806afa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/audio/audio_reader.cpp"}, "region": {"startLine": 181}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 27 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=4, else=1, for=4, if=7, nested_bonus=11."}, "properties": {"repobilityId": 129819, "scanner": "repobility-threat-engine", "fingerprint": "219d281e51cd6a73126ef1ae0faa494f1d24cb825c879bc799a3a7b1b7a0f285", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 27 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 7, "for": 4, "elif": 4, "else": 1, "nested_bonus": 11}, "complexity": 27, "correlation_key": "fp|219d281e51cd6a73126ef1ae0faa494f1d24cb825c879bc799a3a7b1b7a0f285"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/build.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 130017, "scanner": "repobility-supply-chain", "fingerprint": "bb1691e100a6b2d3385271ad07148271768e0b03668429cec3a58c0c9531fd57", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb1691e100a6b2d3385271ad07148271768e0b03668429cec3a58c0c9531fd57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `glob` used but not imported: The file uses `glob.something(...)` but never imports `glob`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 130008, "scanner": "repobility-ast-engine", "fingerprint": "5738e2111167101966f5a2b0f196b7092277e67d9bc85fa0f5cab6a4ac899590", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5738e2111167101966f5a2b0f196b7092277e67d9bc85fa0f5cab6a4ac899590"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/globals/__init__.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `uuid` used but not imported: The file uses `uuid.something(...)` but never imports `uuid`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 130007, "scanner": "repobility-ast-engine", "fingerprint": "de615baeb50c1f23840f4c48f90d55a9c79306d35eca501506494fd135ba10fd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de615baeb50c1f23840f4c48f90d55a9c79306d35eca501506494fd135ba10fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/esp32_ble_server/__init__.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 130006, "scanner": "repobility-ast-engine", "fingerprint": "2e718478558440d6a3cbb6c39c014a298051afa66ddac2a6abac52e641ac9cbd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e718478558440d6a3cbb6c39c014a298051afa66ddac2a6abac52e641ac9cbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/dashboard/status/mdns.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 130005, "scanner": "repobility-ast-engine", "fingerprint": "8e47b1566d4348bd98337c783e5e27b0f025edb618d20f6f04cb26626b2eba6f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e47b1566d4348bd98337c783e5e27b0f025edb618d20f6f04cb26626b2eba6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/dashboard/web_server.py"}, "region": {"startLine": 1194}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 130004, "scanner": "repobility-ast-engine", "fingerprint": "6ff748eabcb88799328916a44b835ec466929dee1911e4e17d2c633434716ce5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ff748eabcb88799328916a44b835ec466929dee1911e4e17d2c633434716ce5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/dashboard/entries.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 130003, "scanner": "repobility-ast-engine", "fingerprint": "7a61686bebdd92700da6aca1a43b58598ebd9f95059165098963086d8fc619dd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a61686bebdd92700da6aca1a43b58598ebd9f95059165098963086d8fc619dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/api_protobuf/api_protobuf.py"}, "region": {"startLine": 3327}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `socket` used but not imported: The file uses `socket.something(...)` but never imports `socket`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129999, "scanner": "repobility-ast-engine", "fingerprint": "0bab2296a5cac8d4500cef4ecff27b53fa580667f5571d540bc0499dc767a5e2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0bab2296a5cac8d4500cef4ecff27b53fa580667f5571d540bc0499dc767a5e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_oversized_payloads.py"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `select` used but not imported: The file uses `select.something(...)` but never imports `select`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129998, "scanner": "repobility-ast-engine", "fingerprint": "2147558a501e99b9305babb3d1bc2a0745e749ed988273b0ecc51d097f7057fc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2147558a501e99b9305babb3d1bc2a0745e749ed988273b0ecc51d097f7057fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_api_message_size_batching.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129997, "scanner": "repobility-ast-engine", "fingerprint": "b7a7b925043b9812ef75f34099a00f44a7848a17ede7c3a34860f81a4e8198a8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7a7b925043b9812ef75f34099a00f44a7848a17ede7c3a34860f81a4e8198a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/dashboard/test_entries.py"}, "region": {"startLine": 273}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `copy` used but not imported: The file uses `copy.something(...)` but never imports `copy`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129996, "scanner": "repobility-ast-engine", "fingerprint": "a9e58dd3aeb2a714563ae8e5abc80bd12cb96a86d88556a39034d44321923cc8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a9e58dd3aeb2a714563ae8e5abc80bd12cb96a86d88556a39034d44321923cc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit_tests/test_cpp_generator.py"}, "region": {"startLine": 462}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129972, "scanner": "repobility-ast-engine", "fingerprint": "ccdcd3ae647068c11364fe22f304dc5cf5757ff7f143a663581aa59c852cafe5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ccdcd3ae647068c11364fe22f304dc5cf5757ff7f143a663581aa59c852cafe5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/component_tests/conftest.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129967, "scanner": "repobility-ast-engine", "fingerprint": "b5d6e03a4e4908347b12079c131218b1915015fced756d0939dc92a02cd199ec", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5d6e03a4e4908347b12079c131218b1915015fced756d0939dc92a02cd199ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/build_codeowners.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129962, "scanner": "repobility-ast-engine", "fingerprint": "f32321a049fad03c22d373fd769add7e1d846c2c65538adae4c0a40a313ba70c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f32321a049fad03c22d373fd769add7e1d846c2c65538adae4c0a40a313ba70c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/helpers.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129961, "scanner": "repobility-ast-engine", "fingerprint": "0922047e1e615eaae73ce9e36b3e4c3230af500b66629fd6ecc67eaa4026697d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0922047e1e615eaae73ce9e36b3e4c3230af500b66629fd6ecc67eaa4026697d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/helpers.py"}, "region": {"startLine": 1206}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129957, "scanner": "repobility-ast-engine", "fingerprint": "ed6aa87f0afc122640e01590d95d92272c6dab8d35eeb62f9a7e23a3c92a7d59", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed6aa87f0afc122640e01590d95d92272c6dab8d35eeb62f9a7e23a3c92a7d59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/test_build_components.py"}, "region": {"startLine": 471}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129954, "scanner": "repobility-ast-engine", "fingerprint": "668efb4127e35eafccb936f7fb35d8e3fd6e1df3485c3e6b523a4d0a52be4853", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|668efb4127e35eafccb936f7fb35d8e3fd6e1df3485c3e6b523a4d0a52be4853"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/helpers.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129949, "scanner": "repobility-ast-engine", "fingerprint": "56317216c65be8edb585f8e0667e778ae7abe29067b03f79bf1a224d7b860539", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56317216c65be8edb585f8e0667e778ae7abe29067b03f79bf1a224d7b860539"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/storage_json.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129947, "scanner": "repobility-ast-engine", "fingerprint": "4b6e3b22fad441eb2b3c85592596e4e05143dc79b54f0029dcb0dbdb3abd67d4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b6e3b22fad441eb2b3c85592596e4e05143dc79b54f0029dcb0dbdb3abd67d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/wizard.py"}, "region": {"startLine": 388}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 129946, "scanner": "repobility-ast-engine", "fingerprint": "9267528d78db2c2be5d909a6f8633fb01e17dabb40483ff8468c71ef89673126", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9267528d78db2c2be5d909a6f8633fb01e17dabb40483ff8468c71ef89673126"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/config.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 129846, "scanner": "repobility-threat-engine", "fingerprint": "e5d86430d3e32fce4741f083f418f41950ea78babcbb5763328638f8a1ecc645", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e5d86430d3e32fce4741f083f418f41950ea78babcbb5763328638f8a1ecc645"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dashboard_import/__init__.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 129845, "scanner": "repobility-threat-engine", "fingerprint": "2340044705919ad91c510867512d646d129c994f1615020b8109d806054c3f71", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|120|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dashboard_import/__init__.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 129844, "scanner": "repobility-threat-engine", "fingerprint": "9464c36979b49123afc233940ec88e491c4cf0b6222f3205baced035a8da77f3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(contents)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9464c36979b49123afc233940ec88e491c4cf0b6222f3205baced035a8da77f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "esphome/components/dashboard_import/__init__.py"}, "region": {"startLine": 120}}}]}]}]}