{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC031", "name": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternati", "shortDescription": {"text": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process"}, "fullDescription": {"text": "Three options, pick one:\n  1. Rewrite the pattern to avoid nested quantifiers. E.g. `(a+)+` is      functionally equivalent to `a+` for matching purposes.\n  2. Use Google's re2 (`pip install google-re2`): linear-time, drop-in      replacement for `re` for most use cases.\n  3. Set a hard timeout: `signal.alarm(1)` before regex eval.\nTest patterns against `safe-regex` or `redos-detector` before shipping."}, "properties": {"scanner": "repobility-threat-engine", "category": "redos", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_shift_data` has cognitive complexity 23 (SonarSource scale). Cognitive c", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_shift_data` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion a"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 23."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `OSDKDev/lock-issues` pinned to mutable ref `@v1.1`: `uses: OSDKDev/lock-issues@v1.1` resolves at work", "shortDescription": {"text": "[MINED115] Action `OSDKDev/lock-issues` pinned to mutable ref `@v1.1`: `uses: OSDKDev/lock-issues@v1.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise"}, "fullDescription": {"text": "Replace with: `uses: OSDKDev/lock-issues@<40-char-sha>  # v1.1` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.image` used but never assigned in __init__: Method `saveimage` of class `Board` reads `self.image`, but", "shortDescription": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `saveimage` of class `Board` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the met"}, "fullDescription": {"text": "Initialize `self.image = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/794"}, "properties": {"repository": "microsoft/ML-For-Beginners", "repoUrl": "https://github.com/microsoft/ML-For-Beginners", "branch": "main"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 67593, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC031", "level": "warning", "message": {"text": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process. CWE-1333. Real CVEs: CVE-2017-16129 (minimatch), CVE-2021-3807 (ansi-regex), and dozens more."}, "properties": {"repobilityId": 67592, "scanner": "repobility-threat-engine", "fingerprint": "221cb1c3f287eaea0ea990e5ac21690c608879e68f84cc466ace4b5eba826b89", "category": "redos", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "(.*)*", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC031", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|221cb1c3f287eaea0ea990e5ac21690c608879e68f84cc466ace4b5eba826b89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "quiz-app/src/router/index.js"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 67590, "scanner": "repobility-threat-engine", "fingerprint": "58d49c74e4cb69f26885c40bfbb140a00853cb46b908b68e9a33c7ff19f3c4c7", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|17|sec012", "duplicate_count": 2, "duplicate_rule_ids": ["SEC012"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["07ab8177a307a2783b826b38475f8734f112967630ebf72e7a55d7554ad1709f", "58d49c74e4cb69f26885c40bfbb140a00853cb46b908b68e9a33c7ff19f3c4c7", "5db1e3cee1e769559d9ebcdb8d539b34169142a97596ae5f2225d53c932e721c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/1-Introduction/solution/common/extract_data.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_shift_data` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=4, if=2, nested_bonus=14, ternary=2."}, "properties": {"repobilityId": 67588, "scanner": "repobility-threat-engine", "fingerprint": "5ebccf6de641c67fd2382339139344d1a08cea06dda9eda1eee55d3346135221", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 23 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_shift_data", "breakdown": {"if": 2, "for": 4, "else": 1, "ternary": 2, "nested_bonus": 14}, "complexity": 23, "correlation_key": "fp|5ebccf6de641c67fd2382339139344d1a08cea06dda9eda1eee55d3346135221"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/1-Introduction/working/common/utils.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_shift_data` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=4, if=2, nested_bonus=14, ternary=2."}, "properties": {"repobilityId": 67587, "scanner": "repobility-threat-engine", "fingerprint": "0aaf30adef3217743ceb4e510c917d78e47bcb30afa9f4a381c00c10b99b50ad", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 23 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_shift_data", "breakdown": {"if": 2, "for": 4, "else": 1, "ternary": 2, "nested_bonus": 14}, "complexity": 23, "correlation_key": "fp|0aaf30adef3217743ceb4e510c917d78e47bcb30afa9f4a381c00c10b99b50ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/1-Introduction/solution/common/utils.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, elif=3, else=2, if=3, nested_bonus=11, while=1."}, "properties": {"repobilityId": 67586, "scanner": "repobility-threat-engine", "fingerprint": "7815845eff26ab9d1d191562e045be46a1229f19bd5e86bc69b867ee44b1695b", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "elif": 3, "else": 2, "break": 1, "while": 1, "nested_bonus": 11}, "complexity": 21, "correlation_key": "fp|7815845eff26ab9d1d191562e045be46a1229f19bd5e86bc69b867ee44b1695b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "6-NLP/2-Tasks/solution/bot.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 67580, "scanner": "repobility-threat-engine", "fingerprint": "f82a2d58529fd87f84a2035342bb1c8e186edf5e7ab515b86a03f356bedf784f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f82a2d58529fd87f84a2035342bb1c8e186edf5e7ab515b86a03f356bedf784f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "3-Web-App/1-Web-App/solution/web-app/app.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 67578, "scanner": "repobility-threat-engine", "fingerprint": "6bbdb106d5531e015361470e20d3ff3ea89d7b7408e39a089b0f03f2bf874bf0", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|7|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "3-Web-App/1-Web-App/solution/web-app/app.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 67601, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49e0f117bd99df3e3acdb715a68305ce7cb44b87010249793a8f9118b74caf73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "8-Reinforcement/1-QLearning/rlboard.py", "duplicate_line": 1, "correlation_key": "fp|49e0f117bd99df3e3acdb715a68305ce7cb44b87010249793a8f9118b74caf73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/solution/rlboard.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 67600, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e1b6eac6ea807e7bace0f57d9652f023ae6534970f58c3b5003451addee74546", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "7-TimeSeries/1-Introduction/solution/common/utils.py", "duplicate_line": 1, "correlation_key": "fp|e1b6eac6ea807e7bace0f57d9652f023ae6534970f58c3b5003451addee74546"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/common/utils.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 67599, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bb0f8c913c45121457750918e0d9a91afde6f22879ff0ecd074299a13e8f402", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "7-TimeSeries/1-Introduction/solution/common/utils.py", "duplicate_line": 1, "correlation_key": "fp|2bb0f8c913c45121457750918e0d9a91afde6f22879ff0ecd074299a13e8f402"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/2-ARIMA/working/common/utils.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 67598, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed84da7ea1df481b2c72733f0fb6b55d797dc6a4f515d8355bdab6ab8fc862ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "7-TimeSeries/1-Introduction/solution/common/extract_data.py", "duplicate_line": 1, "correlation_key": "fp|ed84da7ea1df481b2c72733f0fb6b55d797dc6a4f515d8355bdab6ab8fc862ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/2-ARIMA/working/common/extract_data.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 67597, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87237860a4a9706a7ed2bc9859cd940273336fb8f126b98dd9f270d639914384", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "7-TimeSeries/1-Introduction/solution/common/utils.py", "duplicate_line": 1, "correlation_key": "fp|87237860a4a9706a7ed2bc9859cd940273336fb8f126b98dd9f270d639914384"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/2-ARIMA/solution/common/utils.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 67596, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4e68f3ec6deaf4dd60516692c0a4e88825875a77afe6ffc5dde9af7050603362", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "7-TimeSeries/1-Introduction/solution/common/extract_data.py", "duplicate_line": 1, "correlation_key": "fp|4e68f3ec6deaf4dd60516692c0a4e88825875a77afe6ffc5dde9af7050603362"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/2-ARIMA/solution/common/extract_data.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 67595, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d07b08910d89ef9b90cb0fc7c97685f872fb839d16caa104bde3425e85315629", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "7-TimeSeries/1-Introduction/solution/common/utils.py", "duplicate_line": 1, "correlation_key": "fp|d07b08910d89ef9b90cb0fc7c97685f872fb839d16caa104bde3425e85315629"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/1-Introduction/working/common/utils.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 67594, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29e7b9aec165b339eac91cddd81714fb029ac26af2f31289297ebcdf08bc90e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "7-TimeSeries/1-Introduction/solution/common/extract_data.py", "duplicate_line": 1, "correlation_key": "fp|29e7b9aec165b339eac91cddd81714fb029ac26af2f31289297ebcdf08bc90e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/1-Introduction/working/common/extract_data.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC012", "level": "none", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 67591, "scanner": "repobility-threat-engine", "fingerprint": "f21d8f84b5b8fd967ff0c5e2e1c3fb58bbdee23dfc12821fdafc6666b2cd3f87", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f21d8f84b5b8fd967ff0c5e2e1c3fb58bbdee23dfc12821fdafc6666b2cd3f87"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 67589, "scanner": "repobility-threat-engine", "fingerprint": "29306b5028b90ab8087937c717cb745fd7e07ab4ccb4b2237f19cccb49788ca3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "elif": 3, "else": 2, "break": 1, "while": 1, "nested_bonus": 11}, "aggregated": true, "complexity": 21, "correlation_key": "fp|29306b5028b90ab8087937c717cb745fd7e07ab4ccb4b2237f19cccb49788ca3", "aggregated_count": 9}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 67585, "scanner": "repobility-threat-engine", "fingerprint": "8dfe1a147bec568276548d92a26ac9bec459c80a4ce5c85f6e541043183db74f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8dfe1a147bec568276548d92a26ac9bec459c80a4ce5c85f6e541043183db74f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "6-NLP/2-Tasks/solution/bot.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 67584, "scanner": "repobility-threat-engine", "fingerprint": "27d381e41deeaca5f2d8963096d9a1aa59580490da51fdad2112e28ae8713c14", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|27d381e41deeaca5f2d8963096d9a1aa59580490da51fdad2112e28ae8713c14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "6-NLP/1-Introduction-to-NLP/solution/bot.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 67583, "scanner": "repobility-threat-engine", "fingerprint": "5ad6364fdaf7aa5f31ff665258d070b1a971cdc31dc5e9bdfd1af56ca991e268", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5ad6364fdaf7aa5f31ff665258d070b1a971cdc31dc5e9bdfd1af56ca991e268"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "3-Web-App/1-Web-App/solution/web-app/app.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `OSDKDev/lock-issues` pinned to mutable ref `@v1.1`: `uses: OSDKDev/lock-issues@v1.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 67630, "scanner": "repobility-supply-chain", "fingerprint": "953ef1464d06a20ea41b724be29a4a15b4fb5f7d8dba2c28afb450ad6c9c4086", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|953ef1464d06a20ea41b724be29a4a15b4fb5f7d8dba2c28afb450ad6c9c4086"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lock.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/stale` pinned to mutable ref `@v10`: `uses: actions/stale@v10` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 67629, "scanner": "repobility-supply-chain", "fingerprint": "2f7fffb5c570d8345886e408863aa17765da7c662da119a3a5cc7b68d7b8baa6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2f7fffb5c570d8345886e408863aa17765da7c662da119a3a5cc7b68d7b8baa6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stale.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml` pinned to mutable ref `@v1.4.0`: `uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 67628, "scanner": "repobility-supply-chain", "fingerprint": "8f07943db5367a530d85d200c27caf912ea37d2103fb78a2d46624311d988447", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8f07943db5367a530d85d200c27caf912ea37d2103fb78a2d46624311d988447"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/generator-generic-ossf-slsa3-publish.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 67627, "scanner": "repobility-supply-chain", "fingerprint": "bc65e1017faa3f1d9469bbae36c3fd310e14e873e9557c7768c950201ca8daec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc65e1017faa3f1d9469bbae36c3fd310e14e873e9557c7768c950201ca8daec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/generator-generic-ossf-slsa3-publish.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `saveimage` of class `Board` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67626, "scanner": "repobility-ast-engine", "fingerprint": "8f9928479c5b527d4b3cec5fa6b402e789c091ff058042b385fefc6c06edd759", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f9928479c5b527d4b3cec5fa6b402e789c091ff058042b385fefc6c06edd759"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/solution/rlboard.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `plot` of class `Board` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67625, "scanner": "repobility-ast-engine", "fingerprint": "9d99dfa9f1c5a1c8f37e36c3686bcd44a0185a8627a081da1a3ae40665b69ac1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d99dfa9f1c5a1c8f37e36c3686bcd44a0185a8627a081da1a3ae40665b69ac1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/solution/rlboard.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.at` used but never assigned in __init__: Method `random_start` of class `Board` reads `self.at`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67624, "scanner": "repobility-ast-engine", "fingerprint": "033b178b4300a0e6390841229935e95d5676c78b5700095de8e624797fa7ca18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|033b178b4300a0e6390841229935e95d5676c78b5700095de8e624797fa7ca18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/solution/rlboard.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.random_pos` used but never assigned in __init__: Method `random_start` of class `Board` reads `self.random_pos`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67623, "scanner": "repobility-ast-engine", "fingerprint": "ce993cd6749b5e45a110690d504feae20ab20007b3eb7fa154b56973d19c2cc9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce993cd6749b5e45a110690d504feae20ab20007b3eb7fa154b56973d19c2cc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/solution/rlboard.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_valid` used but never assigned in __init__: Method `move` of class `Board` reads `self.is_valid`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67622, "scanner": "repobility-ast-engine", "fingerprint": "27fb4f85069752cf8d44ecd8320b747430d2fb776a4559a40441afe2575437d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27fb4f85069752cf8d44ecd8320b747430d2fb776a4559a40441afe2575437d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/solution/rlboard.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.move_pos` used but never assigned in __init__: Method `move` of class `Board` reads `self.move_pos`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67621, "scanner": "repobility-ast-engine", "fingerprint": "aad0612f45b0e27a6230f182470e570488a05cac3237d663b276455cea1e6fde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aad0612f45b0e27a6230f182470e570488a05cac3237d663b276455cea1e6fde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/solution/rlboard.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.at` used but never assigned in __init__: Method `walk` of class `Board` reads `self.at`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67620, "scanner": "repobility-ast-engine", "fingerprint": "21af2a9310a7a309c86300c9874e7c4b4d47857e4446623f10a9f6a656c7362a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21af2a9310a7a309c86300c9874e7c4b4d47857e4446623f10a9f6a656c7362a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.move` used but never assigned in __init__: Method `walk` of class `Board` reads `self.move`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67619, "scanner": "repobility-ast-engine", "fingerprint": "412a30fb45a6185c1908835f7ad376f6a05aecddeb52f639f6c25ba7502bb8bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|412a30fb45a6185c1908835f7ad376f6a05aecddeb52f639f6c25ba7502bb8bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_valid` used but never assigned in __init__: Method `walk` of class `Board` reads `self.is_valid`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67618, "scanner": "repobility-ast-engine", "fingerprint": "639ae885655084285fdcd84a86d778f56d540e77c72d614e1c78b1f17d137cd6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|639ae885655084285fdcd84a86d778f56d540e77c72d614e1c78b1f17d137cd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.move_pos` used but never assigned in __init__: Method `walk` of class `Board` reads `self.move_pos`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67617, "scanner": "repobility-ast-engine", "fingerprint": "a3876402fb4cc40b3ea553fb324f7db6031e3351ebe9e0950c3707628347b285", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3876402fb4cc40b3ea553fb324f7db6031e3351ebe9e0950c3707628347b285"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.at` used but never assigned in __init__: Method `walk` of class `Board` reads `self.at`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67616, "scanner": "repobility-ast-engine", "fingerprint": "5c4b76c769ad36bb1105181d2381532e4a4da66a0b2bccb58cc5151f38fd9a55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c4b76c769ad36bb1105181d2381532e4a4da66a0b2bccb58cc5151f38fd9a55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.at` used but never assigned in __init__: Method `walk` of class `Board` reads `self.at`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67615, "scanner": "repobility-ast-engine", "fingerprint": "340ed6830010a4b869cf96298a7492515e835d8119b7459226bf9b703e808999", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|340ed6830010a4b869cf96298a7492515e835d8119b7459226bf9b703e808999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.saveimage` used but never assigned in __init__: Method `walk` of class `Board` reads `self.saveimage`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67614, "scanner": "repobility-ast-engine", "fingerprint": "934ea89c72eb4d3dcfcf6a32c7ed244d5735ae68a75c43e53cd2756b27f57c1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|934ea89c72eb4d3dcfcf6a32c7ed244d5735ae68a75c43e53cd2756b27f57c1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.random_start` used but never assigned in __init__: Method `walk` of class `Board` reads `self.random_start`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67613, "scanner": "repobility-ast-engine", "fingerprint": "0b61a87b7781a31f641c393d6546b810a813b62e6e53bcbb36a0a78e6120703f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b61a87b7781a31f641c393d6546b810a813b62e6e53bcbb36a0a78e6120703f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `saveimage` of class `Board` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67612, "scanner": "repobility-ast-engine", "fingerprint": "2156251650856139e175e40694d2bfab89fae6cac6b86fd40bd989421e6f32a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2156251650856139e175e40694d2bfab89fae6cac6b86fd40bd989421e6f32a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `plot` of class `Board` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67611, "scanner": "repobility-ast-engine", "fingerprint": "f30607c796dd37f8284c03faa34ae59381b78759561b4081aaa7a98cc5258917", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f30607c796dd37f8284c03faa34ae59381b78759561b4081aaa7a98cc5258917"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.at` used but never assigned in __init__: Method `random_start` of class `Board` reads `self.at`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67610, "scanner": "repobility-ast-engine", "fingerprint": "6f91ffdec15f748263afb3eac926c488e1244135934912ee83e11367705c37b9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f91ffdec15f748263afb3eac926c488e1244135934912ee83e11367705c37b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.random_pos` used but never assigned in __init__: Method `random_start` of class `Board` reads `self.random_pos`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67609, "scanner": "repobility-ast-engine", "fingerprint": "66194e29c71a53d36a2d086f48a3066ec4c7ea9b89260a1a516b95c7eb73cadf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|66194e29c71a53d36a2d086f48a3066ec4c7ea9b89260a1a516b95c7eb73cadf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_valid` used but never assigned in __init__: Method `move` of class `Board` reads `self.is_valid`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67608, "scanner": "repobility-ast-engine", "fingerprint": "4a586ac14fd5f6dcfbb71e27212a9282512ca810144cd1566f8800470dbb5b12", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a586ac14fd5f6dcfbb71e27212a9282512ca810144cd1566f8800470dbb5b12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.move_pos` used but never assigned in __init__: Method `move` of class `Board` reads `self.move_pos`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67607, "scanner": "repobility-ast-engine", "fingerprint": "d285f31bcd0f99e4301fce0affc875985222b81ca58ce8264b7715b963e82eac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d285f31bcd0f99e4301fce0affc875985222b81ca58ce8264b7715b963e82eac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "8-Reinforcement/1-QLearning/rlboard.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._df2tensors` used but never assigned in __init__: Method `subset_data` of class `TimeSeriesTensor` reads `self._df2tensors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67606, "scanner": "repobility-ast-engine", "fingerprint": "c64b1f31bdb0f73bd577d4aecb8710e8d3a4f8104525403a51e31ab70dbda157", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c64b1f31bdb0f73bd577d4aecb8710e8d3a4f8104525403a51e31ab70dbda157"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/2-ARIMA/working/common/utils.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._df2tensors` used but never assigned in __init__: Method `subset_data` of class `TimeSeriesTensor` reads `self._df2tensors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67605, "scanner": "repobility-ast-engine", "fingerprint": "b32e7c92d732d6628d3a9d7bc44a3e08891d8d69b06abed29f975a6ab67cb283", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b32e7c92d732d6628d3a9d7bc44a3e08891d8d69b06abed29f975a6ab67cb283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/2-ARIMA/solution/common/utils.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._df2tensors` used but never assigned in __init__: Method `subset_data` of class `TimeSeriesTensor` reads `self._df2tensors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67604, "scanner": "repobility-ast-engine", "fingerprint": "bcdbd808a469c5b8c11ce00fbceb59a0f101ae19b801a685e486a22167f6a862", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bcdbd808a469c5b8c11ce00fbceb59a0f101ae19b801a685e486a22167f6a862"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/1-Introduction/working/common/utils.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._df2tensors` used but never assigned in __init__: Method `subset_data` of class `TimeSeriesTensor` reads `self._df2tensors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67603, "scanner": "repobility-ast-engine", "fingerprint": "3c52c4b554c5ffa220274320b0d4201a410833ca9483935466419a6c076ec998", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c52c4b554c5ffa220274320b0d4201a410833ca9483935466419a6c076ec998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/1-Introduction/solution/common/utils.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._df2tensors` used but never assigned in __init__: Method `subset_data` of class `TimeSeriesTensor` reads `self._df2tensors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 67602, "scanner": "repobility-ast-engine", "fingerprint": "d64c54de2afe144f103122acb99aaa2f7223835273b5a6ef0cb3d2840a86da34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d64c54de2afe144f103122acb99aaa2f7223835273b5a6ef0cb3d2840a86da34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "7-TimeSeries/common/utils.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 67581, "scanner": "repobility-threat-engine", "fingerprint": "6dd7df1343bbfc4c57c314949cef2e46b7ccd9797e1834347109bb881c394d76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.route(\"/predict\", methods=[\"POST\"])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6dd7df1343bbfc4c57c314949cef2e46b7ccd9797e1834347109bb881c394d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "3-Web-App/1-Web-App/solution/web-app/app.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 67577, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 67582, "scanner": "repobility-threat-engine", "fingerprint": "0dde98d38bba37721d640ea81b179441497a131d47afd1da467d177fc5e189ea", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0dde98d38bba37721d640ea81b179441497a131d47afd1da467d177fc5e189ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "3-Web-App/1-Web-App/solution/web-app/app.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 67579, "scanner": "repobility-threat-engine", "fingerprint": "fcb3c235b010cd0236f159cf8af1595fe003528c73884fc8bada395d5cb4c9fe", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fcb3c235b010cd0236f159cf8af1595fe003528c73884fc8bada395d5cb4c9fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "3-Web-App/1-Web-App/solution/web-app/app.py"}, "region": {"startLine": 7}}}]}]}]}