{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 137 more): Same pattern found in 137 a", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 137 more): Same pattern found in 137 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED053] Placeholder Default Username (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `Assets/Plugins/x86/Audio360.dll` committed in source repo: `Assets/Plugins/x86/Audio360.dll` is ", "shortDescription": {"text": "[MINED134] Binary file `Assets/Plugins/x86/Audio360.dll` committed in source repo: `Assets/Plugins/x86/Audio360.dll` is a .dll binary (1,630,208 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwi"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC025", "name": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand externa", "shortDescription": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure a"}, "fullDescription": {"text": "Set XmlResolver = null on XmlDocument before Load. On XmlReader, pass XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null }. Prefer XDocument / XElement which don't expand external entities by default."}, "properties": {"scanner": "repobility-threat-engine", "category": "xxe", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1126"}, "properties": {"repository": "ZHOURUIH/MyFramework", "repoUrl": "https://github.com/ZHOURUIH/MyFramework", "branch": "master"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 111375, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 111364, "scanner": "repobility-threat-engine", "fingerprint": "9dfd8f6a3f6719b6e0ff66ca4e4d2c8b7862aeceab86a1b2a7e4115c79c362d9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9dfd8f6a3f6719b6e0ff66ca4e4d2c8b7862aeceab86a1b2a7e4115c79c362d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/AtlasPacker/AtlasPacker/Memory/txMemoryTrace.cpp"}, "region": {"startLine": 31}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 111337, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111391, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c3e0b3a74c4f29873486f244d84dca8094a0f35d6e3bee7315c72fae1218074", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_HotFix/Net/TCP/NetConnectTCPBit.cs", "duplicate_line": 115, "correlation_key": "fp|0c3e0b3a74c4f29873486f244d84dca8094a0f35d6e3bee7315c72fae1218074"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/Net/UDP/NetConnectUDPBit.cs"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111390, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c7c29bc372ba621fe404ca7fb8a1b0a0e2ec3420d7c066db9e984658399b04d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_HotFix/Net/TCP/NetConnectTCP.cs", "duplicate_line": 316, "correlation_key": "fp|2c7c29bc372ba621fe404ca7fb8a1b0a0e2ec3420d7c066db9e984658399b04d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/Net/UDP/NetConnectUDP.cs"}, "region": {"startLine": 221}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111389, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb624911d1453dc8c8a85a5d83cc0beac9c2314e2ec9ea48773080cfca83e66f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_Game/ScriptStaticAttach/ResLocalizationRuntimeText.cs", "duplicate_line": 59, "correlation_key": "fp|bb624911d1453dc8c8a85a5d83cc0beac9c2314e2ec9ea48773080cfca83e66f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/LocalizationManager/LocalizationText.cs"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111388, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62fa2da034ca2e09203a1762d0b0b269028d954d56295dcde98c2f76f2e861cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_Game/ScriptStaticAttach/ResLocalizationRuntimeText.cs", "duplicate_line": 57, "correlation_key": "fp|62fa2da034ca2e09203a1762d0b0b269028d954d56295dcde98c2f76f2e861cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/LocalizationManager/LocalizationRuntimeText.cs"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111387, "scanner": "repobility-ai-code-hygiene", "fingerprint": "67e3d999d02180937a52e9d178816611639a9f4ef5efbefedeefc9f41e0e1a74", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_HotFix/Component/COMMovableObject/COMMovableObjectAlpha.cs", "duplicate_line": 3, "correlation_key": "fp|67e3d999d02180937a52e9d178816611639a9f4ef5efbefedeefc9f41e0e1a74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/Component/COMWindow/COMWindowAlpha.cs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111386, "scanner": "repobility-ai-code-hygiene", "fingerprint": "28cc7fee878593b9132c4a57163173e7374e4aec7861f36dd85be10f51b5446e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_HotFix/Component/COMGameScene/COMGameSceneVolume.cs", "duplicate_line": 3, "correlation_key": "fp|28cc7fee878593b9132c4a57163173e7374e4aec7861f36dd85be10f51b5446e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/Component/COMMovableObject/COMMovableObjectVolume.cs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111385, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6cf4547ff7a9f4d652a13d5c388ca3f9d9a6f9ee91a858f4628f5e9b81957bcf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_Game/Common/ObsSystem.cs", "duplicate_line": 8, "correlation_key": "fp|6cf4547ff7a9f4d652a13d5c388ca3f9d9a6f9ee91a858f4628f5e9b81957bcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/Common/ObsSystem.cs"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111384, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b28956cd76106898758ce3697886bea72d85b783eb68cb092065263a42ccb376", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_Game/Common/FrameEnum.cs", "duplicate_line": 16, "correlation_key": "fp|b28956cd76106898758ce3697886bea72d85b783eb68cb092065263a42ccb376"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/Common/FrameEnum.cs"}, "region": {"startLine": 222}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ad67fd50f584ac8e044374e6cdfc35b080b3c815329024b0c846bffb4cb7920", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_HotFix/CommandSystem/CmdWindow/CmdWindowFill.cs", "duplicate_line": 19, "correlation_key": "fp|8ad67fd50f584ac8e044374e6cdfc35b080b3c815329024b0c846bffb4cb7920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/CommandSystem/CmdWindow/CmdWindowSlider.cs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111382, "scanner": "repobility-ai-code-hygiene", "fingerprint": "76630ec29d6bd9bd3d563c6324471f988867c26efc7640e7f9fdbdff53b0e944", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_HotFix/CommandSystem/CmdTransformable/CmdTransformableMoveCurve.cs", "duplicate_line": 10, "correlation_key": "fp|76630ec29d6bd9bd3d563c6324471f988867c26efc7640e7f9fdbdff53b0e944"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/CommandSystem/CmdTransformable/CmdTransformableMoveCurveSpan.cs"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111381, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad9050fd261522c95ce236e9b346a6e1fa07397c60640e7d5c91ea45ebb6103b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_Game/AssetVersionSystem/AssetVersionSystem.cs", "duplicate_line": 60, "correlation_key": "fp|ad9050fd261522c95ce236e9b346a6e1fa07397c60640e7d5c91ea45ebb6103b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/AssetVersionSystem/AssetVersionSystem.cs"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111380, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5fab7ef2bfb3609c6e741460e3f7fefb77f6594fc753201f486010546d56509b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_Game/Android/AndroidAssetLoader.cs", "duplicate_line": 54, "correlation_key": "fp|5fab7ef2bfb3609c6e741460e3f7fefb77f6594fc753201f486010546d56509b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/Android/AndroidAssetLoader.cs"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111379, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a5954d3a13e3671ee9ed42ea34f20d8626085b69e0a794e7733e79a88282266", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Scripts/Frame_Game/ScriptStaticAttach/ResLocalizationRuntimeText.cs", "duplicate_line": 59, "correlation_key": "fp|5a5954d3a13e3671ee9ed42ea34f20d8626085b69e0a794e7733e79a88282266"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_Game/ScriptStaticAttach/ResLocalizationText.cs"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111378, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b56a932d0969feee2e1a7a6d5762fe7602a3c9384329c717934529ccdf2b55d3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Editor/Frame/EditorWindow/UGUIGeneratorInspector.cs", "duplicate_line": 56, "correlation_key": "fp|b56a932d0969feee2e1a7a6d5762fe7602a3c9384329c717934529ccdf2b55d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Editor/Frame/EditorWindow/UGUISubGeneratorInspector.cs"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111377, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c938b7a01c4e551db6ed70b37902652557ac4a1c668efed1b1f6aa3329cb2ca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/Editor/Frame/EditorWindow/GameEditorWindow.cs", "duplicate_line": 36, "correlation_key": "fp|9c938b7a01c4e551db6ed70b37902652557ac4a1c668efed1b1f6aa3329cb2ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Editor/Frame/EditorWindow/GameInspector.cs"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111376, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34184b64b7a6c85b8bd2964a444865dc29562b9e59a7bd13cc7feaa3415ead25", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Assets/3rdParty/AVProVideo/Scripts/Components/ApplyToMaterial.cs", "duplicate_line": 17, "correlation_key": "fp|34184b64b7a6c85b8bd2964a444865dc29562b9e59a7bd13cc7feaa3415ead25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/ApplyToMesh.cs"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 111360, "scanner": "repobility-threat-engine", "fingerprint": "2ef03a820b289fea5dc49372fa6b13759189968d935024b58485b4c9441464c4", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\", status:\" + status + \", code:\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2ef03a820b289fea5dc49372fa6b13759189968d935024b58485b4c9441464c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Editor/Game/PlatformInfo.cs"}, "region": {"startLine": 334}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 111359, "scanner": "repobility-threat-engine", "fingerprint": "7248ff3fcc91738bd4e12c04b8a24d7f30528cfde4c27438cb547e78936c81fd", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\" -verbose -keystore \" + keyStoreFile + \" -sigalg SHA256withRSA -storepass \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7248ff3fcc91738bd4e12c04b8a24d7f30528cfde4c27438cb547e78936c81fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Editor/Game/PlatformAndroid.cs"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 111358, "scanner": "repobility-threat-engine", "fingerprint": "f214e3811eef5e7f73920e35d168f34f20772c13c8acc5b28444e77b0dca9955", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"\u9009\u4e2d\u7684\u8282\u70b9\u5fc5\u987b\u662f\" + UGUI_ROOT + \"\u7684\u4e00\u7ea7\u5b50\u8282\u70b9\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f214e3811eef5e7f73920e35d168f34f20772c13c8acc5b28444e77b0dca9955"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Editor/Frame/Menu/MenuAnchor.cs"}, "region": {"startLine": 25}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 111336, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 111374, "scanner": "repobility-threat-engine", "fingerprint": "8aca0f56c66b6b9c93ce6a99987bfd8e7c6e3c455475dfa1c59743b3b058dc54", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8aca0f56c66b6b9c93ce6a99987bfd8e7c6e3c455475dfa1c59743b3b058dc54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/CodeGenerator/Frame/SQLite/SQLiteTable.h"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 111373, "scanner": "repobility-threat-engine", "fingerprint": "d07ddc92151734e7e1df1e1f446d44f10259498e2b1f395e0d7aa7fa5fe01838", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d07ddc92151734e7e1df1e1f446d44f10259498e2b1f395e0d7aa7fa5fe01838"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/CodeGenerator/Frame/SQLite/SQLiteDataReader.h"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 111370, "scanner": "repobility-threat-engine", "fingerprint": "58fe92dfe6e97b6adfe63db871e448034175d2b56584210bf8112c2ee07eac96", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|58fe92dfe6e97b6adfe63db871e448034175d2b56584210bf8112c2ee07eac96", "aggregated_count": 1}}}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 111366, "scanner": "repobility-threat-engine", "fingerprint": "debf9fb037a976f9a250167e3b348565e71ddf5dda1d834f165acc9052299fe7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|debf9fb037a976f9a250167e3b348565e71ddf5dda1d834f165acc9052299fe7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/CodeGenerator/Frame/STL/mySTL.h"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 111365, "scanner": "repobility-threat-engine", "fingerprint": "c406d5bcc99183e1338b9243c7835a33f89ac938588697fa35b07c29af5c42cb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c406d5bcc99183e1338b9243c7835a33f89ac938588697fa35b07c29af5c42cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/AtlasPacker/AtlasPacker/STL/mySTL.h"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 40 more): Same pattern found in 40 additional files. Review if needed."}, "properties": {"repobilityId": 111361, "scanner": "repobility-threat-engine", "fingerprint": "ea519fbd27f8a734e472cb9803794c8fe01f3ecc9bd724ca5edbf97e0fd1d7b9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ea519fbd27f8a734e472cb9803794c8fe01f3ecc9bd724ca5edbf97e0fd1d7b9"}}}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 111357, "scanner": "repobility-threat-engine", "fingerprint": "c99e84751a1f49acb2a05f8e16365a1ec0085c51b7a83f3c71cbd43d21478817", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c99e84751a1f49acb2a05f8e16365a1ec0085c51b7a83f3c71cbd43d21478817", "aggregated_count": 4}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 111353, "scanner": "repobility-threat-engine", "fingerprint": "d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 137 more): Same pattern found in 137 additional files. Review if needed."}, "properties": {"repobilityId": 111349, "scanner": "repobility-threat-engine", "fingerprint": "81a5be5bf3ad6d1e9ace332a230c1d3450fa21fd54b66fdb3ba62e08b44256ec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 137 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 137 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|81a5be5bf3ad6d1e9ace332a230c1d3450fa21fd54b66fdb3ba62e08b44256ec"}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 111345, "scanner": "repobility-threat-engine", "fingerprint": "9b34786711d2cb4d0d03413cf2beabd5d2bf68b6e354a9f805e3d1d3bbce9810", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9b34786711d2cb4d0d03413cf2beabd5d2bf68b6e354a9f805e3d1d3bbce9810", "aggregated_count": 1}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 111344, "scanner": "repobility-threat-engine", "fingerprint": "340324109d146c03ec5dcce10121ca011c6eded143929872f62ece616cdae8b3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|340324109d146c03ec5dcce10121ca011c6eded143929872f62ece616cdae8b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/SubtitlesUGUI.cs"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 111343, "scanner": "repobility-threat-engine", "fingerprint": "64f9956a47c5cb13f40ecf83f7eacdc3ff5cc1e4b7f28cce211ed461cab89caa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64f9956a47c5cb13f40ecf83f7eacdc3ff5cc1e4b7f28cce211ed461cab89caa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/AudioOutput.cs"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 111342, "scanner": "repobility-threat-engine", "fingerprint": "e842c8c8433b2c24160476b93247fe1c5d38623986205cf3d0239eafec4e4b13", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e842c8c8433b2c24160476b93247fe1c5d38623986205cf3d0239eafec4e4b13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/ApplyToMesh.cs"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 111341, "scanner": "repobility-threat-engine", "fingerprint": "7799d82dbb37b51c44d7a5ba2f2e4edeef95309d183bb4b817ddfe8bfcef0cb6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7799d82dbb37b51c44d7a5ba2f2e4edeef95309d183bb4b817ddfe8bfcef0cb6", "aggregated_count": 11}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111340, "scanner": "repobility-threat-engine", "fingerprint": "45015594e45f84de6cac765a9878934db576bf84f2af3c3355f538a901962691", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|45015594e45f84de6cac765a9878934db576bf84f2af3c3355f538a901962691"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/AudioOutput.cs"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111339, "scanner": "repobility-threat-engine", "fingerprint": "0c4d8e85546119e3520739e8cb1c0ad539e40ed477d6443142dbe9b7c2379752", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c4d8e85546119e3520739e8cb1c0ad539e40ed477d6443142dbe9b7c2379752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/ApplyToMesh.cs"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111338, "scanner": "repobility-threat-engine", "fingerprint": "87ed7afc9dfdbc4889b6c9aac15893189bc9eb2f51bd9e3be1969a6a9c0abe0a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|87ed7afc9dfdbc4889b6c9aac15893189bc9eb2f51bd9e3be1969a6a9c0abe0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/ApplyToMaterial.cs"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/x86/Audio360.dll` committed in source repo: `Assets/Plugins/x86/Audio360.dll` is a .dll binary (1,630,208 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111416, "scanner": "repobility-supply-chain", "fingerprint": "9b1e7239efee8b24648aff78149780f5aa32b891b1bd67e08c4487e3af1f4fab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9b1e7239efee8b24648aff78149780f5aa32b891b1bd67e08c4487e3af1f4fab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/x86/Audio360.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/x86/sqlite3.dll` committed in source repo: `Assets/Plugins/x86/sqlite3.dll` is a .dll binary (456,552 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111415, "scanner": "repobility-supply-chain", "fingerprint": "9bc275b2dfa88b0ba4d3dd577f0949a7e213c2f121ae8d8d86fd0473d2e9725a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9bc275b2dfa88b0ba4d3dd577f0949a7e213c2f121ae8d8d86fd0473d2e9725a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/x86/sqlite3.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/iOS/libAVProVideoiOS.a` committed in source repo: `Assets/Plugins/iOS/libAVProVideoiOS.a` is a .a binary (5,581,200 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111414, "scanner": "repobility-supply-chain", "fingerprint": "ccb59c0cc907781f5eb3dcb5bacfabeb92c5d5ba56d9ca350597c16eb0908c4d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ccb59c0cc907781f5eb3dcb5bacfabeb92c5d5ba56d9ca350597c16eb0908c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/iOS/libAVProVideoiOS.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Android/AVProVideo.jar` committed in source repo: `Assets/Plugins/Android/AVProVideo.jar` is a .jar binary (181,006 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111413, "scanner": "repobility-supply-chain", "fingerprint": "6cd1a1007265dc9baf21aacf7898b69d793548e56d898d0cdb06498774828581", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6cd1a1007265dc9baf21aacf7898b69d793548e56d898d0cdb06498774828581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Android/AVProVideo.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Android/audio360.jar` committed in source repo: `Assets/Plugins/Android/audio360.jar` is a .jar binary (64,885 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111412, "scanner": "repobility-supply-chain", "fingerprint": "a5f1b367e62710cbd98dc4096f4325763bd2083cde57000ce88e7b776dea7d8e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a5f1b367e62710cbd98dc4096f4325763bd2083cde57000ce88e7b776dea7d8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Android/audio360.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Android/audio360-exo28.jar` committed in source repo: `Assets/Plugins/Android/audio360-exo28.jar` is a .jar binary (10,766 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111411, "scanner": "repobility-supply-chain", "fingerprint": "0af98da9bcff9149dab43628f5b86b634133060da90c095d04e004595fe9c08d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0af98da9bcff9149dab43628f5b86b634133060da90c095d04e004595fe9c08d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Android/audio360-exo28.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Android/exoplayer2-hls.jar` committed in source repo: `Assets/Plugins/Android/exoplayer2-hls.jar` is a .jar binary (96,965 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111410, "scanner": "repobility-supply-chain", "fingerprint": "6c6119577210277ec700044e8172169cd4f3f3a4e4fbb5cb3b7b7e8bf8e8a17b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6c6119577210277ec700044e8172169cd4f3f3a4e4fbb5cb3b7b7e8bf8e8a17b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Android/exoplayer2-hls.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Android/exoplayer2-smoothstreaming.jar` committed in source repo: `Assets/Plugins/Android/exoplayer2-smoothstreaming.jar` is a .jar binary (49,237 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111409, "scanner": "repobility-supply-chain", "fingerprint": "ae67c4a31078a9f14d6037e6dc1184a89e368ee847bc3f5c652ad4c3417373b4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ae67c4a31078a9f14d6037e6dc1184a89e368ee847bc3f5c652ad4c3417373b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Android/exoplayer2-smoothstreaming.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Android/exoplayer2-dash.jar` committed in source repo: `Assets/Plugins/Android/exoplayer2-dash.jar` is a .jar binary (116,488 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111408, "scanner": "repobility-supply-chain", "fingerprint": "d3bed0f4e3b88ae4d3e64b5d6bf6dfcaa9457f792ac5cd45420ddd6320087bb3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d3bed0f4e3b88ae4d3e64b5d6bf6dfcaa9457f792ac5cd45420ddd6320087bb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Android/exoplayer2-dash.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Android/exoplayer2.jar` committed in source repo: `Assets/Plugins/Android/exoplayer2.jar` is a .jar binary (1,426,335 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111407, "scanner": "repobility-supply-chain", "fingerprint": "370cf5ec487e3f1bbd2fc4f2e6bf922d3525603692fcc64896e04508cd20d662", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|370cf5ec487e3f1bbd2fc4f2e6bf922d3525603692fcc64896e04508cd20d662"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Android/exoplayer2.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Android/zip_file.jar` committed in source repo: `Assets/Plugins/Android/zip_file.jar` is a .jar binary (12,406 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111406, "scanner": "repobility-supply-chain", "fingerprint": "ca9bbc257aa7f5dbacbc7f6b8ce0c7f90620bd8e863c33b34a53b188d60e7537", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ca9bbc257aa7f5dbacbc7f6b8ce0c7f90620bd8e863c33b34a53b188d60e7537"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Android/zip_file.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.Pdb.dll` committed in source repo: `Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.Pdb.dll` is a .dll binary (79,360 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111405, "scanner": "repobility-supply-chain", "fingerprint": "c9603853431d9f0b6ba18205bbd6e615424301f43ee44f5a1c1e303218f747f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c9603853431d9f0b6ba18205bbd6e615424301f43ee44f5a1c1e303218f747f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.Pdb.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.dll` committed in source repo: `Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.dll` is a .dll binary (301,056 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111404, "scanner": "repobility-supply-chain", "fingerprint": "c7efe67aab9ac18c1d17bef79ef70a895c261b94b1e876e66979b22fef732e75", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c7efe67aab9ac18c1d17bef79ef70a895c261b94b1e876e66979b22fef732e75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.Mdb.dll` committed in source repo: `Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.Mdb.dll` is a .dll binary (43,520 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111403, "scanner": "repobility-supply-chain", "fingerprint": "5ad7877ca69fde0c5acbd521910add3edefed744a001cd3d0353ea161a3c33c2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5ad7877ca69fde0c5acbd521910add3edefed744a001cd3d0353ea161a3c33c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/UnityObfuscator/Plugins/Cecil/Mono.Cecil.Mdb.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/3rdParty/codeandweb.com/Editor/TexturePackerImporter.dll` committed in source repo: `Assets/3rdParty/codeandweb.com/Editor/TexturePackerImporter.dll` is a .dll binary (27,136 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111402, "scanner": "repobility-supply-chain", "fingerprint": "7daa4c0d6cf726f95d936ca6003fb3f15e4469a5b4cd491773662a27bab8f7a7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7daa4c0d6cf726f95d936ca6003fb3f15e4469a5b4cd491773662a27bab8f7a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/codeandweb.com/Editor/TexturePackerImporter.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Assets/Plugins/Mono.Data.Sqlite.dll` committed in source repo: `Assets/Plugins/Mono.Data.Sqlite.dll` is a .dll binary (169,984 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111401, "scanner": "repobility-supply-chain", "fingerprint": "af92443028feae6685bb851de91c308e3f1ce87acff1486562aa9467f2302ddd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af92443028feae6685bb851de91c308e3f1ce87acff1486562aa9467f2302ddd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Plugins/Mono.Data.Sqlite.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelConverter.dll` committed in source repo: `\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelConverter.dll` is a .dll binary (59,904 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111400, "scanner": "repobility-supply-chain", "fingerprint": "0cd51facbcf513e57f2c342046ba9f77f5ab96f65c852f0bcc45750ecfa23a85", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0cd51facbcf513e57f2c342046ba9f77f5ab96f65c852f0bcc45750ecfa23a85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelConverter.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelDataReader.DataSet.dll` committed in source repo: `\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelDataReader.DataSet.dll` is a .dll binary (9,728 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111399, "scanner": "repobility-supply-chain", "fingerprint": "b159dab49e0413f9eeb82a1e8cc8a6715a97ebfc056f2ba75918f9722976dab6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b159dab49e0413f9eeb82a1e8cc8a6715a97ebfc056f2ba75918f9722976dab6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelDataReader.DataSet.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelConverter.exe` committed in source repo: `\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelConverter.exe` is a .exe binary (157,696 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111398, "scanner": "repobility-supply-chain", "fingerprint": "40c69e6eaa05d79857176fb28e673cdc8cf38aeea34600215ce2dfe971da5233", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|40c69e6eaa05d79857176fb28e673cdc8cf38aeea34600215ce2dfe971da5233"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelConverter.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelDataReader.dll` committed in source repo: `\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelDataReader.dll` is a .dll binary (161,280 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111397, "scanner": "repobility-supply-chain", "fingerprint": "43e00610f0940683f730b2dd8f1da27319abd7c78d8c30f613c2976fee625a45", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|43e00610f0940683f730b2dd8f1da27319abd7c78d8c30f613c2976fee625a45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "\u81ea\u52a8\u5904\u7406\u5de5\u5177/ExcelConverter/ExcelDataReader.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `\u81ea\u52a8\u5904\u7406\u5de5\u5177/AtlasPacker/AtlasPacker.exe` committed in source repo: `\u81ea\u52a8\u5904\u7406\u5de5\u5177/AtlasPacker/AtlasPacker.exe` is a .exe binary (62,976 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111396, "scanner": "repobility-supply-chain", "fingerprint": "559bf7fa79db55e4187897b83c455804f2a7439381bb1a3726d4cb505df6a30d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|559bf7fa79db55e4187897b83c455804f2a7439381bb1a3726d4cb505df6a30d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "\u81ea\u52a8\u5904\u7406\u5de5\u5177/AtlasPacker/AtlasPacker.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `\u81ea\u52a8\u5904\u7406\u5de5\u5177/AtlasPacker/FreeImage.dll` committed in source repo: `\u81ea\u52a8\u5904\u7406\u5de5\u5177/AtlasPacker/FreeImage.dll` is a .dll binary (5,647,872 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111395, "scanner": "repobility-supply-chain", "fingerprint": "f7a71b29c71a1881b6134a9b91da342feeb55fcd6db00b5ebed0349031f4be61", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7a71b29c71a1881b6134a9b91da342feeb55fcd6db00b5ebed0349031f4be61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "\u81ea\u52a8\u5904\u7406\u5de5\u5177/AtlasPacker/FreeImage.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `ToolProject/AtlasPacker/FreeImage.dll` committed in source repo: `ToolProject/AtlasPacker/FreeImage.dll` is a .dll binary (5,647,872 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111394, "scanner": "repobility-supply-chain", "fingerprint": "57e3533a2fcf8077af526cb1d19678f884935c10a4a8a462d953aeff4b8f9486", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|57e3533a2fcf8077af526cb1d19678f884935c10a4a8a462d953aeff4b8f9486"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/AtlasPacker/FreeImage.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `AndroidProject/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `AndroidProject/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (53,636 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111393, "scanner": "repobility-supply-chain", "fingerprint": "89db5ddf4db1f30660a3d32a5850ea6601397303358dc00656a22a461bfd2bd8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|89db5ddf4db1f30660a3d32a5850ea6601397303358dc00656a22a461bfd2bd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AndroidProject/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `Analyzers/AnalyzerUnity.dll` committed in source repo: `Analyzers/AnalyzerUnity.dll` is a .dll binary (12,800 bytes) committed to a repo that otherwise has 1202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 111392, "scanner": "repobility-supply-chain", "fingerprint": "e38d5299046cf30ac72cd72362650c3d31ad721b5829fc58ab55a72f5e87f444", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e38d5299046cf30ac72cd72362650c3d31ad721b5829fc58ab55a72f5e87f444"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Analyzers/AnalyzerUnity.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 111372, "scanner": "repobility-threat-engine", "fingerprint": "65749daffd34f0a376ccd529e30dc34f7697e5acda0be8c88ab9422257c8dabf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65749daffd34f0a376ccd529e30dc34f7697e5acda0be8c88ab9422257c8dabf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/CodeGenerator/Game/main.cpp"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 111371, "scanner": "repobility-threat-engine", "fingerprint": "f6098972b0706a19f5567f6795400d0cfc875ab1309e3fda6eda07413f1be659", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6098972b0706a19f5567f6795400d0cfc875ab1309e3fda6eda07413f1be659"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/AtlasPacker/AtlasPacker/main.cpp"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC025", "level": "error", "message": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure and SSRF via XXE."}, "properties": {"repobilityId": 111363, "scanner": "repobility-threat-engine", "fingerprint": "141d4b08b5d103f1db1592b4e652c010d91acff6bea8c0c665fa2f55cfe46e85", "category": "xxe", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "XmlReader.Create(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC025", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|141d4b08b5d103f1db1592b4e652c010d91acff6bea8c0c665fa2f55cfe46e85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_HotFix/Common/ObsSystem.cs"}, "region": {"startLine": 242}}}]}, {"ruleId": "SEC025", "level": "error", "message": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure and SSRF via XXE."}, "properties": {"repobilityId": 111362, "scanner": "repobility-threat-engine", "fingerprint": "ecd2c5b2d6115202d1a3fb2b837bf167f842acb9a47fa12b25ce3f6fbeb3d444", "category": "xxe", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "XmlReader.Create(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC025", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ecd2c5b2d6115202d1a3fb2b837bf167f842acb9a47fa12b25ce3f6fbeb3d444"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_Game/Common/ObsSystem.cs"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 111356, "scanner": "repobility-threat-engine", "fingerprint": "9ca459619963df29b29d9dc0888923b4794f770d527509ba551c723f8130cc0f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9ca459619963df29b29d9dc0888923b4794f770d527509ba551c723f8130cc0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/AtlasPacker/AtlasPacker/md5/md5.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 111355, "scanner": "repobility-threat-engine", "fingerprint": "ffc2d29a675aa820b49bf820febd047afcf4aed881ace28f3f2572b893ef066e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ffc2d29a675aa820b49bf820febd047afcf4aed881ace28f3f2572b893ef066e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Game/GameScene/LaunchScene/LaunchSceneFileList.cs"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 111354, "scanner": "repobility-threat-engine", "fingerprint": "9cd55f2a81006d382c64c25f4dcf94d092c8aa049c58974da7a51bac98ca0752", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9cd55f2a81006d382c64c25f4dcf94d092c8aa049c58974da7a51bac98ca0752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Editor/Frame/Menu/EditorFileUtility.cs"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 111352, "scanner": "repobility-threat-engine", "fingerprint": "4901beb42842f8238cea919bbc985d3ff600e62025034112955d09ac7f1cb597", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(m", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4901beb42842f8238cea919bbc985d3ff600e62025034112955d09ac7f1cb597"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_Game/Common/ObsSystem.cs"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 111351, "scanner": "repobility-threat-engine", "fingerprint": "e2977f6bd8e202357780dcd7e4c579afb5b184e786beaf4fdec73f420cfc65b2", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(m", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e2977f6bd8e202357780dcd7e4c579afb5b184e786beaf4fdec73f420cfc65b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/Scripts/Frame_Game/AssetVersionSystem/GameDownload.cs"}, "region": {"startLine": 134}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 111350, "scanner": "repobility-threat-engine", "fingerprint": "7169c9e3adb36784df6ef91386bec845a0e91b4d02fb3d4a8afba4937111659c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7169c9e3adb36784df6ef91386bec845a0e91b4d02fb3d4a8afba4937111659c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Internal/BaseMediaPlayer.cs"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 111348, "scanner": "repobility-threat-engine", "fingerprint": "42cc92cf1dbe2f920f7e8e79c60bf85af62dfaf4f779690a6a2f2f7553e6ffed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "serializedObject.Update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|42cc92cf1dbe2f920f7e8e79c60bf85af62dfaf4f779690a6a2f2f7553e6ffed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Editor/ApplyToMeshEditor.cs"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 111347, "scanner": "repobility-threat-engine", "fingerprint": "08fbe1b59a034316d8df2673cb71f705a88f39af36499569d4387d255eb14135", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Material.Destroy(_material);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|08fbe1b59a034316d8df2673cb71f705a88f39af36499569d4387d255eb14135"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/DisplayIMGUI.cs"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 111346, "scanner": "repobility-threat-engine", "fingerprint": "3d02650d6bcc1b3c71abee0a73e302333654912d8a5f00766190237516d41239", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Mesh.Destroy(_mesh);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3d02650d6bcc1b3c71abee0a73e302333654912d8a5f00766190237516d41239"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Assets/3rdParty/AVProVideo/Scripts/Components/CubemapCube.cs"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 111369, "scanner": "repobility-threat-engine", "fingerprint": "0e6a59a9adad664be1b2a664c9c1c16cb38e127a14e42972fe99809ed8dd9647", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0e6a59a9adad664be1b2a664c9c1c16cb38e127a14e42972fe99809ed8dd9647"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/CodeGenerator/Frame/Dependency/md5/md5.cpp"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 111368, "scanner": "repobility-threat-engine", "fingerprint": "28349dc9f2066dbc6ebb445e5a2e472e13167d95a7d953cec869ca105ee06737", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28349dc9f2066dbc6ebb445e5a2e472e13167d95a7d953cec869ca105ee06737"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/AtlasPacker/AtlasPacker/md5/md5.cpp"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 111367, "scanner": "repobility-threat-engine", "fingerprint": "4e7082236b56d945fbc7625f66b7fe955fdb3c11f053520f5c186f5eae704029", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4e7082236b56d945fbc7625f66b7fe955fdb3c11f053520f5c186f5eae704029"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ToolProject/AtlasPacker/AtlasPacker/Utility/SystemUtility.cpp"}, "region": {"startLine": 114}}}]}]}]}