{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n  const u = new URL(serverUrl, location.href);\n  if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n  location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `process_dir` has cognitive complexity 8 (SonarSource scale). Cognitive co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `process_dir` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion al"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Committed build outputs and caches make scans slower, confuse duplicate-code checks, and give AI agents stale generated code to imitate."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "SEC039", "name": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest (and 12 more): Same pattern found in 12 additi", "shortDescription": {"text": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Use a purpose-built password hash:\n  - Python: passlib.hash.argon2.hash(password)\n  - Python: bcrypt.hashpw(password.encode(), bcrypt.gensalt())\n  - Python: hashlib.pbkdf2_hmac('sha256', password, salt, 600000)\n  - PHP: password_hash($password, PASSWORD_ARGON2ID)\n  - Node.js: argon2.hash(password) or bcrypt.hash(password, 12)\nWhen rotating, accept both old + new for one session each, then re-hash on next login."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress (and 39 more): Same pattern found in 39 additional files. Review if needed.", "shortDescription": {"text": "[MINED048] Php Error Suppress (and 39 more): Same pattern found in 39 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal (and 18 more): Same pattern found in 18 additional files. Review if needed.", "shortDescription": {"text": "[SEC084] JS: require() with non-literal (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED104", "name": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local pr", "shortDescription": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "fullDescription": {"text": "Use the least-privilege mode the file actually needs (e.g. 640 for configs, 750 for executables). For directories that genuinely need shared write access, use a group with chmod g+w and chown the right group."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `nick-fields/retry` pinned to mutable ref `@v3`", "shortDescription": {"text": "Action `nick-fields/retry` pinned to mutable ref `@v3`"}, "fullDescription": {"text": "`uses: nick-fields/retry@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `mcr.microsoft.com/vscode/devcontainers/base:0-` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `mcr.microsoft.com/vscode/devcontainers/base:0-` not pinned by digest"}, "fullDescription": {"text": "`FROM mcr.microsoft.com/vscode/devcontainers/base:0-` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/553"}, "properties": {"repository": "phpbb/phpbb", "repoUrl": "https://github.com/phpbb/phpbb", "branch": "master"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 36019, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 36018, "scanner": "repobility-docker", "fingerprint": "1f9e5399de3fba9385ae2d8cbc7c9251f920cf56a7ed00bc1886b8e6369114b3", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/vscode/devcontainers/base:0-${VARIANT}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1f9e5399de3fba9385ae2d8cbc7c9251f920cf56a7ed00bc1886b8e6369114b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 36015, "scanner": "repobility-threat-engine", "fingerprint": "ec9ca6f8ef9dd00ba778f525616e99968dfff7b435aa7c6ba63d73a4355a6a42", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ">exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|93|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/driver/sqlite3.php"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 36014, "scanner": "repobility-threat-engine", "fingerprint": "de2f1dba1945d04c2684ebd8b6afed238c8a08d7b55058b63b5d9f8cb6588f45", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.2 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password='<redacted>'", "reason": "Low entropy value (3.2 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|3|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/driver/postgres.php"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 36009, "scanner": "repobility-threat-engine", "fingerprint": "253953810b072d33bd28b1ff040ec057a616d6f5b50e5128e9a9cbbedffc0789", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=$4 target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|phpbb/phpbb/feed/helper.php|157|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/feed/helper.php"}, "region": {"startLine": 157}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 36008, "scanner": "repobility-threat-engine", "fingerprint": "bd7ebbb8eab11dc7b9c5206819f80abe725aea83b56295af37df8548faee928b", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"https://www.phpbb.com/community/\" target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|phpbb/install/startup.php|188|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/install/startup.php"}, "region": {"startLine": 188}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 35993, "scanner": "repobility-threat-engine", "fingerprint": "aa5aa2e1c6c2a685810fa8ec38f83fabf9f06d1a1ac23436f19f4d9f56478722", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.location = response.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aa5aa2e1c6c2a685810fa8ec38f83fabf9f06d1a1ac23436f19f4d9f56478722"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/assets/javascript/phpbb-avatars.js"}, "region": {"startLine": 245}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 36022, "scanner": "repobility-web-presence", "fingerprint": "494ad35b06dc268c759a04939771f526ad8fa823844f47e41178503c535a150c", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|494ad35b06dc268c759a04939771f526ad8fa823844f47e41178503c535a150c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "git-tools/merge.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `process_dir` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=2, if=2, nested_bonus=4."}, "properties": {"repobilityId": 36002, "scanner": "repobility-threat-engine", "fingerprint": "85f06d8a01f7f97f2f846ca364b38fe06f84e22fd7ec4b0cbb05ae25d81a09d6", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "process_dir", "breakdown": {"if": 2, "for": 2, "nested_bonus": 4}, "complexity": 8, "correlation_key": "fp|85f06d8a01f7f97f2f846ca364b38fe06f84e22fd7ec4b0cbb05ae25d81a09d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/remove-php-end-tags.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 35984, "scanner": "repobility-threat-engine", "fingerprint": "b2bd710f23f2df28bfaeea2046a96ef658ee771f7db6cf8246b90e3af8512176", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'permissions-preset-' + quick + ' activetab'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b2bd710f23f2df28bfaeea2046a96ef658ee771f7db6cf8246b90e3af8512176"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/adm/style/permissions.js"}, "region": {"startLine": 119}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35948, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9211eb3df9e8146e03a00e347aa3f1c6d139882bf25eb0f359fb2db2c937a6a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/db/extractor/mssql_extractor.php", "duplicate_line": 14, "correlation_key": "fp|9211eb3df9e8146e03a00e347aa3f1c6d139882bf25eb0f359fb2db2c937a6a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/extractor/oracle_extractor.php"}, "region": {"startLine": 184}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35947, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d04b33c173f9c326400bfca3cc84b3499d1c65cbf46d3800624f5923734c1a42", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/db/driver/mssql_odbc.php", "duplicate_line": 94, "correlation_key": "fp|d04b33c173f9c326400bfca3cc84b3499d1c65cbf46d3800624f5923734c1a42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/driver/sqlite3.php"}, "region": {"startLine": 62}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35946, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77af261336352fb670061a36436e9c8aa33eb60131f0b80c02992447044804f9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/db/driver/mssql_odbc.php", "duplicate_line": 94, "correlation_key": "fp|77af261336352fb670061a36436e9c8aa33eb60131f0b80c02992447044804f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/driver/postgres.php"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35945, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d9733e91426a8ed03c50421c105e1d735b765c2d3b80e91787c3970e06fdd66", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/db/driver/mssql_odbc.php", "duplicate_line": 94, "correlation_key": "fp|4d9733e91426a8ed03c50421c105e1d735b765c2d3b80e91787c3970e06fdd66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/driver/oracle.php"}, "region": {"startLine": 170}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35944, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c2d8ee03ad2e572abaf32a01f9d8d1e42729fab60d5e1c74985069271563363", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/db/driver/mssql_odbc.php", "duplicate_line": 94, "correlation_key": "fp|6c2d8ee03ad2e572abaf32a01f9d8d1e42729fab60d5e1c74985069271563363"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/driver/mssqlnative.php"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35943, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9edc1f43b58b61dbe3c50246288d673d7084d75385eb73acfd2395d74648a155", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/cron/task/core/tidy_database.php", "duplicate_line": 4, "correlation_key": "fp|9edc1f43b58b61dbe3c50246288d673d7084d75385eb73acfd2395d74648a155"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/cron/task/core/tidy_warnings.php"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35942, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b16d9944b52e6611977ee0ddc64236ab4c8bc854be6417be8b4cbacc38b5ef3d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/console/command/user/activate.php", "duplicate_line": 56, "correlation_key": "fp|b16d9944b52e6611977ee0ddc64236ab4c8bc854be6417be8b4cbacc38b5ef3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/console/command/user/add.php"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35941, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c56a6fc33ebc9cc36031b4e3632cea2000e9437da337acbd13e00633ed910f71", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/console/command/searchindex/create.php", "duplicate_line": 1, "correlation_key": "fp|c56a6fc33ebc9cc36031b4e3632cea2000e9437da337acbd13e00633ed910f71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/console/command/searchindex/delete.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35940, "scanner": "repobility-ai-code-hygiene", "fingerprint": "edad65b5771ae7dd231bea0d301ce3cf14916560e369b6b52132c255ae846617", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/console/command/extension/install.php", "duplicate_line": 38, "correlation_key": "fp|edad65b5771ae7dd231bea0d301ce3cf14916560e369b6b52132c255ae846617"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/console/command/extension/update.php"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35939, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e01c06780c90097497e923f3df3806a9e64da64ca3a5e0f751357639524c9045", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/console/command/extension/install.php", "duplicate_line": 1, "correlation_key": "fp|e01c06780c90097497e923f3df3806a9e64da64ca3a5e0f751357639524c9045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/console/command/extension/remove.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35938, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ecadfafec2f0c1bf656cb331d07ceb0511c3575d0140e246e6e0b15df5d883cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/console/command/config/increment.php", "duplicate_line": 25, "correlation_key": "fp|ecadfafec2f0c1bf656cb331d07ceb0511c3575d0140e246e6e0b15df5d883cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/console/command/config/set_atomic.php"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35937, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c782958d0b390629454cbdaf292f52cbb14bbd71eb8bb71d3dfdee3d0355da1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/console/command/config/set.php", "duplicate_line": 23, "correlation_key": "fp|8c782958d0b390629454cbdaf292f52cbb14bbd71eb8bb71d3dfdee3d0355da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/console/command/config/set_atomic.php"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35936, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b15ad152cf54d82f13f89ef8a6414772613594af87e5e6cfb1e39e0d79358c5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/console/command/config/increment.php", "duplicate_line": 25, "correlation_key": "fp|4b15ad152cf54d82f13f89ef8a6414772613594af87e5e6cfb1e39e0d79358c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/console/command/config/set.php"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35935, "scanner": "repobility-ai-code-hygiene", "fingerprint": "361c7d67f0665c4c777864bcc68bd8041d7375d6b3fcdd586c2ef548f7a3e09f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/auth/provider/apache.php", "duplicate_line": 38, "correlation_key": "fp|361c7d67f0665c4c777864bcc68bd8041d7375d6b3fcdd586c2ef548f7a3e09f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/auth/provider/ldap.php"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35934, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14473a0dfbab4f509e3b1cf9d0afba7354ef11dc45234c3b5575fe04b4345b05", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/auth/provider/apache.php", "duplicate_line": 38, "correlation_key": "fp|14473a0dfbab4f509e3b1cf9d0afba7354ef11dc45234c3b5575fe04b4345b05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/auth/provider/db.php"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35933, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d4716c4cce5e32293246d0b0a059855c5327db5104dc39873941624733a88965", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/includes/ucp/ucp_groups.php", "duplicate_line": 507, "correlation_key": "fp|d4716c4cce5e32293246d0b0a059855c5327db5104dc39873941624733a88965"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/ucp/ucp_profile.php"}, "region": {"startLine": 489}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35932, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d41cee2b54ae4c9ac9943664d1bc3b3705656eaf8ecc10775565c6411912dfff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/includes/ucp/ucp_notifications.php", "duplicate_line": 84, "correlation_key": "fp|d41cee2b54ae4c9ac9943664d1bc3b3705656eaf8ecc10775565c6411912dfff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/ucp/ucp_pm.php"}, "region": {"startLine": 187}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35931, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e004eb54c9e5434e9a458d394ebfa5febd325dbcb1651b12e521831eaa708750", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/includes/acp/acp_logs.php", "duplicate_line": 61, "correlation_key": "fp|e004eb54c9e5434e9a458d394ebfa5febd325dbcb1651b12e521831eaa708750"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/mcp/mcp_logs.php"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35930, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35b0821e25f6da90148975c61419d6b03764b5358ce996ee4ecd09e9b4134ea3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/includes/acp/acp_inactive.php", "duplicate_line": 182, "correlation_key": "fp|35b0821e25f6da90148975c61419d6b03764b5358ce996ee4ecd09e9b4134ea3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/acp/acp_main.php"}, "region": {"startLine": 467}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35929, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a53a7b2de5ca6299b2cd3c3d2731a6b78dbc0a791e9835fe42d2493d78b4010", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/generate_utf_casefold.php", "duplicate_line": 75, "correlation_key": "fp|9a53a7b2de5ca6299b2cd3c3d2731a6b78dbc0a791e9835fe42d2493d78b4010"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/generate_utf_tables.php"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35928, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4717e993a04f2250f6fd8e00a6a57eec803702a2fd30d5aa3bf40b48cb2aa981", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/generate_utf_casefold.php", "duplicate_line": 75, "correlation_key": "fp|4717e993a04f2250f6fd8e00a6a57eec803702a2fd30d5aa3bf40b48cb2aa981"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/generate_utf_confusables.php"}, "region": {"startLine": 142}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35927, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1cc8165d027b387aec98b8530fe0b3e480e09037712d8cb35b99ea65eecbf044", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/export_events_for_bbcode.php", "duplicate_line": 14, "correlation_key": "fp|1cc8165d027b387aec98b8530fe0b3e480e09037712d8cb35b99ea65eecbf044"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/export_events_for_wiki.php"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35926, "scanner": "repobility-ai-code-hygiene", "fingerprint": "700ad01ec22121637f7916f958826efa45d8cd9bcbb6f473373a05220b670e0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/export_events_for_rst.php", "duplicate_line": 16, "correlation_key": "fp|700ad01ec22121637f7916f958826efa45d8cd9bcbb6f473373a05220b670e0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/export_events_for_wiki.php"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35925, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3789baa892c5fab5f522b85d361b2a851a2200e35c0d6930e05a0fe0cc1376fd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/export_events_for_bbcode.php", "duplicate_line": 14, "correlation_key": "fp|3789baa892c5fab5f522b85d361b2a851a2200e35c0d6930e05a0fe0cc1376fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/export_events_for_rst.php"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35924, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cdb74e55a4655a08826e25a7c802e787e7de76b5800a749b27307e1b32e96e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/adjust_avatars.php", "duplicate_line": 86, "correlation_key": "fp|2cdb74e55a4655a08826e25a7c802e787e7de76b5800a749b27307e1b32e96e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/adjust_usernames.php"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35923, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41ae57a0d43dd9470616179ba3d3aa35e630e7051adadb9816dfc004547f5ccb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/adjust_magic_urls.php", "duplicate_line": 75, "correlation_key": "fp|41ae57a0d43dd9470616179ba3d3aa35e630e7051adadb9816dfc004547f5ccb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/adjust_uids.php"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35922, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49e42c42f2defac9f980be83314e74038e55dfd3525ca82a409a7cce447e8cd5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/adjust_sizes.php", "duplicate_line": 55, "correlation_key": "fp|49e42c42f2defac9f980be83314e74038e55dfd3525ca82a409a7cce447e8cd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/adjust_uids.php"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35921, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e24e282b827559fe2fbcba1c29733402fef3f28c8f5e2391c8082cab83ba680", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/adjust_magic_urls.php", "duplicate_line": 1, "correlation_key": "fp|8e24e282b827559fe2fbcba1c29733402fef3f28c8f5e2391c8082cab83ba680"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/adjust_smilies.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35920, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38f6463cf9b37ec42f52a9268bcb90a49c78ff296d647b04ebb57cfc9826eace", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/develop/adjust_magic_urls.php", "duplicate_line": 31, "correlation_key": "fp|38f6463cf9b37ec42f52a9268bcb90a49c78ff296d647b04ebb57cfc9826eace"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/adjust_sizes.php"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 35919, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd10ce1757fbd10462a1dcb45fa2025ba834bc043ed869e678568f7a3d5d615f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "phpBB/phpbb/db/migration/data/v310/bot_update.php", "duplicate_line": 50, "correlation_key": "fp|bd10ce1757fbd10462a1dcb45fa2025ba834bc043ed869e678568f7a3d5d615f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v33x/bot_update.php"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e20010e60b568e206afcf3be58f1bd636e374ded0f6e9c59011f200b5cb58bb", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1e20010e60b568e206afcf3be58f1bd636e374ded0f6e9c59011f200b5cb58bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/install/module/requirements/task/check_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec36c621c7e14b82ad45916b3813c390c5cf6699032403be384a3f6086c987e9", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "backup", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ec36c621c7e14b82ad45916b3813c390c5cf6699032403be384a3f6086c987e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v400/storage_backup.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c928d3f9e4c20a443bef546ec12c3586cee4e1cdef2ff362f518826d3203d75", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|3c928d3f9e4c20a443bef546ec12c3586cee4e1cdef2ff362f518826d3203d75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v400/search_backend_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "186b95cbbbc66920c32f6dcae3fa19690414d0216614af81f74277061ad9b43a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|186b95cbbbc66920c32f6dcae3fa19690414d0216614af81f74277061ad9b43a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v33x/topic_views_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35914, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09a79b880a326e60d98e6fbd61d157f0a17c50e9be3646858551259dbf7962bd", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|09a79b880a326e60d98e6fbd61d157f0a17c50e9be3646858551259dbf7962bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v33x/profilefields_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35913, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3d075cdcd284c9a1e991db995b07335a2161a58f130cc863e69d270713c4ffa", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|e3d075cdcd284c9a1e991db995b07335a2161a58f130cc863e69d270713c4ffa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v33x/profilefield_youtube_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35912, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca9c68df7148e852b9d030bf9b101d0612367424e51912970496a4bbffe4837e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ca9c68df7148e852b9d030bf9b101d0612367424e51912970496a4bbffe4837e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v33x/jquery_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35911, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4980838d9fa296cfe3684f41ac5a3a12010485b0289d2b3279dca481f9d42be3", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4980838d9fa296cfe3684f41ac5a3a12010485b0289d2b3279dca481f9d42be3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v33x/font_awesome_5_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35910, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87f4fbf2c5efc8e0fcd1f3d8c7cc04f474c3ec2d15164c21675b17da5b781e39", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|87f4fbf2c5efc8e0fcd1f3d8c7cc04f474c3ec2d15164c21675b17da5b781e39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v33x/bot_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35909, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d917190db24fb544f368ee732ed16940dbfa0d43430dce17431dd52cfbf8ed2c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d917190db24fb544f368ee732ed16940dbfa0d43430dce17431dd52cfbf8ed2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v330/jquery_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35908, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f7e5d2ef3b8967fb5e2740ad45757fbb70811cb0cc03d179cb9d915ccf381a2a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f7e5d2ef3b8967fb5e2740ad45757fbb70811cb0cc03d179cb9d915ccf381a2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v32x/jquery_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3b3e4b6f3d12d6996b830389d18680387637fb76e5e816894c85157eacf9906", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "alt", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a3b3e4b6f3d12d6996b830389d18680387637fb76e5e816894c85157eacf9906"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v320/icons_alt.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35906, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81348d8f22c965e4ba0688e105903d5257bb5c8c4daecbacbf83d4a15fa21294", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|81348d8f22c965e4ba0688e105903d5257bb5c8c4daecbacbf83d4a15fa21294"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v320/font_awesome_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35905, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9dfe48bff729b2db9beec7f9d5eed19fcf73d5f51007fc83d073a9c9e4084313", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9dfe48bff729b2db9beec7f9d5eed19fcf73d5f51007fc83d073a9c9e4084313"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v31x/style_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35904, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2fa0532248f5f1b71e7ad208269fa2cf8a2db29f7e2038048e391bb283c8d52d", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2fa0532248f5f1b71e7ad208269fa2cf8a2db29f7e2038048e391bb283c8d52d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v310/notifications_schema_fix.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9beea8727c2c19a9d9a2382666ec7deb7b18a94a85d8f7081c00c83980a49a95", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9beea8727c2c19a9d9a2382666ec7deb7b18a94a85d8f7081c00c83980a49a95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v310/mod_rewrite.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb5f584e98249be883bd7d5d971a92e377be8034b3fb52cbf9791e45013ff971", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|bb5f584e98249be883bd7d5d971a92e377be8034b3fb52cbf9791e45013ff971"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v310/jquery_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33f406b43cd4c98f8e46327b984e51036be4b147a47a6d242dc999ba1732b480", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|33f406b43cd4c98f8e46327b984e51036be4b147a47a6d242dc999ba1732b480"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/db/migration/data/v310/bot_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7f58a08600ea29ffaa0da97f7187b0d4461e3b9e68b45f3a26fe2fb8bca8fd5", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b7f58a08600ea29ffaa0da97f7187b0d4461e3b9e68b45f3a26fe2fb8bca8fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/acp/info/acp_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 35899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec2e82611dd0057123fe65b6b1c96ce71ff3ef399bc57fa1b4cf3b3c98dca004", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ec2e82611dd0057123fe65b6b1c96ce71ff3ef399bc57fa1b4cf3b3c98dca004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/acp/acp_update.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 35898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 36017, "scanner": "repobility-docker", "fingerprint": "76eda08a6c729601ce3398da3104dfbdac5a26d24bda21e5e98829c0a953d4bc", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "mcr.microsoft.com/vscode/devcontainers/base:0-${VARIANT}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|76eda08a6c729601ce3398da3104dfbdac5a26d24bda21e5e98829c0a953d4bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC039", "level": "none", "message": {"text": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 36013, "scanner": "repobility-threat-engine", "fingerprint": "d5eb3b19ffcab8422f3c9d75a78729ad32ec692d8e291c63a2a805dadec3e6ca", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC039", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d5eb3b19ffcab8422f3c9d75a78729ad32ec692d8e291c63a2a805dadec3e6ca"}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 36007, "scanner": "repobility-threat-engine", "fingerprint": "55181f5382e19d9cbd092c62d71f08d62e5052e0e8568aaaab9cc15f9bf3925f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55181f5382e19d9cbd092c62d71f08d62e5052e0e8568aaaab9cc15f9bf3925f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/utf/data/case_fold_c.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED019", "level": "none", "message": {"text": "[MINED019] Ssti Jinja From String (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 36006, "scanner": "repobility-threat-engine", "fingerprint": "dddba5a0a3c85383be29c6c449cb964bb12d8a6fab196adf619d0c2ba8a3b8ce", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dddba5a0a3c85383be29c6c449cb964bb12d8a6fab196adf619d0c2ba8a3b8ce", "aggregated_count": 3}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 36001, "scanner": "repobility-threat-engine", "fingerprint": "79d008201bddf7cf1ae6f1ba33a5899d9d19b520981806fb5e184a29948ffe82", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79d008201bddf7cf1ae6f1ba33a5899d9d19b520981806fb5e184a29948ffe82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/remove-php-end-tags.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 36000, "scanner": "repobility-threat-engine", "fingerprint": "84208b516d0064eff4aa5129e88557e20506b94186bea34f948291ab2bb5c7ad", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|84208b516d0064eff4aa5129e88557e20506b94186bea34f948291ab2bb5c7ad", "aggregated_count": 19}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 35996, "scanner": "repobility-threat-engine", "fingerprint": "431cb737ec6420bcb8c02fafa6096a4e021d2fb7f7e2cde02cb2e3f99fae43c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|431cb737ec6420bcb8c02fafa6096a4e021d2fb7f7e2cde02cb2e3f99fae43c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/assets/javascript/webpush.js"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 35995, "scanner": "repobility-threat-engine", "fingerprint": "743d20664948336f093ecfa278456e4df8f6d03b99ef8aaddcc7f1ffccfe771a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|743d20664948336f093ecfa278456e4df8f6d03b99ef8aaddcc7f1ffccfe771a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/assets/javascript/phpbb-avatars.js"}, "region": {"startLine": 202}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 35992, "scanner": "repobility-threat-engine", "fingerprint": "4a4f0807e4b2a602904c2c23d95abb6f9e09448ebf29c9e0a18b9da6a89476f2", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4a4f0807e4b2a602904c2c23d95abb6f9e09448ebf29c9e0a18b9da6a89476f2"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 35988, "scanner": "repobility-threat-engine", "fingerprint": "9c8c139140f617f7bb042c395d886fc52cd10c560e4a83e89baca87eb4c11777", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9c8c139140f617f7bb042c395d886fc52cd10c560e4a83e89baca87eb4c11777", "aggregated_count": 12}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 35987, "scanner": "repobility-threat-engine", "fingerprint": "d856bb3bf496696dc8cd51a4ccd977e04ae1880e0ec297d674dbe92e25029f6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d856bb3bf496696dc8cd51a4ccd977e04ae1880e0ec297d674dbe92e25029f6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/benchmark.php"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 35986, "scanner": "repobility-threat-engine", "fingerprint": "b9e6a088b8de856fdd6f93b3163ecc7eb523b414855a4c44b1746d8236d02ff0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b9e6a088b8de856fdd6f93b3163ecc7eb523b414855a4c44b1746d8236d02ff0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/common.php"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 35985, "scanner": "repobility-threat-engine", "fingerprint": "d2b6b0016675779809665d6cbd8d9b20f0cfa1118ea3030b554ddcca5d5572d1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d2b6b0016675779809665d6cbd8d9b20f0cfa1118ea3030b554ddcca5d5572d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/adm/style/tooltip.js"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress (and 39 more): Same pattern found in 39 additional files. Review if needed."}, "properties": {"repobilityId": 35983, "scanner": "repobility-threat-engine", "fingerprint": "a230dd0aa68d95fea0cee510a8a029ea181925e892fc3f4a90f4ce02f157461a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 39 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a230dd0aa68d95fea0cee510a8a029ea181925e892fc3f4a90f4ce02f157461a", "aggregated_count": 39}}}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 35982, "scanner": "repobility-threat-engine", "fingerprint": "ba46adcb949416aee6c84506c956d7db37286c51cd230b06e97110def8e8dc2d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba46adcb949416aee6c84506c956d7db37286c51cd230b06e97110def8e8dc2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/adjust_avatars.php"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 35981, "scanner": "repobility-threat-engine", "fingerprint": "8a9d458dbdab520fbeb1ea6976657907bf4763e8a6b60adf9ad90c9c2d6cc154", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a9d458dbdab520fbeb1ea6976657907bf4763e8a6b60adf9ad90c9c2d6cc154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/common.php"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 35980, "scanner": "repobility-threat-engine", "fingerprint": "c880124380382c7db7522931c7bc5fc981def20434dfc0a48c747a9a14351353", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c880124380382c7db7522931c7bc5fc981def20434dfc0a48c747a9a14351353"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/adm/index.php"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 35979, "scanner": "repobility-threat-engine", "fingerprint": "061f5ee271b1b5540b530f013347d241d991850db07b016e31c6556f0d67c642", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|061f5ee271b1b5540b530f013347d241d991850db07b016e31c6556f0d67c642"}}}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 36021, "scanner": "repobility-journey-contract", "fingerprint": "c422fc523234551366a294524fcf76b47c059c4038cb021e1eb751266cdaf5fe", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|45|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/styles/prosilver/template/ucp_register.html"}, "region": {"startLine": 45}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 36020, "scanner": "repobility-journey-contract", "fingerprint": "0bdccaf12058144b322f45a2ea733dd4e9c5e7a2a46e57908e4b158915fa9c83", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|14|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/adm/style/auth_provider_oauth.html"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 36016, "scanner": "repobility-threat-engine", "fingerprint": "4bd600ce833c81906d75118113e6b508ce45769f55d230129ba99b33497eda35", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(($is_multipart) ? $tmp_file : 'php://input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|360|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/plupload/plupload.php"}, "region": {"startLine": 360}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 35999, "scanner": "repobility-threat-engine", "fingerprint": "dd68c52437441d62861b2469cc847a52b4b531d7966dff33d876a7a2c36db02c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dd68c52437441d62861b2469cc847a52b4b531d7966dff33d876a7a2c36db02c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/cache/driver/memory.php"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 35998, "scanner": "repobility-threat-engine", "fingerprint": "e866d09921baa5c577a5c9232c11d5d4a27d18c3f650aeb2329ee2821f9f6dd3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e866d09921baa5c577a5c9232c11d5d4a27d18c3f650aeb2329ee2821f9f6dd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/cache/driver/base.php"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 35997, "scanner": "repobility-threat-engine", "fingerprint": "19c8257c7059323be734e1f7ce98e2b0857bf61f49b60e9b4a713b74b962d934", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|19c8257c7059323be734e1f7ce98e2b0857bf61f49b60e9b4a713b74b962d934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/benchmark.php"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 35994, "scanner": "repobility-threat-engine", "fingerprint": "806bfb98b4cca9c1093cac60d461194438a1802dd9c5f224fd3d90ddd37e7949", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.cropper.destroy();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|806bfb98b4cca9c1093cac60d461194438a1802dd9c5f224fd3d90ddd37e7949"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/assets/javascript/phpbb-avatars.js"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 35991, "scanner": "repobility-threat-engine", "fingerprint": "08fe6101d67b32a9bea01bf4f42348ba6763d5b394ab4afa44573570822d8cf3", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|08fe6101d67b32a9bea01bf4f42348ba6763d5b394ab4afa44573570822d8cf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/language/en/acp/forums.php"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 35990, "scanner": "repobility-threat-engine", "fingerprint": "26a558043dbac262e7d8e02743939ad69c8ede62fceec99969d6705c087e435a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|26a558043dbac262e7d8e02743939ad69c8ede62fceec99969d6705c087e435a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/assets/javascript/phpbb-avatars.js"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 35989, "scanner": "repobility-threat-engine", "fingerprint": "3e6df2e12aeaab8db023eeb10b97e51b4baf60259946dd4ed7eddbd807ea5797", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3e6df2e12aeaab8db023eeb10b97e51b4baf60259946dd4ed7eddbd807ea5797"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/assets/javascript/hermite.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED104", "level": "error", "message": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "properties": {"repobilityId": 35975, "scanner": "repobility-threat-engine", "fingerprint": "6e2332e4e7d49fd790cb37593f49b87626507892efded82322491ac2ff8cc402", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "chmod-777", "owasp": "A05:2021", "cwe_ids": ["CWE-732", "CWE-276"], "languages": ["shell", "bash", "dockerfile"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 0, "observations_count": 0, "ai_coder_pattern_id": 47}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e2332e4e7d49fd790cb37593f49b87626507892efded82322491ac2ff8cc402"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/setup-sphinx.sh"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `nick-fields/retry` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 35974, "scanner": "repobility-supply-chain", "fingerprint": "79f02ab7ad30cbeefeacabb54a82855d7b96d8919bc673c7ffe8163a4780c0f7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|79f02ab7ad30cbeefeacabb54a82855d7b96d8919bc673c7ffe8163a4780c0f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 632}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 35973, "scanner": "repobility-supply-chain", "fingerprint": "a21b4e7db7aba7826257eea715bfaeedd001a549385123cc7626fc70f591723a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a21b4e7db7aba7826257eea715bfaeedd001a549385123cc7626fc70f591723a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 625}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35972, "scanner": "repobility-supply-chain", "fingerprint": "8bcf4a61e136df6eec8414f9117d0ed4a30204d493bed2dab7473c73a6085a73", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8bcf4a61e136df6eec8414f9117d0ed4a30204d493bed2dab7473c73a6085a73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 526}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 35971, "scanner": "repobility-supply-chain", "fingerprint": "6848c06291092e1328d6c0830023808b3e82eb51312b377e6fb735214b3098f7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6848c06291092e1328d6c0830023808b3e82eb51312b377e6fb735214b3098f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 511}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35970, "scanner": "repobility-supply-chain", "fingerprint": "98ada5dd2229c41010df6f7d062632ce567e38a5fa654e97f96b3e1c63151677", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|98ada5dd2229c41010df6f7d062632ce567e38a5fa654e97f96b3e1c63151677"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 508}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 35969, "scanner": "repobility-supply-chain", "fingerprint": "14f61deae10bad9c543dedb138053f1377d58d1d7cb895d8eeba882162c1c35d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14f61deae10bad9c543dedb138053f1377d58d1d7cb895d8eeba882162c1c35d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 480}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35968, "scanner": "repobility-supply-chain", "fingerprint": "2dc3c0309ab926dee18a7939af3a01fba432fef0055e8b72380d826dc127ccfd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2dc3c0309ab926dee18a7939af3a01fba432fef0055e8b72380d826dc127ccfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 459}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 35967, "scanner": "repobility-supply-chain", "fingerprint": "03f0d54935d7389f08baf45ae5b66107ae0618e8f23b43b43fb67a5d907e79e6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|03f0d54935d7389f08baf45ae5b66107ae0618e8f23b43b43fb67a5d907e79e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 443}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35966, "scanner": "repobility-supply-chain", "fingerprint": "54f248263f6e27c653b1eb7a9e825ab3a01462f23a4bf074600594648daca432", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|54f248263f6e27c653b1eb7a9e825ab3a01462f23a4bf074600594648daca432"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 428}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 35965, "scanner": "repobility-supply-chain", "fingerprint": "ad4abefa5db3ac15dee303777c768ce111768f8087e799550376da5b1ffe3628", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad4abefa5db3ac15dee303777c768ce111768f8087e799550376da5b1ffe3628"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 367}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35964, "scanner": "repobility-supply-chain", "fingerprint": "f5f0d1a91d6ba9600c1b476bfaf96c34155b5e3c17a74bbebd2e62e16cde8563", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f5f0d1a91d6ba9600c1b476bfaf96c34155b5e3c17a74bbebd2e62e16cde8563"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 35963, "scanner": "repobility-supply-chain", "fingerprint": "e4d21c91a24ad6c68a77998b5a8f9fc03f355e2626cf49449550d0e8312f6796", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e4d21c91a24ad6c68a77998b5a8f9fc03f355e2626cf49449550d0e8312f6796"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 330}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35962, "scanner": "repobility-supply-chain", "fingerprint": "66aa528851e35b51f460ca412134227729bad0d8b3626258a29c8ae8af273f5d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|66aa528851e35b51f460ca412134227729bad0d8b3626258a29c8ae8af273f5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 320}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 35961, "scanner": "repobility-supply-chain", "fingerprint": "a0d5078d5430422b797f346d470903a82e2d2e9fa5bbb697830b0d5146f13418", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a0d5078d5430422b797f346d470903a82e2d2e9fa5bbb697830b0d5146f13418"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35960, "scanner": "repobility-supply-chain", "fingerprint": "7f0a95fe475d2f447397631fba09734fad67bae17f1e02384d0252527770d4dc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f0a95fe475d2f447397631fba09734fad67bae17f1e02384d0252527770d4dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 35959, "scanner": "repobility-supply-chain", "fingerprint": "92b8d9ac27bad2f8fbeed434b904d57a9a9010489d12b9a50ea18b7ee634ddd2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92b8d9ac27bad2f8fbeed434b904d57a9a9010489d12b9a50ea18b7ee634ddd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35958, "scanner": "repobility-supply-chain", "fingerprint": "e513e906f525d26fe2708e365aadcced0e29bbae77167f0f2fa9c2b243cf15f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e513e906f525d26fe2708e365aadcced0e29bbae77167f0f2fa9c2b243cf15f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35957, "scanner": "repobility-supply-chain", "fingerprint": "49ded12f23fd6bd54c4e6f3386e6f01c9f337c4e2fed630e54ffd0e5069f47fc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49ded12f23fd6bd54c4e6f3386e6f01c9f337c4e2fed630e54ffd0e5069f47fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 35956, "scanner": "repobility-supply-chain", "fingerprint": "5a4f418113c38744db72383e3722a541e9db43d86d1b5bcb0dd5d92fa92d454b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a4f418113c38744db72383e3722a541e9db43d86d1b5bcb0dd5d92fa92d454b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35955, "scanner": "repobility-supply-chain", "fingerprint": "7146f52f2cb0b596a711ed876ea90923df8e8cb5d064df129db72988b065e483", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7146f52f2cb0b596a711ed876ea90923df8e8cb5d064df129db72988b065e483"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35954, "scanner": "repobility-supply-chain", "fingerprint": "3b3b0076594327ae45631472c3ec1315151911821a6d03ae9606d4707e2f4046", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b3b0076594327ae45631472c3ec1315151911821a6d03ae9606d4707e2f4046"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/merge_3.3.x_to_master.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/create-github-app-token` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 35953, "scanner": "repobility-supply-chain", "fingerprint": "aa2a2479a487142de8d983ea70c3e7e5d28bc5d352d3d0be4b25f691d0b289ca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aa2a2479a487142de8d983ea70c3e7e5d28bc5d352d3d0be4b25f691d0b289ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/merge_3.3.x_to_master.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/create-or-update-comment` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 35952, "scanner": "repobility-supply-chain", "fingerprint": "02b7d32317f3a280797525c4b848568f1f2c8b78172b63d42d2bcc46bdd93023", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|02b7d32317f3a280797525c4b848568f1f2c8b78172b63d42d2bcc46bdd93023"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check_merge_to_master.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/find-comment` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 35951, "scanner": "repobility-supply-chain", "fingerprint": "3e8a3d0658f024ca4761787d464b6f17d28fe0bc8828a9254b3da357a2ee28af", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e8a3d0658f024ca4761787d464b6f17d28fe0bc8828a9254b3da357a2ee28af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check_merge_to_master.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 35950, "scanner": "repobility-supply-chain", "fingerprint": "e1ae2920035aa72ba978739783397faef12b1a57e3a62967afdd3b313698a12b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e1ae2920035aa72ba978739783397faef12b1a57e3a62967afdd3b313698a12b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check_merge_to_master.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `mcr.microsoft.com/vscode/devcontainers/base:0-` not pinned by digest"}, "properties": {"repobilityId": 35949, "scanner": "repobility-supply-chain", "fingerprint": "37b4f9fbfd2088ab732948bb0d0dc2e894ab8cc86f0201867cc68bbc1ebbe893", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|37b4f9fbfd2088ab732948bb0d0dc2e894ab8cc86f0201867cc68bbc1ebbe893"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC039", "level": "error", "message": {"text": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest: Single-pass digest of a password is cryptographically strong as a hash, but is rainbow-table-attackable when used for passwords: there's no salt and no key-stretching. Attackers with the hash database can crack 90%+ of common passwords offline in hours. CWE-916 (use of password hash without computational effort)."}, "properties": {"repobilityId": 36012, "scanner": "repobility-threat-engine", "fingerprint": "19bb278cf0371145feb34276cb6fc394380c3b20771bc0ce1733c538a4266ad1", "category": "crypto", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hash($password", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC039", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|61|sec039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/passwords/driver/bcrypt.php"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC039", "level": "error", "message": {"text": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest: Single-pass digest of a password is cryptographically strong as a hash, but is rainbow-table-attackable when used for passwords: there's no salt and no key-stretching. Attackers with the hash database can crack 90%+ of common passwords offline in hours. CWE-916 (use of password hash without computational effort)."}, "properties": {"repobilityId": 36011, "scanner": "repobility-threat-engine", "fingerprint": "c8b57f134ef98c399f958264f1e2e2b963e5e629a72a83bf3cc489d5b4452140", "category": "crypto", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hash($password", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC039", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|55|sec039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/passwords/driver/base_native.php"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC039", "level": "error", "message": {"text": "[SEC039] Plaintext-equivalent password hash \u2014 unsalted single-pass digest: Single-pass digest of a password is cryptographically strong as a hash, but is rainbow-table-attackable when used for passwords: there's no salt and no key-stretching. Attackers with the hash database can crack 90%+ of common passwords offline in hours. CWE-916 (use of password hash without computational effort)."}, "properties": {"repobilityId": 36010, "scanner": "repobility-threat-engine", "fingerprint": "0157fe47fda467ba55d7822dbb20c0157f4ebd1de1ef0533bfcdc9f14ddc9c7e", "category": "crypto", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hash($password", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC039", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|201|sec039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/auth/provider/db.php"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 36005, "scanner": "repobility-threat-engine", "fingerprint": "3fab100266f8d12f10e9facb79bb937899c67302c52ed4cad484193e1a7e8870", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3fab100266f8d12f10e9facb79bb937899c67302c52ed4cad484193e1a7e8870"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/phpbb/console/command/user/activate.php"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 36004, "scanner": "repobility-threat-engine", "fingerprint": "1933befc2a23e4922a1bf4ec554d98c36389349c6de0a60c0c1191a00c817d58", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1933befc2a23e4922a1bf4ec554d98c36389349c6de0a60c0c1191a00c817d58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/ucp/ucp_resend.php"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 36003, "scanner": "repobility-threat-engine", "fingerprint": "95dc3075f2e3b23d57f07e38015aa397b393eb3e81bd0e403c5c129a8194890d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|95dc3075f2e3b23d57f07e38015aa397b393eb3e81bd0e403c5c129a8194890d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/includes/ucp/ucp_activate.php"}, "region": {"startLine": 143}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 35978, "scanner": "repobility-threat-engine", "fingerprint": "8ab5e55bd14417f5e367bd48971a3826079f14ce6888d92860ad0334d0d48a61", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require($phpbb_root_path", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ab5e55bd14417f5e367bd48971a3826079f14ce6888d92860ad0334d0d48a61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/develop/add_permissions.php"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 35977, "scanner": "repobility-threat-engine", "fingerprint": "ed4c332dfd5479230ebadd002a6eaf76fcd1d3298c20e59c06a89f4358bf808f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require($phpbb_root_path", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ed4c332dfd5479230ebadd002a6eaf76fcd1d3298c20e59c06a89f4358bf808f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/common.php"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 35976, "scanner": "repobility-threat-engine", "fingerprint": "9312a578e82206fb26e79d191723233c3c0af525b7e34683bd811aae71d4850a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require($phpbb_root_path", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9312a578e82206fb26e79d191723233c3c0af525b7e34683bd811aae71d4850a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "phpBB/adm/index.php"}, "region": {"startLine": 22}}}]}]}]}