{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC119", "name": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbo", "shortDescription": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "fullDescription": {"text": "Use 0600 (owner rw only) for secrets, 0644 for general files, 0700 for directories with secrets. Java: `setReadable(true, true)` (owner-only)."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `compute_explicitly_installed_package_names` has cognitive complexity 12 (", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `compute_explicitly_installed_package_names` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 12."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `docusaurus-plugin-internaldocs-fb` is minor version(s) behind (1.19.3 -> 1.20.0)", "shortDescription": {"text": "npm package `docusaurus-plugin-internaldocs-fb` is minor version(s) behind (1.19.3 -> 1.20.0)"}, "fullDescription": {"text": "`docusaurus-plugin-internaldocs-fb` is pinned/resolved at 1.19.3 but the latest stable release on the npm registry is 1.20.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 55 more): Same pattern found in 55 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 55 more): Same pattern found in 55 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/deploy-pages` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `actions/deploy-pages` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: actions/deploy-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_has_inside_re_worker", "shortDescription": {"text": "Phantom test coverage: test_has_inside_re_worker"}, "fullDescription": {"text": "Test function `test_has_inside_re_worker` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._path_exists` used but never assigned in __init__", "shortDescription": {"text": "`self._path_exists` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_strip_whiteout` of class `PathFilteringTest` reads `self._path_exists`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "Blocking call `time.sleep` inside async function `async_retry_fn`", "shortDescription": {"text": "Blocking call `time.sleep` inside async function `async_retry_fn`"}, "fullDescription": {"text": "`time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1108"}, "properties": {"repository": "facebookincubator/antlir", "repoUrl": "https://github.com/facebookincubator/antlir", "branch": "main"}, "results": [{"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 109540, "scanner": "repobility-threat-engine", "fingerprint": "a2f5a47769e23a5fec2407218e9ad7bad66b4a333e45f69861d6a92ecf61143d", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.chmod(td / name, 0o755)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|antlir/fs_utils.py|248|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/fs_utils.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 109524, "scanner": "repobility-threat-engine", "fingerprint": "51d34b053f148935b53a354109e939024976f7faecac9696380e96ae9363c393", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|51d34b053f148935b53a354109e939024976f7faecac9696380e96ae9363c393"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/resolve.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 109502, "scanner": "repobility-threat-engine", "fingerprint": "0cce8a626745783acd1bfeb60c847c0200398f63f9eed482d6ebdaeb756ea9ed", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|147|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/container_subtarget/src/main.rs"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 109501, "scanner": "repobility-threat-engine", "fingerprint": "d3f24b719957f37eb1d09a40bc3866d5f43c22afb5a24bd72e167ba83ec725c5", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|93|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_isolate/isolate_unshare/isolate_unshare_preexec/src/pid1.rs"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 109482, "scanner": "repobility-ast-engine", "fingerprint": "82cdf04949cc40b4db3f1ceedf0c4473a54e6ddecfeb65cbe06f77863e1a0f0e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82cdf04949cc40b4db3f1ceedf0c4473a54e6ddecfeb65cbe06f77863e1a0f0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/bzl/linux/tests/test_os_release.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 109477, "scanner": "repobility-ast-engine", "fingerprint": "b4d935ba788fa40fe4040604ca3d8136bfc0602a708bcbe8d585d18d8c7f34eb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4d935ba788fa40fe4040604ca3d8136bfc0602a708bcbe8d585d18d8c7f34eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/rpm/resolve.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `compute_explicitly_installed_package_names` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, for=1, if=3, nested_bonus=5."}, "properties": {"repobilityId": 109519, "scanner": "repobility-threat-engine", "fingerprint": "b57222c0de019b7e4d269d4e0c3b5a2a54be8ea5510f81b90acfb9825af86adb", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "compute_explicitly_installed_package_names", "breakdown": {"if": 3, "for": 1, "elif": 1, "else": 2, "nested_bonus": 5}, "complexity": 12, "correlation_key": "fp|b57222c0de019b7e4d269d4e0c3b5a2a54be8ea5510f81b90acfb9825af86adb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/rpm/antlir2_features_rpm_common.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 109507, "scanner": "repobility-threat-engine", "fingerprint": "d64d44f35a2d9b0c1d5661203717d5a0cdaca0dcf3d632a19aa793f984823b03", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(parent_status):\n                shutil.copy2(parent_status, status_path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d64d44f35a2d9b0c1d5661203717d5a0cdaca0dcf3d632a19aa793f984823b03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/resolve.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 109506, "scanner": "repobility-threat-engine", "fingerprint": "930ff31a47936dc15533a8b8232dab93caa1d30917356734e9624a9f28f6737a", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(status_path):\n        with open(status_path, \"w", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|930ff31a47936dc15533a8b8232dab93caa1d30917356734e9624a9f28f6737a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/driver.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `docusaurus-plugin-internaldocs-fb` is minor version(s) behind (1.19.3 -> 1.20.0)"}, "properties": {"repobilityId": 109492, "scanner": "repobility-dependency-currency", "fingerprint": "392bc1e0eb9c79f6fbe7d8716abe7f5e13ddf6a5465df5f3c60fd9f8f23664c1", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "docusaurus-plugin-internaldocs-fb", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.20.0", "correlation_key": "fp|392bc1e0eb9c79f6fbe7d8716abe7f5e13ddf6a5465df5f3c60fd9f8f23664c1", "current_version": "1.19.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/docs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109443, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d028f357eef6bacdf1579b170ed810f41996cd15944399c7c11f83e5e477e291", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/bzl/shape2/bzl2ir.rs", "duplicate_line": 41, "correlation_key": "fp|d028f357eef6bacdf1579b170ed810f41996cd15944399c7c11f83e5e477e291"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/bzl/starlark_unittest/src/starlark_unittest.rs"}, "region": {"startLine": 191}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109442, "scanner": "repobility-ai-code-hygiene", "fingerprint": "228dabe07b90f943f045852dd9748594ddac31e9a96649adb9c451ff45cfb143", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/testing/image_test/src/container.rs", "duplicate_line": 1, "correlation_key": "fp|228dabe07b90f943f045852dd9748594ddac31e9a96649adb9c451ff45cfb143"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/testing/image_test/src/spawn.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109441, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f163a20963bf38e7b1b077868504be6a05e0556f0cc001cf5a85aca90d009fac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_btrfs/delete.rs", "duplicate_line": 11, "correlation_key": "fp|f163a20963bf38e7b1b077868504be6a05e0556f0cc001cf5a85aca90d009fac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/testing/image_rpms_test/src/main.rs"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109440, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b88b2b22d1cf8ffa0c4c1ed35b6c764d0cb1bc38ee0e658f29cf2f932c07f35f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/features/install/install.rs", "duplicate_line": 161, "correlation_key": "fp|b88b2b22d1cf8ffa0c4c1ed35b6c764d0cb1bc38ee0e658f29cf2f932c07f35f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/testing/image_diff_test/src/file_entry.rs"}, "region": {"startLine": 198}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109439, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45dd68c3e227a05932b87213d794ab8525b710b2698a73717e33687b6fce926f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/test_images/package/docker_archive/test.py", "duplicate_line": 31, "correlation_key": "fp|45dd68c3e227a05932b87213d794ab8525b710b2698a73717e33687b6fce926f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109438, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49911968c38aa8afe96dde90de9723ba338ab359c5e8def6c2c66a20b5b51d72", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/test_images/package/ext3/stub.rs", "duplicate_line": 8, "correlation_key": "fp|49911968c38aa8afe96dde90de9723ba338ab359c5e8def6c2c66a20b5b51d72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/ext4/stub.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109437, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c9541b8bb76f2e7ec359b4a70ef39c546659fe80d0bb8b2aab47effc8d134ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/package_managers/snapshot/metadata/src/main.rs", "duplicate_line": 30, "correlation_key": "fp|1c9541b8bb76f2e7ec359b4a70ef39c546659fe80d0bb8b2aab47effc8d134ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/snapshot/snapshot/src/main.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109436, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ce5cfe7c9af3d3b53990ac7b81ef8575c72b25ff0edfda0372bb0f21e639792", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/genrule_in_image/src/main.rs", "duplicate_line": 29, "correlation_key": "fp|5ce5cfe7c9af3d3b53990ac7b81ef8575c72b25ff0edfda0372bb0f21e639792"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/hoist/hoist.rs"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109435, "scanner": "repobility-ai-code-hygiene", "fingerprint": "af7c4ccbb3715e142407ca78075f1918c1bd1da8cac6700512390f992d55394d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/features/apt/apt.rs", "duplicate_line": 26, "correlation_key": "fp|af7c4ccbb3715e142407ca78075f1918c1bd1da8cac6700512390f992d55394d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/rpm/rpm.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109434, "scanner": "repobility-ai-code-hygiene", "fingerprint": "36ed5a26050dfbbaf979da290e31e5fc54e497fbd9f94d9d4c597b3fc019180a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/features/rpm/driver.py", "duplicate_line": 159, "correlation_key": "fp|36ed5a26050dfbbaf979da290e31e5fc54e497fbd9f94d9d4c597b3fc019180a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/rpm/resolve.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109433, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e100804a90c2aaa55d86a69e265a54aab4f141efe931e196e7cc86eb26742b1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_users/src/passwd.rs", "duplicate_line": 6, "correlation_key": "fp|9e100804a90c2aaa55d86a69e265a54aab4f141efe931e196e7cc86eb26742b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_users/src/shadow.rs"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109432, "scanner": "repobility-ai-code-hygiene", "fingerprint": "027caeec3348ba62e0570b168635941def374d511d36e52aba493b0263324db4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_users/src/group.rs", "duplicate_line": 1, "correlation_key": "fp|027caeec3348ba62e0570b168635941def374d511d36e52aba493b0263324db4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_users/src/shadow.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b888bb006079ae279b153f2f08c92d481ef3672badffd74cb7f5ea247353f92", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_users/src/group.rs", "duplicate_line": 65, "correlation_key": "fp|6b888bb006079ae279b153f2f08c92d481ef3672badffd74cb7f5ea247353f92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_users/src/passwd.rs"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f62122c01d5ebcd8612cfaa9eb4250f3b5f68655e7ade03b67010f22b027982", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_btrfs/delete.rs", "duplicate_line": 11, "correlation_key": "fp|3f62122c01d5ebcd8612cfaa9eb4250f3b5f68655e7ade03b67010f22b027982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_receive/src/main.rs"}, "region": {"startLine": 202}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d0cab67e7bb0e4e3f54cc16370c886f967c59d593e622bfb929afeab7f09b2b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_packager/src/cpio.rs", "duplicate_line": 1, "correlation_key": "fp|d0cab67e7bb0e4e3f54cc16370c886f967c59d593e622bfb929afeab7f09b2b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_packager/src/vfat.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "afd57c9148cfdefc35e92028401c4d881a225e17e9454acc0fc3823f63cd3228", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_packager/src/cpio.rs", "duplicate_line": 1, "correlation_key": "fp|afd57c9148cfdefc35e92028401c4d881a225e17e9454acc0fc3823f63cd3228"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_packager/src/tar.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35959f466bbd9ad0e5e2df793e70f14c075c121c40f9028130248005a158f42b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_packager/src/sendstream/userspace/writer.rs", "duplicate_line": 1, "correlation_key": "fp|35959f466bbd9ad0e5e2df793e70f14c075c121c40f9028130248005a158f42b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_packager/src/sendstream/writer.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "17c91448bbdaa98aeb4959a8b7f27ba73a17bb2581b02593bf58d157a5c5f757", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_packager/src/sendstream/tlv.rs", "duplicate_line": 3, "correlation_key": "fp|17c91448bbdaa98aeb4959a8b7f27ba73a17bb2581b02593bf58d157a5c5f757"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_packager/src/sendstream/userspace/tlv.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d4c75898fa388a01d709f763b97354b9f5d7c5ee336af77841f59329805ffd8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_packager/src/ext3.rs", "duplicate_line": 1, "correlation_key": "fp|9d4c75898fa388a01d709f763b97354b9f5d7c5ee336af77841f59329805ffd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_packager/src/ext4.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "022819952099d838fb71bf5ffbe5cd035d93139a55b18728cf0c02f4061885ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "antlir/antlir2/antlir2_btrfs/delete.rs", "duplicate_line": 9, "correlation_key": "fp|022819952099d838fb71bf5ffbe5cd035d93139a55b18728cf0c02f4061885ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_isolate/main.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 109537, "scanner": "repobility-threat-engine", "fingerprint": "131c9bca012f0e222d4aeb23effd77291d8bb2be2a3c37b3e92e5d99f24a8590", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|131c9bca012f0e222d4aeb23effd77291d8bb2be2a3c37b3e92e5d99f24a8590"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/dnf/snapshot/targets_from_upstream/targets_from_upstream.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 109536, "scanner": "repobility-threat-engine", "fingerprint": "58c4da94b9afa5e01231817b007f3565b1e41c81ffd2047d0b8bd42d1b51c56a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|58c4da94b9afa5e01231817b007f3565b1e41c81ffd2047d0b8bd42d1b51c56a", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 109530, "scanner": "repobility-threat-engine", "fingerprint": "39b3a26f786f286da3b077a32a74779fd944d827d8df2850b92516558e876f86", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|39b3a26f786f286da3b077a32a74779fd944d827d8df2850b92516558e876f86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/dnf/rules/makerepo/src/makerepo.rs"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 109527, "scanner": "repobility-threat-engine", "fingerprint": "919e01cdfa4d883a34934ae9ada656c83f8999a9a5f5f4865026641c781f5c10", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|919e01cdfa4d883a34934ae9ada656c83f8999a9a5f5f4865026641c781f5c10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/freeze.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 109526, "scanner": "repobility-threat-engine", "fingerprint": "8d0c85c1d9a5bdb9d9fd3a6d71733e7cbd33dbb70c28cb811470b38df299f9a5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d0c85c1d9a5bdb9d9fd3a6d71733e7cbd33dbb70c28cb811470b38df299f9a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/dnf/build_appliance/antlir2_dnf_base.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 109525, "scanner": "repobility-threat-engine", "fingerprint": "1233cd788e68e31e8a8ebab6243d32b7b10535defe92f86305e45e040c08114f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1233cd788e68e31e8a8ebab6243d32b7b10535defe92f86305e45e040c08114f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/rpm/antlir2_features_rpm_common.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 109520, "scanner": "repobility-threat-engine", "fingerprint": "7195ad2ed9d17b05fb3343deb30e489e47b88806e32e44e36b1ae21ff4fb7c7d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 25, "for": 9, "elif": 2, "else": 1, "break": 2, "except": 3, "continue": 2, "nested_bonus": 89}, "aggregated": true, "complexity": 133, "correlation_key": "fp|7195ad2ed9d17b05fb3343deb30e489e47b88806e32e44e36b1ae21ff4fb7c7d", "aggregated_count": 6}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 109516, "scanner": "repobility-threat-engine", "fingerprint": "8d273929097f3600de4919151327462b3263663014b4fd6ee315a64245120d9c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d273929097f3600de4919151327462b3263663014b4fd6ee315a64245120d9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/driver.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 109515, "scanner": "repobility-threat-engine", "fingerprint": "65bcd7f326bc59f8b4437e46d4ab6a55a7a5b15fd03b0952dee24ac035ca5b3d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|65bcd7f326bc59f8b4437e46d4ab6a55a7a5b15fd03b0952dee24ac035ca5b3d", "aggregated_count": 5}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 109514, "scanner": "repobility-threat-engine", "fingerprint": "0c31c6d077e028a3a0e0b383699081538ae7b115ef8d751c9c1464bcecebd4a4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c31c6d077e028a3a0e0b383699081538ae7b115ef8d751c9c1464bcecebd4a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/rpm/antlir2_features_rpm_common.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 109513, "scanner": "repobility-threat-engine", "fingerprint": "5ba862df317cd42e86dcc0f87afccfa0e55fd4a65474dc130d7e285894ce0616", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5ba862df317cd42e86dcc0f87afccfa0e55fd4a65474dc130d7e285894ce0616"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/resolve.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 109512, "scanner": "repobility-threat-engine", "fingerprint": "fd96d162bfc02e500b3a95d0a6a658de5b80eaa573abb90addec33499f9516b8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd96d162bfc02e500b3a95d0a6a658de5b80eaa573abb90addec33499f9516b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/driver.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 109511, "scanner": "repobility-threat-engine", "fingerprint": "3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "aggregated_count": 1}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 109505, "scanner": "repobility-threat-engine", "fingerprint": "43e259c0dc51c0d5280f1d2f14c45756425b6ca4d04244f9f92e6f394e52f30b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|43e259c0dc51c0d5280f1d2f14c45756425b6ca4d04244f9f92e6f394e52f30b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/docs/src/components/HomepageFeatures.js"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 109504, "scanner": "repobility-threat-engine", "fingerprint": "6a80cb982d35b90200e89bc243546ed62ab2ebe87260335d3fdc505b93b8b21a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a80cb982d35b90200e89bc243546ed62ab2ebe87260335d3fdc505b93b8b21a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/cfg/os/test.rs"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 109503, "scanner": "repobility-threat-engine", "fingerprint": "ab5bb660786c3a7db2eb804bf79a6f1bae145a82b6024d6b0bc86e86bfc5bdbd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ab5bb660786c3a7db2eb804bf79a6f1bae145a82b6024d6b0bc86e86bfc5bdbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_rootless/unshare_userns/src/lib.rs"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 109500, "scanner": "repobility-threat-engine", "fingerprint": "f9d07b0c7ffad02db1f740a230b292fea409ad3be0b2aa27fc089cb7ccf130eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f9d07b0c7ffad02db1f740a230b292fea409ad3be0b2aa27fc089cb7ccf130eb", "aggregated_count": 4}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 109499, "scanner": "repobility-threat-engine", "fingerprint": "a4fecae34725f0c5747b606b1172462a9085c51e57cb9389ddf0164aa9ceaae6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a4fecae34725f0c5747b606b1172462a9085c51e57cb9389ddf0164aa9ceaae6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_isolate/isolate_unshare/isolate_unshare_preexec/src/new_mount_api.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 109498, "scanner": "repobility-threat-engine", "fingerprint": "8bcb097cc10437eddfa59bd39558904e21967d394bcb913009016f77567b7a14", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8bcb097cc10437eddfa59bd39558904e21967d394bcb913009016f77567b7a14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_isolate/isolate_unshare/isolate_unshare_preexec/src/net.rs"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 109497, "scanner": "repobility-threat-engine", "fingerprint": "2469b8122465372badc7a1cfad7f03d9648e4db902e52b68ec3f3676be71b55b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2469b8122465372badc7a1cfad7f03d9648e4db902e52b68ec3f3676be71b55b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_features/src/plugin.rs"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 55 more): Same pattern found in 55 additional files. Review if needed."}, "properties": {"repobilityId": 109496, "scanner": "repobility-threat-engine", "fingerprint": "251c7443acf1495a8714ec48c39bd505517026fc72ba74ac9f0ed0bef6778554", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 55 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|251c7443acf1495a8714ec48c39bd505517026fc72ba74ac9f0ed0bef6778554", "aggregated_count": 55}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 109495, "scanner": "repobility-threat-engine", "fingerprint": "bb1b0cc3d4a13dd5aba572082de00dae333c245477b7caa258fa9f27bdc0c9cb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb1b0cc3d4a13dd5aba572082de00dae333c245477b7caa258fa9f27bdc0c9cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_depgraph/src/resolve.rs"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 109494, "scanner": "repobility-threat-engine", "fingerprint": "c709c6fbde9269e37333bcb54ac2ea656e42e82edfa44b4e62269ea31e9159b3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c709c6fbde9269e37333bcb54ac2ea656e42e82edfa44b4e62269ea31e9159b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_compile/src/lib.rs"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 109493, "scanner": "repobility-threat-engine", "fingerprint": "2d2dcbe6b1e4afd9d618e5781779f7e30d6719c5d1f89b1fb180bb93d14013de", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d2dcbe6b1e4afd9d618e5781779f7e30d6719c5d1f89b1fb180bb93d14013de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/antlir2_change_stream/src/iter.rs"}, "region": {"startLine": 51}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@mdx-js/react` is patch version(s) behind (^3.1.0 -> 3.1.1)"}, "properties": {"repobilityId": 109491, "scanner": "repobility-dependency-currency", "fingerprint": "6c5164faa8dcfc89e827c4d46b88bb875f3f800064d7b68d103f0a06c224b4d8", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@mdx-js/react", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.1.1", "correlation_key": "fp|6c5164faa8dcfc89e827c4d46b88bb875f3f800064d7b68d103f0a06c224b4d8", "current_version": "^3.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/docs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 109539, "scanner": "repobility-threat-engine", "fingerprint": "12048864b9fbe286b17dd01483550911ee246ae58c1fbd5dbdd5dad422e65577", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"\\bsize\\s+(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|47|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/btrfs/test.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 109538, "scanner": "repobility-threat-engine", "fingerprint": "292ecc278aa4003543ab9b7d8b8a5f367ac203b853da958a0139ede9f38d724a", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(&self.input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|33|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/snapshot/metadata/src/decompress.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 109535, "scanner": "repobility-threat-engine", "fingerprint": "d921e44358949231f3418241f31275bf9579ba31bac9d1fc97b82f19a88d1d91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d921e44358949231f3418241f31275bf9579ba31bac9d1fc97b82f19a88d1d91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/snapshot/metadata/src/generate/deb/inrelease.rs"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 109534, "scanner": "repobility-threat-engine", "fingerprint": "8684947bc8b443b8008e51f1d2fa5d3a7d9ce11cef205c1a6c99bf150d9a746a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8684947bc8b443b8008e51f1d2fa5d3a7d9ce11cef205c1a6c99bf150d9a746a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/snapshot/common/src/checksums.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 109533, "scanner": "repobility-threat-engine", "fingerprint": "b381ea2e127d970f9c170487de183eade6c526743749f4c99b75bc39d489cb1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b381ea2e127d970f9c170487de183eade6c526743749f4c99b75bc39d489cb1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/dnf/snapshot/targets_from_upstream/targets_from_upstream.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 109532, "scanner": "repobility-threat-engine", "fingerprint": "aff03536d7edbcdb22cfc6cfe2d904c89be98dede63cc173673a2ea1636c2697", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aff03536d7edbcdb22cfc6cfe2d904c89be98dede63cc173673a2ea1636c2697"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/dnf/snapshot/targets_from_upstream/targets_from_upstream.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 109531, "scanner": "repobility-threat-engine", "fingerprint": "d9e94338435168e61605bd1747d2af4e6ed93159194102eb960ef3f35096f2a7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(urljoin(base_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d9e94338435168e61605bd1747d2af4e6ed93159194102eb960ef3f35096f2a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/dnf/snapshot/targets_from_upstream/targets_from_upstream.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 109529, "scanner": "repobility-threat-engine", "fingerprint": "4289085a982c810c14f5ebcee93fbd8909a0aa9ffb3a13e881d8d1deb9d42750", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4289085a982c810c14f5ebcee93fbd8909a0aa9ffb3a13e881d8d1deb9d42750"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/sendstream_parser/src/wire/tlv.rs"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 109528, "scanner": "repobility-threat-engine", "fingerprint": "060e52da891ee7396f3e0b17617aec0b1a05a8caa6908317560f47f057c5f0d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|060e52da891ee7396f3e0b17617aec0b1a05a8caa6908317560f47f057c5f0d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/symlink/symlink.rs"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 109523, "scanner": "repobility-threat-engine", "fingerprint": "696a4904840be93ed2f8fddf896a13d1bb06fcbb22915e9052533388f9ce1d19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "sha1_hasher.update(&buf[..n]);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|696a4904840be93ed2f8fddf896a13d1bb06fcbb22915e9052533388f9ce1d19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/snapshot/common/src/checksums.rs"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 109522, "scanner": "repobility-threat-engine", "fingerprint": "b4ed9e1b5e4660862599bf4e9a6aa81672f71525cf3d7b4eba3ea4eb33e9bca5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.hasher.update(&buf[..n]);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b4ed9e1b5e4660862599bf4e9a6aa81672f71525cf3d7b4eba3ea4eb33e9bca5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/package_managers/dnf/rules/makerepo/src/makerepo.rs"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 109521, "scanner": "repobility-threat-engine", "fingerprint": "974b56f1ca913f34416768669abcf63c697eba2f5eaa902156ea00878ed28ad8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "cache.update()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|974b56f1ca913f34416768669abcf63c697eba2f5eaa902156ea00878ed28ad8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/resolve.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 76 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, continue=4, elif=4, else=2, except=3, for=4, if=18, nested_bonus=37, ternary=3."}, "properties": {"repobilityId": 109518, "scanner": "repobility-threat-engine", "fingerprint": "643fd3694cdb6b92f46454ddc605f7ebb33cdab610c373d02e019ab100a914dd", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 76 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 18, "and": 1, "for": 4, "elif": 4, "else": 2, "except": 3, "ternary": 3, "continue": 4, "nested_bonus": 37}, "complexity": 76, "correlation_key": "fp|643fd3694cdb6b92f46454ddc605f7ebb33cdab610c373d02e019ab100a914dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/resolve.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 133 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, continue=2, elif=2, else=1, except=3, for=9, if=25, nested_bonus=89."}, "properties": {"repobilityId": 109517, "scanner": "repobility-threat-engine", "fingerprint": "d0e5e310f1a803a40ee0f17475ac989065bac31145d8d342c17247f2d283442a", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 133 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 25, "for": 9, "elif": 2, "else": 1, "break": 2, "except": 3, "continue": 2, "nested_bonus": 89}, "complexity": 133, "correlation_key": "fp|d0e5e310f1a803a40ee0f17475ac989065bac31145d8d342c17247f2d283442a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/driver.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 109510, "scanner": "repobility-threat-engine", "fingerprint": "7989b446788447c38d8b3173cc151de292e2ee43675dd649b672b0a1239ee7d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7989b446788447c38d8b3173cc151de292e2ee43675dd649b672b0a1239ee7d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/rpm/antlir2_features_rpm_common.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 109509, "scanner": "repobility-threat-engine", "fingerprint": "ba93a92bea0fc6e821818ad897440e9772e2143a2360ad6c61a6ea12b9b9b765", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba93a92bea0fc6e821818ad897440e9772e2143a2360ad6c61a6ea12b9b9b765"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/resolve.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 109508, "scanner": "repobility-threat-engine", "fingerprint": "9a5ac2cc6b08fe269ff28e2dd710e3cce01dd38479a5037649acdb39ec5544a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a5ac2cc6b08fe269ff28e2dd710e3cce01dd38479a5037649acdb39ec5544a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/apt/driver.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/deploy-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 109490, "scanner": "repobility-supply-chain", "fingerprint": "4e0922a9eb0e4c7ccb13f5d7425a04c8f663052613c7164cb5271a58f9de1474", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4e0922a9eb0e4c7ccb13f5d7425a04c8f663052613c7164cb5271a58f9de1474"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-pages-artifact` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 109489, "scanner": "repobility-supply-chain", "fingerprint": "855960d91452bc187523cf9e54ca28188b1fa92b656a63f812d8042f12629d43", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|855960d91452bc187523cf9e54ca28188b1fa92b656a63f812d8042f12629d43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 109488, "scanner": "repobility-supply-chain", "fingerprint": "5c88975b3ae0d1b38de74f5cb6db8fc53855de0fe1b302a533be5a5105776517", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5c88975b3ae0d1b38de74f5cb6db8fc53855de0fe1b302a533be5a5105776517"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `facebook/install-dotslash` pinned to mutable ref `@latest`"}, "properties": {"repobilityId": 109487, "scanner": "repobility-supply-chain", "fingerprint": "d384696f061140f2d6cfc9b9cd0e6dd11ca0c5b8a788888ff2906e117d267608", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d384696f061140f2d6cfc9b9cd0e6dd11ca0c5b8a788888ff2906e117d267608"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 109486, "scanner": "repobility-supply-chain", "fingerprint": "3f6990704f2023c5ae6a3ba6121ee53af7feaf4b709367af1110bb91f78d22a4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3f6990704f2023c5ae6a3ba6121ee53af7feaf4b709367af1110bb91f78d22a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 109485, "scanner": "repobility-supply-chain", "fingerprint": "48d1e2005c51e6948f31aa23bb8583b8322110221f9eea3eb8c16ca59d55deb7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|48d1e2005c51e6948f31aa23bb8583b8322110221f9eea3eb8c16ca59d55deb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `facebook/install-dotslash` pinned to mutable ref `@latest`"}, "properties": {"repobilityId": 109484, "scanner": "repobility-supply-chain", "fingerprint": "6d7470a48106732a2d26e577caba7767cb2d1cacaec6db1a7376e2ce5175c341", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d7470a48106732a2d26e577caba7767cb2d1cacaec6db1a7376e2ce5175c341"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 109483, "scanner": "repobility-supply-chain", "fingerprint": "e4a64764635909eeb29322481c5d90014e9fc5f86625c96327826fbab73bc5ec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e4a64764635909eeb29322481c5d90014e9fc5f86625c96327826fbab73bc5ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_has_inside_re_worker"}, "properties": {"repobilityId": 109481, "scanner": "repobility-ast-engine", "fingerprint": "a2f4e91f3c4fa9b30b0ffd3659cb4e32d155089c09f3879af54a7fac1ce8975e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2f4e91f3c4fa9b30b0ffd3659cb4e32d155089c09f3879af54a7fac1ce8975e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/test_only_features/build_environment/tests/test_build_environment.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_env_is_dict"}, "properties": {"repobilityId": 109480, "scanner": "repobility-ast-engine", "fingerprint": "11d4e0711477075564d192898308d13ff5eb6c21ad0a7658c7c05818c0164efa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11d4e0711477075564d192898308d13ff5eb6c21ad0a7658c7c05818c0164efa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/test_only_features/build_environment/tests/test_build_environment.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_strip_all_binary_runs"}, "properties": {"repobilityId": 109479, "scanner": "repobility-ast-engine", "fingerprint": "34875d3ea5c1fd7f982613ba008b2d155969b3510a48e9d5c4fd2a0ba4258db0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34875d3ea5c1fd7f982613ba008b2d155969b3510a48e9d5c4fd2a0ba4258db0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/install/tests/test_installed_binary.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_runs"}, "properties": {"repobilityId": 109478, "scanner": "repobility-ast-engine", "fingerprint": "12378b5c683a0bf45afd40a90b92d1006f50738bad6a02936e44f6de8207c8ff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|12378b5c683a0bf45afd40a90b92d1006f50738bad6a02936e44f6de8207c8ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/install/tests/test_installed_binary.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_named_outs_default"}, "properties": {"repobilityId": 109476, "scanner": "repobility-ast-engine", "fingerprint": "dac544904f9fde219c48ab5fc6b0aa1ad33a9ffcb96ed595748c3f280d0675cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dac544904f9fde219c48ab5fc6b0aa1ad33a9ffcb96ed595748c3f280d0675cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/genrule_in_image/tests/test.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_named_dir"}, "properties": {"repobilityId": 109475, "scanner": "repobility-ast-engine", "fingerprint": "47171d07c634d3c0015a6208b30ed44439d100852e5deae0b9c9413d8121d7ff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47171d07c634d3c0015a6208b30ed44439d100852e5deae0b9c9413d8121d7ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/genrule_in_image/tests/test.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dot_dir"}, "properties": {"repobilityId": 109474, "scanner": "repobility-ast-engine", "fingerprint": "388bc64141abe88d6ce6fea6c962814df1130d4dcb742740346f3ccbcde2d72e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|388bc64141abe88d6ce6fea6c962814df1130d4dcb742740346f3ccbcde2d72e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/genrule_in_image/tests/test.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dir"}, "properties": {"repobilityId": 109473, "scanner": "repobility-ast-engine", "fingerprint": "143216bc67efeab9587af949f600c29899dc24c0a893a8e6c9b7b98d57d99f59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|143216bc67efeab9587af949f600c29899dc24c0a893a8e6c9b7b98d57d99f59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/hoist/tests/test.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_single_file_from_multi_paths"}, "properties": {"repobilityId": 109472, "scanner": "repobility-ast-engine", "fingerprint": "2109e4e0e614fa684a87719267e9ac468f59d45e53c20d9b18bf21c23644f2f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2109e4e0e614fa684a87719267e9ac468f59d45e53c20d9b18bf21c23644f2f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/hoist/tests/test.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_single_file_rooted"}, "properties": {"repobilityId": 109471, "scanner": "repobility-ast-engine", "fingerprint": "8b884b33d65bbc1e7680ed4ba13b4d00529eef4563d2ca56a97bcc23bf2cdceb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8b884b33d65bbc1e7680ed4ba13b4d00529eef4563d2ca56a97bcc23bf2cdceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/hoist/tests/test.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_single_file_rootless"}, "properties": {"repobilityId": 109470, "scanner": "repobility-ast-engine", "fingerprint": "7c955443caeb2de22f04ca79c845c323f01ed28d7ce3f7b4abdbc78b73cfdee3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c955443caeb2de22f04ca79c845c323f01ed28d7ce3f7b4abdbc78b73cfdee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/hoist/tests/test.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path_exists` used but never assigned in __init__"}, "properties": {"repobilityId": 109469, "scanner": "repobility-ast-engine", "fingerprint": "ccafa1526b5e25747ec41b99b53a979dc1300b3b41ce04a0a328b1eb671c20c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ccafa1526b5e25747ec41b99b53a979dc1300b3b41ce04a0a328b1eb671c20c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 109468, "scanner": "repobility-ast-engine", "fingerprint": "cc803ce974a245277f1e0ad77ab9c0b1e78cf0c4245e186e14b4c149a5d86f1c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc803ce974a245277f1e0ad77ab9c0b1e78cf0c4245e186e14b4c149a5d86f1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 109467, "scanner": "repobility-ast-engine", "fingerprint": "45d63f9788827311f70442ba9c4309eb120ff734d5738e288b278893bac7bf2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45d63f9788827311f70442ba9c4309eb120ff734d5738e288b278893bac7bf2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 109466, "scanner": "repobility-ast-engine", "fingerprint": "0a645109c6646c731e39adaa133cb73f9cef9483cfa2d870eed43e7c7c7e084a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a645109c6646c731e39adaa133cb73f9cef9483cfa2d870eed43e7c7c7e084a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 109465, "scanner": "repobility-ast-engine", "fingerprint": "0557bc579e2388e63ba9afcd8f793a345392674c3bc1684cd1993d2f06548230", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0557bc579e2388e63ba9afcd8f793a345392674c3bc1684cd1993d2f06548230"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path_exists` used but never assigned in __init__"}, "properties": {"repobilityId": 109464, "scanner": "repobility-ast-engine", "fingerprint": "e92e5066be3617789fb3ea37bf092fd77a5805aa2313c194e820433afe6c90f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e92e5066be3617789fb3ea37bf092fd77a5805aa2313c194e820433afe6c90f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path_exists` used but never assigned in __init__"}, "properties": {"repobilityId": 109463, "scanner": "repobility-ast-engine", "fingerprint": "1ab1c68e1377bfc9bda9d68baee458bd471c831ada2d397562f2fc751bf3161e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ab1c68e1377bfc9bda9d68baee458bd471c831ada2d397562f2fc751bf3161e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path_exists` used but never assigned in __init__"}, "properties": {"repobilityId": 109462, "scanner": "repobility-ast-engine", "fingerprint": "b54ed8a9d61a000f076c9f5dcb6122ca2097670ca290b47b7ee77d5b58865df9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b54ed8a9d61a000f076c9f5dcb6122ca2097670ca290b47b7ee77d5b58865df9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path_exists` used but never assigned in __init__"}, "properties": {"repobilityId": 109461, "scanner": "repobility-ast-engine", "fingerprint": "2804375922a912965a5daa61ae096a256316e0b781990781fcd6221b973663e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2804375922a912965a5daa61ae096a256316e0b781990781fcd6221b973663e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path_exists` used but never assigned in __init__"}, "properties": {"repobilityId": 109460, "scanner": "repobility-ast-engine", "fingerprint": "0343f510656e6b1ed4e98f75575815edb308f7336fe0ba52e3dd23403ab2f7aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0343f510656e6b1ed4e98f75575815edb308f7336fe0ba52e3dd23403ab2f7aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 109459, "scanner": "repobility-ast-engine", "fingerprint": "7ca84aec9aec12f00bb8e0775bc992e7555230904ab3bee55e3bb9f4696dd16a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ca84aec9aec12f00bb8e0775bc992e7555230904ab3bee55e3bb9f4696dd16a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 109458, "scanner": "repobility-ast-engine", "fingerprint": "11391e1bc1270f3303266c7479954897a2b7bf18e72e44bc9f34af23f4d23641", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11391e1bc1270f3303266c7479954897a2b7bf18e72e44bc9f34af23f4d23641"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 109457, "scanner": "repobility-ast-engine", "fingerprint": "c1498f4484611fe99bd711e1d43f3c20592ca51f082897c95788a28794f78bec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1498f4484611fe99bd711e1d43f3c20592ca51f082897c95788a28794f78bec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 109456, "scanner": "repobility-ast-engine", "fingerprint": "fe11e44b1e384e42f04bee45bdc8a0b6ca37b8c41439df5e515a03a24e148ada", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe11e44b1e384e42f04bee45bdc8a0b6ca37b8c41439df5e515a03a24e148ada"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 109455, "scanner": "repobility-ast-engine", "fingerprint": "223939c230fab1f40551da4f464597700352c76a17e367513a06ec03f5cde7ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|223939c230fab1f40551da4f464597700352c76a17e367513a06ec03f5cde7ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/test_images/package/oci/test_path_filtering.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `time.sleep` inside async function `async_retry_fn`"}, "properties": {"repobilityId": 109454, "scanner": "repobility-ast-engine", "fingerprint": "7c21195d90bb54868765b8d5137e49ed30f00711a7feddd2462f22025ba2e15b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c21195d90bb54868765b8d5137e49ed30f00711a7feddd2462f22025ba2e15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/common.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._style` used but never assigned in __init__"}, "properties": {"repobilityId": 109453, "scanner": "repobility-ast-engine", "fingerprint": "41df454e205d0995bd27bf1ddec91097cb87cc4aee2e73170dc62b2048929904", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41df454e205d0995bd27bf1ddec91097cb87cc4aee2e73170dc62b2048929904"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/common.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._style` used but never assigned in __init__"}, "properties": {"repobilityId": 109452, "scanner": "repobility-ast-engine", "fingerprint": "49483f34d5a6540ac5cee55a9f9c3c6b72381aeb103ea769cc6abf8d626611be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49483f34d5a6540ac5cee55a9f9c3c6b72381aeb103ea769cc6abf8d626611be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/common.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.items` used but never assigned in __init__"}, "properties": {"repobilityId": 109451, "scanner": "repobility-ast-engine", "fingerprint": "621e1dc7d08d856f6f61616f57b03a173203ce3faaeac979fc028d2d25955c4a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|621e1dc7d08d856f6f61616f57b03a173203ce3faaeac979fc028d2d25955c4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/freeze.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decode` used but never assigned in __init__"}, "properties": {"repobilityId": 109450, "scanner": "repobility-ast-engine", "fingerprint": "c6fb32686fa17558b077b1132af5b807a7354eb7aa66f460a70a0f0c6c28cfe8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6fb32686fa17558b077b1132af5b807a7354eb7aa66f460a70a0f0c6c28cfe8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/fs_utils.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decode` used but never assigned in __init__"}, "properties": {"repobilityId": 109449, "scanner": "repobility-ast-engine", "fingerprint": "843bed907ed7c326c9e8d3367e427b4e181c96c693e7504b38a15f29cf7c08ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|843bed907ed7c326c9e8d3367e427b4e181c96c693e7504b38a15f29cf7c08ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/fs_utils.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.open` used but never assigned in __init__"}, "properties": {"repobilityId": 109448, "scanner": "repobility-ast-engine", "fingerprint": "dcc3be88a0a12d0b7a23ded44fff8b9cdcd93e5fcf73e9cf4165902df7cd59e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dcc3be88a0a12d0b7a23ded44fff8b9cdcd93e5fcf73e9cf4165902df7cd59e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/fs_utils.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.open` used but never assigned in __init__"}, "properties": {"repobilityId": 109447, "scanner": "repobility-ast-engine", "fingerprint": "2fa8118a6f3ff304ae0bf21cbd0edfde87aaf2ad49089fe8f1b6a40488b160c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2fa8118a6f3ff304ae0bf21cbd0edfde87aaf2ad49089fe8f1b6a40488b160c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/fs_utils.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.decode` used but never assigned in __init__"}, "properties": {"repobilityId": 109446, "scanner": "repobility-ast-engine", "fingerprint": "54d3e1a9bf01981ef70b504ce4e8a59e9f279adb1d5c0e69530e2537f130c7a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54d3e1a9bf01981ef70b504ce4e8a59e9f279adb1d5c0e69530e2537f130c7a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/fs_utils.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 109445, "scanner": "repobility-ast-engine", "fingerprint": "5c8cdd127a37ccc43652aaa65168723662e5704d0942cdd415279f829e9d73ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c8cdd127a37ccc43652aaa65168723662e5704d0942cdd415279f829e9d73ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/shape.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.name` used but never assigned in __init__"}, "properties": {"repobilityId": 109444, "scanner": "repobility-ast-engine", "fingerprint": "84ebe72410d5be332ea04689a61dff119d85b83c2d10ae26ce194d1cad2b7356", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84ebe72410d5be332ea04689a61dff119d85b83c2d10ae26ce194d1cad2b7356"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/shape.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 109542, "scanner": "gitleaks", "fingerprint": "3da17d3921c1fd1b390880c1d82fbbc08993dfc1d95463ed4be66974036fc1f5", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "_DEFAULT_OS_KEY = \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|_default_os_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/os/package.bzl"}, "region": {"startLine": 6}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 109541, "scanner": "gitleaks", "fingerprint": "6fb420d442a39a5cdfb675bff45bbd375f3e161ea3f83fdf9695967f6f04ca09", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|1|redacted", "duplicate_count": 4, "duplicate_rule_ids": ["private-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["23f99bf9240783f8a2771e84c709d758e67b51a335798defd74b3d721e6cade6", "5ded9f8a0fad9f032af5cb6afc1dde953e27a5fc24ba1d1e264cbc96ead081ff", "6fb420d442a39a5cdfb675bff45bbd375f3e161ea3f83fdf9695967f6f04ca09", "b9bca3cbc1fbf0abbeafb2e97ef3e24370672b5cbc8ecdf532dfcbf61841fd55", "db3dfe6c60ec9df8c10bf3d18335c40f02c2dc086c9fac9cc1d7382c1ca07470"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "antlir/antlir2/features/rpm/tests/sig/key.priv"}, "region": {"startLine": 1}}}]}]}]}