{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `yacs` has no version pin: Unpinned pip requirement means every fresh install may resolve a", "shortDescription": {"text": "[MINED124] requirements.txt: `yacs` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs"}, "fullDescription": {"text": "Replace `yacs` with `yacs==` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is ", "shortDescription": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every f"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC005", "name": "Compose service adds dangerous Linux capabilities", "shortDescription": {"text": "Compose service adds dangerous Linux capabilities"}, "fullDescription": {"text": "Drop all capabilities by default and add only narrowly required capabilities after review."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC037", "name": "[SEC037] Uncontrolled Recursion \u2014 stack/depth exhaustion: Parsing arbitrary-depth user input (XML, JSON, YAML) without a", "shortDescription": {"text": "[SEC037] Uncontrolled Recursion \u2014 stack/depth exhaustion: Parsing arbitrary-depth user input (XML, JSON, YAML) without a depth limit, or recursive function over user-controlled structure. Attacker sends `{\"a\":{\"a\":{\"a\":...10000 levels...}}}"}, "fullDescription": {"text": "Use `defusedxml.ElementTree` instead of `xml.etree.ElementTree` \u2014 it rejects deeply-nested + billion-laughs payloads.\nFor JSON: set a depth limit explicitly:\n import json\n data = json.loads(s) # then validate structure depth manually\nFor YAML: always use `yaml.safe_load`. For recursive code over user input, add an explicit depth counter and bail at depth > 100."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 16 (SonarSource scale). Cognitive comp", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `paddleocr-vlm-server` image is selected through a build variable", "shortDescription": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED079", "name": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk.", "shortDescription": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-193 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED030] Python Pickle Loads (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED081", "name": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr.", "shortDescription": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input (and 2 more): Same pattern found in 2 additional files. Review", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED077] Python Open No Context (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 2 more): Same pattern found in 2 a", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 38 more): Same pattern found in 38 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 46 more): Same pattern found in 46 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 46 more): Same pattern found in 46 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 16 more): Same pattern found in 16 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.", "shortDescription": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `deploy/android_demo/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `deploy/android", "shortDescription": {"text": "[MINED134] Binary file `deploy/android_demo/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `deploy/android_demo/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (54,329 bytes) committed to a repo that otherwise has 801 sour"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. T", "shortDescription": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantl"}, "fullDescription": {"text": "Replace with: `uses: actions/cache@<40-char-sha> # v5` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `registry.baidubce.com/paddlepaddle/paddle:2.0.0-gpu-cuda10.1-cudnn7` not pinned by digest: `", "shortDescription": {"text": "[MINED118] Dockerfile FROM `registry.baidubce.com/paddlepaddle/paddle:2.0.0-gpu-cuda10.1-cudnn7` not pinned by digest: `FROM registry.baidubce.com/paddlepaddle/paddle:2.0.0-gpu-cuda10.1-cudnn7` resolves the tag at build time. The registry C"}, "fullDescription": {"text": "Replace with: `FROM registry.baidubce.com/paddlepaddle/paddle:2.0.0-gpu-cuda10.1-cudnn7@sha256:`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/pycqa/flake8` pinned to mutable rev `7.1.1`: `.pre-commit-config.yaml` re", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/pycqa/flake8` pinned to mutable rev `7.1.1`: `.pre-commit-config.yaml` references `https://github.com/pycqa/flake8` at `rev: 7.1.1`. If `{rev}` is a branch or version tag, the repo owner can pu"}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /restructure-pages has no auth: Handler `_handle_restructure_pages` is registered with router/ap", "shortDescription": {"text": "[MINED112] FastAPI POST /restructure-pages has no auth: Handler `_handle_restructure_pages` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `urllib.request.urlopen` inside async function `_check_vlm_ready`: `urllib.request.urlopen` is ", "shortDescription": {"text": "[MINED110] Blocking call `urllib.request.urlopen` inside async function `_check_vlm_ready`: `urllib.request.urlopen` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other corou"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_predict: Test function `test_predict` runs code but contains no assert / expect /", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_predict: Test function `test_predict` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.headers` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.head", "shortDescription": {"text": "[MINED108] `self.headers` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first tim"}, "fullDescription": {"text": "Initialize `self.headers = ` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC003", "name": "Compose service joins the host PID namespace", "shortDescription": {"text": "Compose service joins the host PID namespace"}, "fullDescription": {"text": "Use the default bridge network and explicit ports, or document and isolate the exceptional host requirement."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `stri", "shortDescription": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import string` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC001", "name": "Compose service runs privileged", "shortDescription": {"text": "Compose service runs privileged"}, "fullDescription": {"text": "Remove privileged mode. Add the single capability, device, or mount that is actually required."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.98, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/702"}, "properties": {"repository": "PaddlePaddle/PaddleOCR", "repoUrl": "https://github.com/PaddlePaddle/PaddleOCR", "branch": "main"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `yacs` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55868, "scanner": "repobility-supply-chain", "fingerprint": "94f9c61588cb462bbaa7785ea253758463c0daf45848fd722fa77c942ca00776", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|94f9c61588cb462bbaa7785ea253758463c0daf45848fd722fa77c942ca00776"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/kie/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sentencepiece` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55867, "scanner": "repobility-supply-chain", "fingerprint": "d4a5a8bc2d1129f0f92af50562ea5ad72b4b201b7bcc405cbe060465a0c21833", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4a5a8bc2d1129f0f92af50562ea5ad72b4b201b7bcc405cbe060465a0c21833"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/kie/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `typing-extensions` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55843, "scanner": "repobility-supply-chain", "fingerprint": "effd54aacb9952b6b131c016b89dab3e555fd41866345d2a10dab6757f3cc17d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|effd54aacb9952b6b131c016b89dab3e555fd41866345d2a10dab6757f3cc17d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/avh/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `opencv-python` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55842, "scanner": "repobility-supply-chain", "fingerprint": "256b4742dd578c65ae0fa8b4e07fe883527432890f8b3f5e755c19f686cf4995", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|256b4742dd578c65ae0fa8b4e07fe883527432890f8b3f5e755c19f686cf4995"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/avh/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55841, "scanner": "repobility-supply-chain", "fingerprint": "a86b66c22b3ac16f1feae243b7efdcdadcf4ad802e04239c134b441a5a020283", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a86b66c22b3ac16f1feae243b7efdcdadcf4ad802e04239c134b441a5a020283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/avh/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `paddlepaddle` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55840, "scanner": "repobility-supply-chain", "fingerprint": "f3e376ba804df39d066ab16b299b29d6b28ba28f3c9546792ab1ff82b4e8caee", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f3e376ba804df39d066ab16b299b29d6b28ba28f3c9546792ab1ff82b4e8caee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/avh/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `Wand` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55839, "scanner": "repobility-supply-chain", "fingerprint": "c91ffced6746568430c1afb91b9be621614825b32f207d66b58370da09dbecb0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c91ffced6746568430c1afb91b9be621614825b32f207d66b58370da09dbecb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/version2.x/algorithm/formula_recognition/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `ftfy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55838, "scanner": "repobility-supply-chain", "fingerprint": "5de3cbf8f26f27bc6a5f5ba6c6b6a92c9c1a10647c9fe2527760879339806096", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5de3cbf8f26f27bc6a5f5ba6c6b6a92c9c1a10647c9fe2527760879339806096"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/version2.x/algorithm/formula_recognition/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `imagesize` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55837, "scanner": "repobility-supply-chain", "fingerprint": "4c05d51d9cb828c1d9e0cec33a7dcec967ec61bc0f0a6c08ec55b9323c713273", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4c05d51d9cb828c1d9e0cec33a7dcec967ec61bc0f0a6c08ec55b9323c713273"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/version2.x/algorithm/formula_recognition/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `packaging` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55836, "scanner": "repobility-supply-chain", "fingerprint": "598d89300e1e70b6153a718462b06d609a4ee1e26fcd0fd7e87624cd2610d233", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|598d89300e1e70b6153a718462b06d609a4ee1e26fcd0fd7e87624cd2610d233"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `albucore` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55835, "scanner": "repobility-supply-chain", "fingerprint": "a30f71331b4a95425cd0bfab25570cf2adb93bbed9a9a5e1ab49ac6b3419a6dc", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a30f71331b4a95425cd0bfab25570cf2adb93bbed9a9a5e1ab49ac6b3419a6dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `albumentations` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55834, "scanner": "repobility-supply-chain", "fingerprint": "bda26278bdb19c09c85b44fe22d69bc789e542e8d3d6238585699b078605c93c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bda26278bdb19c09c85b44fe22d69bc789e542e8d3d6238585699b078605c93c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `requests` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55833, "scanner": "repobility-supply-chain", "fingerprint": "088fcbb47ec7c52b320d5448985717d67d06c46f7172a3320998fc28d44dcd0f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|088fcbb47ec7c52b320d5448985717d67d06c46f7172a3320998fc28d44dcd0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pyyaml` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55832, "scanner": "repobility-supply-chain", "fingerprint": "9ded8202b9abfdc56d34be9bfee75d9b66c1b79c56665b4a7c66b8c1e8297296", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ded8202b9abfdc56d34be9bfee75d9b66c1b79c56665b4a7c66b8c1e8297296"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `Pillow` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55831, "scanner": "repobility-supply-chain", "fingerprint": "1f13becd6186a2ea36f378b9d0fa8e643915404b577ee21c5a09632d1695be0c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f13becd6186a2ea36f378b9d0fa8e643915404b577ee21c5a09632d1695be0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `cython` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55830, "scanner": "repobility-supply-chain", "fingerprint": "2ad05cb3e06d59c9b5559c7adfcc22b134562d149ac469741004853d138f99be", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2ad05cb3e06d59c9b5559c7adfcc22b134562d149ac469741004853d138f99be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `opencv-contrib-python` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55829, "scanner": "repobility-supply-chain", "fingerprint": "9bd6d984b42f9f0b873d1eed298a9dcfb8ce4b74979d93e311e5f139c06374db", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9bd6d984b42f9f0b873d1eed298a9dcfb8ce4b74979d93e311e5f139c06374db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `opencv-python` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55828, "scanner": "repobility-supply-chain", "fingerprint": "5f91fed8bac13342cefab5f5cfa3f3894d97a9cc49dc880b7f1fcae29382603d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5f91fed8bac13342cefab5f5cfa3f3894d97a9cc49dc880b7f1fcae29382603d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `rapidfuzz` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55827, "scanner": "repobility-supply-chain", "fingerprint": "aa0cfae805b2b54f363b87b2396b9f7272f18b68d1cd7be8c6fec01eebbf804c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aa0cfae805b2b54f363b87b2396b9f7272f18b68d1cd7be8c6fec01eebbf804c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55826, "scanner": "repobility-supply-chain", "fingerprint": "5fbbd40ea35952691ef95277e3e2c16f5fe4fbd9f804ef0241d1efd879af41e2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5fbbd40ea35952691ef95277e3e2c16f5fe4fbd9f804ef0241d1efd879af41e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `tqdm` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55825, "scanner": "repobility-supply-chain", "fingerprint": "1f160f96accb82e22c21daf0bcb6ed85d481052884d1830bd0b7b420f2a3f9d4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f160f96accb82e22c21daf0bcb6ed85d481052884d1830bd0b7b420f2a3f9d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `lmdb<1.5; python_version < \"3.9\"` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55824, "scanner": "repobility-supply-chain", "fingerprint": "8b2a4f2675263c719517690dae8d62d5a9b997354231aaa42a10ad2b238da93a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b2a4f2675263c719517690dae8d62d5a9b997354231aaa42a10ad2b238da93a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pyclipper` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55823, "scanner": "repobility-supply-chain", "fingerprint": "d59bd8a252f494e784fc8d721935eb43575ddd5d08bbc299c7c96775354aa63a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d59bd8a252f494e784fc8d721935eb43575ddd5d08bbc299c7c96775354aa63a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `scikit-image` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55822, "scanner": "repobility-supply-chain", "fingerprint": "a5c2cbabf3909eacef060bf5babc2feed597061c8ebb632135cc443f9169d693", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a5c2cbabf3909eacef060bf5babc2feed597061c8ebb632135cc443f9169d693"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `shapely` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 55821, "scanner": "repobility-supply-chain", "fingerprint": "898b2287d1179020868092aeeaec10b2ec71a9138a427a971dac55eb93a7c5e1", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|898b2287d1179020868092aeeaec10b2ec71a9138a427a971dac55eb93a7c5e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55810, "scanner": "repobility-ast-engine", "fingerprint": "428cd134cab346b4a1da83341b672c556282efe47485dae245e1e29217bb58e3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|428cd134cab346b4a1da83341b672c556282efe47485dae245e1e29217bb58e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_doc2md/converters/pptx.py"}, "region": {"startLine": 412}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55809, "scanner": "repobility-ast-engine", "fingerprint": "bc134c7fffcfc550de6e105f694e1775c41fe06a0f70e68a14e403052a6b63f9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc134c7fffcfc550de6e105f694e1775c41fe06a0f70e68a14e403052a6b63f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_doc2md/converters/pptx.py"}, "region": {"startLine": 455}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55808, "scanner": "repobility-ast-engine", "fingerprint": "7c208bcbd3279c08c6fc8831997831991e81baabc53366893cd5a5075eee53a4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c208bcbd3279c08c6fc8831997831991e81baabc53366893cd5a5075eee53a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_doc2md/converters/pptx.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55807, "scanner": "repobility-ast-engine", "fingerprint": "75ae65cfb4ae35c03e9147918e52f723b39d34b7ee29477cb924aef6a826e668", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75ae65cfb4ae35c03e9147918e52f723b39d34b7ee29477cb924aef6a826e668"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_doc2md/converters/xlsx.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55806, "scanner": "repobility-ast-engine", "fingerprint": "358009add5580251ab5a21609808f3cade6e95ff5c63c5934704658b148c3ab0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|358009add5580251ab5a21609808f3cade6e95ff5c63c5934704658b148c3ab0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_doc2md/math/__init__.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55805, "scanner": "repobility-ast-engine", "fingerprint": "687796eca10646b979ef8ad5ab46e55386b820e72f695df4488f6f832fc443cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|687796eca10646b979ef8ad5ab46e55386b820e72f695df4488f6f832fc443cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_api_client/cli.py"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55804, "scanner": "repobility-ast-engine", "fingerprint": "4687594a4baccdb41de585994da5fbd5a6e27b3ce68e2f7aee9a93d491dc8f91", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4687594a4baccdb41de585994da5fbd5a6e27b3ce68e2f7aee9a93d491dc8f91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_api_client/cli.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55803, "scanner": "repobility-ast-engine", "fingerprint": "f37823cbab70028b754f7ff65a170f584e178ac776021b36097912a5ff93d036", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f37823cbab70028b754f7ff65a170f584e178ac776021b36097912a5ff93d036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_api_client/_async_http.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55802, "scanner": "repobility-ast-engine", "fingerprint": "a48ec205b02fb5f8d1d2699db24883ae3dcdb69be68780a6a12d85405721a810", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a48ec205b02fb5f8d1d2699db24883ae3dcdb69be68780a6a12d85405721a810"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/imaug/make_pse_gt.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55801, "scanner": "repobility-ast-engine", "fingerprint": "b3d39e8b63687007513e1a57abdee95f678ceb958ef34acc64f2842b93259c97", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3d39e8b63687007513e1a57abdee95f678ceb958ef34acc64f2842b93259c97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/imaug/ct_process.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55799, "scanner": "repobility-ast-engine", "fingerprint": "0458d6fac34c248eba8003243712f1a0ee3815da1f6ab4eeafadfbfc9276a353", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0458d6fac34c248eba8003243712f1a0ee3815da1f6ab4eeafadfbfc9276a353"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/imaug/operators.py"}, "region": {"startLine": 310}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55798, "scanner": "repobility-ast-engine", "fingerprint": "a92c61bd79a60bf57c62eb156ab3074d2357d2afc517eff52ec320fc9d22b639", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a92c61bd79a60bf57c62eb156ab3074d2357d2afc517eff52ec320fc9d22b639"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/imaug/rec_img_aug.py"}, "region": {"startLine": 928}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55797, "scanner": "repobility-ast-engine", "fingerprint": "390f0ee904ebfcb95746c5820e7c4bdaf7ecb3cdf2e88081e6900e77132243d0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|390f0ee904ebfcb95746c5820e7c4bdaf7ecb3cdf2e88081e6900e77132243d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/modeling/heads/rec_cppd_head.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55796, "scanner": "repobility-ast-engine", "fingerprint": "712b8b5b98df1449d4b7ede3ca8e5d410602e5e1007fa3113795966586a69414", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|712b8b5b98df1449d4b7ede3ca8e5d410602e5e1007fa3113795966586a69414"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/utils/e2e_metric/Deteval.py"}, "region": {"startLine": 354}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55795, "scanner": "repobility-ast-engine", "fingerprint": "e17a4a0cbc161174fc90d2098c7cc46efeda650b4a9a6a9dc3db8ffff3845edc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e17a4a0cbc161174fc90d2098c7cc46efeda650b4a9a6a9dc3db8ffff3845edc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 840}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55794, "scanner": "repobility-ast-engine", "fingerprint": "9176e383cb7e0b1940f8e81caf01267750c10f016f639d13f26672a39306809c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9176e383cb7e0b1940f8e81caf01267750c10f016f639d13f26672a39306809c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 813}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55793, "scanner": "repobility-ast-engine", "fingerprint": "cee77c8c1295fb9afce4abef0ccd75b7e3fc3c32d8847b576039818b084ba37e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cee77c8c1295fb9afce4abef0ccd75b7e3fc3c32d8847b576039818b084ba37e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 745}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55792, "scanner": "repobility-ast-engine", "fingerprint": "20efea5c8f3256af9498ba04b891a5557afeb7d629831b0e134713410a105824", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20efea5c8f3256af9498ba04b891a5557afeb7d629831b0e134713410a105824"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 706}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55791, "scanner": "repobility-ast-engine", "fingerprint": "6a8515de4ca50e6960baf3f7abff41f24966e070060ad68908fdc2307d7f2d57", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a8515de4ca50e6960baf3f7abff41f24966e070060ad68908fdc2307d7f2d57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 671}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55790, "scanner": "repobility-ast-engine", "fingerprint": "259a95b8208d274c6ad33d29b728619b2b26969cb1a79446d7aa2a2af940405a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|259a95b8208d274c6ad33d29b728619b2b26969cb1a79446d7aa2a2af940405a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 641}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55789, "scanner": "repobility-ast-engine", "fingerprint": "6031807e15c6464b7d0d32200d64f27de1887a1815dbad56fe3aa41b3166f1fc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6031807e15c6464b7d0d32200d64f27de1887a1815dbad56fe3aa41b3166f1fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 614}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55788, "scanner": "repobility-ast-engine", "fingerprint": "c91c056484e8a54a1a5d1730a740e149e556f68e85ffe9f8e5845ab1623f8a4c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c91c056484e8a54a1a5d1730a740e149e556f68e85ffe9f8e5845ab1623f8a4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 505}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55787, "scanner": "repobility-ast-engine", "fingerprint": "cee19512ba6da482ddb724e3403d8f3a2e6c27a04e13d99ccf44a89b0ee77f98", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cee19512ba6da482ddb724e3403d8f3a2e6c27a04e13d99ccf44a89b0ee77f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 400}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55786, "scanner": "repobility-ast-engine", "fingerprint": "a7bc8a72cc1ef0ffee2e9b68dd8f96361d6452c2e2382474651ccf0145ab0944", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7bc8a72cc1ef0ffee2e9b68dd8f96361d6452c2e2382474651ccf0145ab0944"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55785, "scanner": "repobility-ast-engine", "fingerprint": "c372e89552fadf83fd25ab84229a26a2526ca901630037e57e2aa2a3f30d5a30", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c372e89552fadf83fd25ab84229a26a2526ca901630037e57e2aa2a3f30d5a30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55784, "scanner": "repobility-ast-engine", "fingerprint": "9091058a0a6147fcb1a4cbcb1f7fecf35b09c5de37469ed8db7a395c7e673ade", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9091058a0a6147fcb1a4cbcb1f7fecf35b09c5de37469ed8db7a395c7e673ade"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/distillation_loss.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55783, "scanner": "repobility-ast-engine", "fingerprint": "8bb3dd53152f1579b09d80199787260dba3e3ef13a7d5c778014d7094f7fb481", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bb3dd53152f1579b09d80199787260dba3e3ef13a7d5c778014d7094f7fb481"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/vqa_token_ser_layoutlm_postprocess.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55782, "scanner": "repobility-ast-engine", "fingerprint": "83a7a4ac66343db335f1753593a00c882bcd6b79a52b90a8a013b104aa136fc7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83a7a4ac66343db335f1753593a00c882bcd6b79a52b90a8a013b104aa136fc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/db_postprocess.py"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55781, "scanner": "repobility-ast-engine", "fingerprint": "84deb0716ddde06ce67a16a7b4ad7659582c9246b20e85d001e90be1f1687653", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84deb0716ddde06ce67a16a7b4ad7659582c9246b20e85d001e90be1f1687653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/vqa_token_re_layoutlm_postprocess.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55780, "scanner": "repobility-ast-engine", "fingerprint": "c6fb377a3e2e3db1a425c97c82ad719ad6922c9a3da50938b06f2b511cfc65dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6fb377a3e2e3db1a425c97c82ad719ad6922c9a3da50938b06f2b511cfc65dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/east_postprocess.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55779, "scanner": "repobility-ast-engine", "fingerprint": "e9c3117fcf7c22fafc9b2c2a21f51bb5da8ae804d12cfa63b4696f377fb00407", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9c3117fcf7c22fafc9b2c2a21f51bb5da8ae804d12cfa63b4696f377fb00407"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/picodet_postprocess.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55778, "scanner": "repobility-ast-engine", "fingerprint": "93b9e6e97c26199178b90779df1211bb2a7d1c7402fc772473f855da4dd2d57f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93b9e6e97c26199178b90779df1211bb2a7d1c7402fc772473f855da4dd2d57f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/ct_postprocess.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55777, "scanner": "repobility-ast-engine", "fingerprint": "ef27a4f60063c46e373da5b9f10d59dc8521095e778586fef97ecb8d41ed9c9e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef27a4f60063c46e373da5b9f10d59dc8521095e778586fef97ecb8d41ed9c9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/rec_postprocess.py"}, "region": {"startLine": 976}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55776, "scanner": "repobility-ast-engine", "fingerprint": "dd17683defc04105b8ac6e6aff202df8402cc23ac9c0414748c8840b9808c068", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd17683defc04105b8ac6e6aff202df8402cc23ac9c0414748c8840b9808c068"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/rec_postprocess.py"}, "region": {"startLine": 840}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55775, "scanner": "repobility-ast-engine", "fingerprint": "62bf46821f252be24a2b2313938ce62c6165eeb6a4ba9778e730b2d9f75d45cd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62bf46821f252be24a2b2313938ce62c6165eeb6a4ba9778e730b2d9f75d45cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/rec_postprocess.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55774, "scanner": "repobility-ast-engine", "fingerprint": "32c9bf6cee656af7f8197c4634dd32267d8b36e4fab13e312d2e6c4cec3298ff", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32c9bf6cee656af7f8197c4634dd32267d8b36e4fab13e312d2e6c4cec3298ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/latexocr_dataset.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55773, "scanner": "repobility-ast-engine", "fingerprint": "7d8bb8a97b3e1c6a34daa64ab4431c859d6f608b015b306de77593ac2d663b70", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d8bb8a97b3e1c6a34daa64ab4431c859d6f608b015b306de77593ac2d663b70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/multi_scale_sampler.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55772, "scanner": "repobility-ast-engine", "fingerprint": "07d26ea2b062764e6734951edb8aa4882021c6b5bac00833b27331fa3f98f909", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07d26ea2b062764e6734951edb8aa4882021c6b5bac00833b27331fa3f98f909"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/pgnet_dataset.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55756, "scanner": "repobility-ast-engine", "fingerprint": "db8f78b0fce58d440f66751c4b9f2f66723307fba62e7f2d1fd2e833846be742", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db8f78b0fce58d440f66751c4b9f2f66723307fba62e7f2d1fd2e833846be742"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/supplementary/optimizer.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55755, "scanner": "repobility-ast-engine", "fingerprint": "a5c331f8844abc9c7292a0a49277df86facb33dece41f41642fd261eacd066e5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5c331f8844abc9c7292a0a49277df86facb33dece41f41642fd261eacd066e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/supplementary/optimizer.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55754, "scanner": "repobility-ast-engine", "fingerprint": "ee2d58394cf6b8f5a62df0ed909e12b006d66cf9845879bbf8d1f2537509d82b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee2d58394cf6b8f5a62df0ed909e12b006d66cf9845879bbf8d1f2537509d82b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/supplementary/load_cifar.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55752, "scanner": "repobility-ast-engine", "fingerprint": "db595166edb3ab10a107f05e6c35863a262e92a98c6d9a9a0e576feccda5df9f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db595166edb3ab10a107f05e6c35863a262e92a98c6d9a9a0e576feccda5df9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/compare_results.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55751, "scanner": "repobility-ast-engine", "fingerprint": "b0c0f59aa52e56bba0beeac7e033a09951022976a9df1fc47c9989fa48e14aed", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0c0f59aa52e56bba0beeac7e033a09951022976a9df1fc47c9989fa48e14aed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/compare_results.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55732, "scanner": "repobility-ast-engine", "fingerprint": "a497753745361cad005e62f449bc595d0dd5c904db9a68aed4cf244862ae25c7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a497753745361cad005e62f449bc595d0dd5c904db9a68aed4cf244862ae25c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/analysis.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55731, "scanner": "repobility-ast-engine", "fingerprint": "9077bf8856b388ff0b01e1b5007704fdbf44b7b13a265e06720988d97c682e0d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9077bf8856b388ff0b01e1b5007704fdbf44b7b13a265e06720988d97c682e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/analysis.py"}, "region": {"startLine": 350}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 55728, "scanner": "repobility-ast-engine", "fingerprint": "c25b119803e28cd9f5f932bca9504f0eceeb9340b90a8acb7e13eae02ce514a9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c25b119803e28cd9f5f932bca9504f0eceeb9340b90a8acb7e13eae02ce514a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/program.py"}, "region": {"startLine": 296}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `eval` (list): `def eval(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55727, "scanner": "repobility-ast-engine", "fingerprint": "fee1212789af8bff62ee51d432bba0400c66cc2b54c1dc3370b17563a6fa93aa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fee1212789af8bff62ee51d432bba0400c66cc2b54c1dc3370b17563a6fa93aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/program.py"}, "region": {"startLine": 661}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `train` (list): `def train(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 55726, "scanner": "repobility-ast-engine", "fingerprint": "cba1079cf4a6a46922d94fe61cc8252bf2bb36a964a5d40df7544e648811638d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cba1079cf4a6a46922d94fe61cc8252bf2bb36a964a5d40df7544e648811638d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/program.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "DKC005", "level": "warning", "message": {"text": "Compose service adds dangerous Linux capabilities"}, "properties": {"repobilityId": 55675, "scanner": "repobility-docker", "fingerprint": "4ff6db92f3bb35b5048aca0883398c3d410464376cb47ced8687f9ecdc8162e0", "category": "docker", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "cap_add includes broad or sensitive Linux capabilities.", "evidence": {"rule_id": "DKC005", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "capabilities": ["SYS_PTRACE"], "correlation_key": "fp|4ff6db92f3bb35b5048aca0883398c3d410464376cb47ced8687f9ecdc8162e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKC005", "level": "warning", "message": {"text": "Compose service adds dangerous Linux capabilities"}, "properties": {"repobilityId": 55669, "scanner": "repobility-docker", "fingerprint": "5b1061251eae3687d27a39f01de9e574e247c12cbc6e68e6c72d555cec64b085", "category": "docker", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "cap_add includes broad or sensitive Linux capabilities.", "evidence": {"rule_id": "DKC005", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "capabilities": ["SYS_PTRACE"], "correlation_key": "fp|5b1061251eae3687d27a39f01de9e574e247c12cbc6e68e6c72d555cec64b085"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC005", "level": "warning", "message": {"text": "Compose service adds dangerous Linux capabilities"}, "properties": {"repobilityId": 55664, "scanner": "repobility-docker", "fingerprint": "2c2986f65cb862ca4165020b47042b6b7d007b5e0e9d2cea337d79a5c904f457", "category": "docker", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "cap_add includes broad or sensitive Linux capabilities.", "evidence": {"rule_id": "DKC005", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "capabilities": ["SYS_PTRACE"], "correlation_key": "fp|2c2986f65cb862ca4165020b47042b6b7d007b5e0e9d2cea337d79a5c904f457"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKC005", "level": "warning", "message": {"text": "Compose service adds dangerous Linux capabilities"}, "properties": {"repobilityId": 55659, "scanner": "repobility-docker", "fingerprint": "adb4095941dd7f42d4eb7e452d40af038264e79fe12bdd0ec48b532edfa55620", "category": "docker", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "cap_add includes broad or sensitive Linux capabilities.", "evidence": {"rule_id": "DKC005", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "capabilities": ["SYS_PTRACE"], "correlation_key": "fp|adb4095941dd7f42d4eb7e452d40af038264e79fe12bdd0ec48b532edfa55620"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC005", "level": "warning", "message": {"text": "Compose service adds dangerous Linux capabilities"}, "properties": {"repobilityId": 55648, "scanner": "repobility-docker", "fingerprint": "12a7a445d1653a0aa40bd656c84c7c6481b7e6f0b2b7414a10e3e64bfacbdaf7", "category": "docker", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "cap_add includes broad or sensitive Linux capabilities.", "evidence": {"rule_id": "DKC005", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "capabilities": ["SYS_PTRACE"], "correlation_key": "fp|12a7a445d1653a0aa40bd656c84c7c6481b7e6f0b2b7414a10e3e64bfacbdaf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKC005", "level": "warning", "message": {"text": "Compose service adds dangerous Linux capabilities"}, "properties": {"repobilityId": 55644, "scanner": "repobility-docker", "fingerprint": "876251c8ac6ca9276c2fca39c70ad6aeedf897ed972a788e5247f1de9abc923d", "category": "docker", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "cap_add includes broad or sensitive Linux capabilities.", "evidence": {"rule_id": "DKC005", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "capabilities": ["SYS_PTRACE"], "correlation_key": "fp|876251c8ac6ca9276c2fca39c70ad6aeedf897ed972a788e5247f1de9abc923d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 55642, "scanner": "repobility-docker", "fingerprint": "ee1019561947b5823cb4e65de9c8e9d657baebe25f7aacaf52be98025a45cb7e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "registry.baidubce.com/paddlepaddle/paddle:2.0.0-gpu-cuda10.1-cudnn7", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ee1019561947b5823cb4e65de9c8e9d657baebe25f7aacaf52be98025a45cb7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/hubserving/gpu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 55641, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 55640, "scanner": "repobility-docker", "fingerprint": "86e5ef16da3d08f7cceea6a795e5b8247136909e167c619c87e292c8778fc53f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "registry.baidubce.com/paddlepaddle/paddle:2.0.0", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|86e5ef16da3d08f7cceea6a795e5b8247136909e167c619c87e292c8778fc53f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/hubserving/cpu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 55607, "scanner": "repobility-threat-engine", "fingerprint": "f55c2d95f934e751c777d3d3810ae1cc2bad383036b430d326580906fa787bcc", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.Popen(\n cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|26|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/compare_results.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC037", "level": "warning", "message": {"text": "[SEC037] Uncontrolled Recursion \u2014 stack/depth exhaustion: Parsing arbitrary-depth user input (XML, JSON, YAML) without a depth limit, or recursive function over user-controlled structure. Attacker sends `{\"a\":{\"a\":{\"a\":...10000 levels...}}}` to blow the stack. Real CVEs: CVE-2019-16935 (Python xmlrpc), CVE-2020-25659 (PyYAML before 5.4). CWE-674/1325."}, "properties": {"repobilityId": 55588, "scanner": "repobility-threat-engine", "fingerprint": "1567dae783ae6acf5c362ba5c6760ec965ab8f3c7df353a892a477f5aca99420", "category": "resource_exhaustion", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC037", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1567dae783ae6acf5c362ba5c6760ec965ab8f3c7df353a892a477f5aca99420"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/packages/core/src/pipelines/ocr/config.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 55549, "scanner": "repobility-threat-engine", "fingerprint": "cbf85b31f2882606a4805fb32539e795753cc2b71d3c666d3126f005885bc542", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|ppocr/losses/center_loss.py|46|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/center_loss.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 55548, "scanner": "repobility-threat-engine", "fingerprint": "c7c7192eca02d0f3fc71de1aeef1696f4615357cda86957739d7f204d2e0ef9f", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|81|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/packages/core/src/pipelines/ocr/config.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 55547, "scanner": "repobility-threat-engine", "fingerprint": "4f3b74659db6eb63bfc6d788ed3b11d5bea7070aaf39a324b20e02fa41631731", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|38|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/packages/core/src/models/common.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 55543, "scanner": "repobility-threat-engine", "fingerprint": "7af180d1ed3222130b15b962388d8f49ff1815e23f6e53507411dec31a0bed7e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7af180d1ed3222130b15b962388d8f49ff1815e23f6e53507411dec31a0bed7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/train.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 55542, "scanner": "repobility-threat-engine", "fingerprint": "49dbc375014ea1b8da57e00b88609a55acf234c09cd9303c45f8285cafdcacd9", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|49dbc375014ea1b8da57e00b88609a55acf234c09cd9303c45f8285cafdcacd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/simple_dataset.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 55541, "scanner": "repobility-threat-engine", "fingerprint": "1edf5fcc20b5fc9c583aad2c1b4f54d54246d9cd53c65abfda6b54f6fa924c77", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1edf5fcc20b5fc9c583aad2c1b4f54d54246d9cd53c65abfda6b54f6fa924c77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/utils/metrics.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 55521, "scanner": "repobility-threat-engine", "fingerprint": "ff31c5e7df855ba701644e78e8e9972787109290dea63fa56f8ee95d6bc0c460", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n return None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ff31c5e7df855ba701644e78e8e9972787109290dea63fa56f8ee95d6bc0c460"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/utils/ocr_metric/__init__.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 55520, "scanner": "repobility-threat-engine", "fingerprint": "8652b50b1352ced66439291f38c13bde6b58bf4dcde06d1c76c4f03094139ab2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n return None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8652b50b1352ced66439291f38c13bde6b58bf4dcde06d1c76c4f03094139ab2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/post_processing/__init__.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 55514, "scanner": "repobility-threat-engine", "fingerprint": "39f83f473c907338e581a2759ed1e883ea5fd7a18eb5f309c3993cd0ce7f0633", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def wrapper_cls(self):\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39f83f473c907338e581a2759ed1e883ea5fd7a18eb5f309c3993cd0ce7f0633"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_models/_doc_vlm.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 55513, "scanner": "repobility-threat-engine", "fingerprint": "29b254f76fa8244a42c6e2c30ea629b1884ca0c14daf351b7ce5aa789146d349", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def add_subparser(self, subparsers):\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|29b254f76fa8244a42c6e2c30ea629b1884ca0c14daf351b7ce5aa789146d349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_abstract.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 55512, "scanner": "repobility-threat-engine", "fingerprint": "375fb73e5d1f069540cacdc9f35a1c5c0ef2158b30392e200da6d88e5dbda05b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _on_epoch_finish(self):\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|375fb73e5d1f069540cacdc9f35a1c5c0ef2158b30392e200da6d88e5dbda05b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/base/base_trainer.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, elif=1, else=2, for=1, if=10, nested_bonus=1."}, "properties": {"repobilityId": 55510, "scanner": "repobility-threat-engine", "fingerprint": "692ae8186268afcc1a2ec548c2c3c69e1b054fc192f02daf43695f8ebe78793a", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__init__", "breakdown": {"if": 10, "and": 1, "for": 1, "elif": 1, "else": 2, "nested_bonus": 1}, "complexity": 16, "correlation_key": "fp|692ae8186268afcc1a2ec548c2c3c69e1b054fc192f02daf43695f8ebe78793a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/base/base_trainer.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 55502, "scanner": "repobility-threat-engine", "fingerprint": "f25d83af3111d608f71a96aa14b335fd4d39e1117d8eb0c1f6e0ff8537ab0ab1", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|21|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/models/__init__.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 55501, "scanner": "repobility-threat-engine", "fingerprint": "f015800d01dd03076851003f13fc6389e8e93200e23eb29ef5ae4ea77d473067", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|89|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/data_loader/__init__.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 55500, "scanner": "repobility-threat-engine", "fingerprint": "fc6b94885a4a4719ba23a8168d63803e71cecde3a010315bdea2fbbdafc0b3ce", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|43|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/base/base_dataset.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 55481, "scanner": "repobility-threat-engine", "fingerprint": "6b1ab151617f955a4c8d2d3248aa084e8befda78a705c9c2d6e487d06e51e3b1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6b1ab151617f955a4c8d2d3248aa084e8befda78a705c9c2d6e487d06e51e3b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/typescript/examples/doc-parsing-file.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 55480, "scanner": "repobility-threat-engine", "fingerprint": "b3bcc8af785a88e361b729bcf11dff825117825d4e45e6a517c56dbb4ef3ace3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b3bcc8af785a88e361b729bcf11dff825117825d4e45e6a517c56dbb4ef3ace3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/examples/ocr_url/main.go"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 55479, "scanner": "repobility-threat-engine", "fingerprint": "d655c44faf4350a3f3071592cd73eeacce29f7f0822bd4cd2c6a750122734a53", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d655c44faf4350a3f3071592cd73eeacce29f7f0822bd4cd2c6a750122734a53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/examples/doc_parsing_file/main.go"}, "region": {"startLine": 46}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55709, "scanner": "repobility-docker", "fingerprint": "0d8bc24f79aae2a236be1305136a44d65790aeef2f1835b4534f9d04990f1c79", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-pipeline", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0d8bc24f79aae2a236be1305136a44d65790aeef2f1835b4534f9d04990f1c79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/compose.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 55708, "scanner": "repobility-docker", "fingerprint": "a57732a5786ffc17318bc4f39b30a90967003b23bca7c2a3f003adf71ddf51b8", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-pipeline", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|a57732a5786ffc17318bc4f39b30a90967003b23bca7c2a3f003adf71ddf51b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/compose.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55707, "scanner": "repobility-docker", "fingerprint": "60c7a36dd7bb4a825b152b28afb736a7aa0d640b3e23151faa78ff48008268ee", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|60c7a36dd7bb4a825b152b28afb736a7aa0d640b3e23151faa78ff48008268ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 55706, "scanner": "repobility-docker", "fingerprint": "2eeee4b790c6a690b1ad08398aa5c3526617aff69876da998defde33c4a84c9c", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2eeee4b790c6a690b1ad08398aa5c3526617aff69876da998defde33c4a84c9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55703, "scanner": "repobility-docker", "fingerprint": "76667615fc7b71dc08c4450461d9e8f7de8225132630be9210c57f16f3c517c4", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|76667615fc7b71dc08c4450461d9e8f7de8225132630be9210c57f16f3c517c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55698, "scanner": "repobility-docker", "fingerprint": "20b0b9c26bd5b0dbdb4e4eab569d612dfab12e665cb55d27cf3b801186e139f9", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|20b0b9c26bd5b0dbdb4e4eab569d612dfab12e665cb55d27cf3b801186e139f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55692, "scanner": "repobility-docker", "fingerprint": "b3e7949a2722606fca69b2b06253614fba3006744c1cd516d530143b1393aeea", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b3e7949a2722606fca69b2b06253614fba3006744c1cd516d530143b1393aeea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55685, "scanner": "repobility-docker", "fingerprint": "43e0a19229f7d14e23813107f695015b4ff0825813bbd3430a6122c2577dbabc", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|43e0a19229f7d14e23813107f695015b4ff0825813bbd3430a6122c2577dbabc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55679, "scanner": "repobility-docker", "fingerprint": "0a97d6d4946f7b01987d6291902f743612a4361f72c020d6732655876cba20fe", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0a97d6d4946f7b01987d6291902f743612a4361f72c020d6732655876cba20fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/intel-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55671, "scanner": "repobility-docker", "fingerprint": "cc8df52632312e91fcd08a8ff7dab3950c19a1841ed01d34c7c2da994b5b25a6", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|cc8df52632312e91fcd08a8ff7dab3950c19a1841ed01d34c7c2da994b5b25a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55661, "scanner": "repobility-docker", "fingerprint": "db497494f1fc5aa8cd29e2801d5d8bf63cd791f4f400358ff19832dfca128013", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|db497494f1fc5aa8cd29e2801d5d8bf63cd791f4f400358ff19832dfca128013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55653, "scanner": "repobility-docker", "fingerprint": "cd25a01ae562a0c728073fceb585b6789ef27826624bf6a63652e9fb7f28125d", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|cd25a01ae562a0c728073fceb585b6789ef27826624bf6a63652e9fb7f28125d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 55646, "scanner": "repobility-docker", "fingerprint": "04491c33a5a8aee60da743776e09dc2b1a0d48dcdd06856ac9d3dff9f47f3102", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|04491c33a5a8aee60da743776e09dc2b1a0d48dcdd06856ac9d3dff9f47f3102"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55639, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7e35ab730fc2a98f75b81b9026206d3e043168b7fa1e8d39ac43bce2bbebc734", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "mcp_server/paddleocr_mcp/inference/paddleocr_vl/local.py", "duplicate_line": 38, "correlation_key": "fp|7e35ab730fc2a98f75b81b9026206d3e043168b7fa1e8d39ac43bce2bbebc734"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/inference/pp_structurev3/local.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55638, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38b6048634171aca5e67f1d81aee404679788ae520ab4c6e8e3d3daffa0601e5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "mcp_server/paddleocr_mcp/inference/paddleocr_vl/aistudio.py", "duplicate_line": 47, "correlation_key": "fp|38b6048634171aca5e67f1d81aee404679788ae520ab4c6e8e3d3daffa0601e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/inference/pp_structurev3/aistudio.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55637, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4ba02ae8c83d76fe10272c0208f1d523fb4df3af313bed8ce69d9fd64d52ccf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "mcp_server/paddleocr_mcp/inference/ocr/aistudio.py", "duplicate_line": 24, "correlation_key": "fp|a4ba02ae8c83d76fe10272c0208f1d523fb4df3af313bed8ce69d9fd64d52ccf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/inference/pp_structurev3/aistudio.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55636, "scanner": "repobility-ai-code-hygiene", "fingerprint": "083aa7e4e039f07bc1b84d097762020bec35f867f440e67d2bea7b3b9fa7fd23", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "mcp_server/paddleocr_mcp/inference/ocr/aistudio.py", "duplicate_line": 35, "correlation_key": "fp|083aa7e4e039f07bc1b84d097762020bec35f867f440e67d2bea7b3b9fa7fd23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/inference/paddleocr_vl/aistudio.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55635, "scanner": "repobility-ai-code-hygiene", "fingerprint": "111244d268b22a43aaa16b1f79e29e0c444c9d31d3db5ed3af6f39b2a27e12ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/slim/quantization/export_model.py", "duplicate_line": 21, "correlation_key": "fp|111244d268b22a43aaa16b1f79e29e0c444c9d31d3db5ed3af6f39b2a27e12ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/slim/quantization/quant_kl.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55634, "scanner": "repobility-ai-code-hygiene", "fingerprint": "43be1f383d2c2179c0d3db2e81f493fe81e1f65766f8779e4b538aefd209084f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/slim/quantization/quant.py", "duplicate_line": 23, "correlation_key": "fp|43be1f383d2c2179c0d3db2e81f493fe81e1f65766f8779e4b538aefd209084f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/slim/quantization/quant_kl.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55633, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ce21a951248a5a74ac54e0111a7b43ed3ae076b2395dc3b783fb9c604901472", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/slim/prune/sensitivity_anal.py", "duplicate_line": 33, "correlation_key": "fp|7ce21a951248a5a74ac54e0111a7b43ed3ae076b2395dc3b783fb9c604901472"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/slim/quantization/quant.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55632, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f1322b5421e6b7c7d5951db9e76ea03eefe34a49022fcf48f5ae7115be78b6c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/slim/quantization/export_model.py", "duplicate_line": 21, "correlation_key": "fp|4f1322b5421e6b7c7d5951db9e76ea03eefe34a49022fcf48f5ae7115be78b6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/slim/quantization/quant.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55631, "scanner": "repobility-ai-code-hygiene", "fingerprint": "50991d9693309cdb11d95f9c753e52ceacdfd203edc4e3a6d27c2a88274615e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/slim/prune/export_prune_model.py", "duplicate_line": 21, "correlation_key": "fp|50991d9693309cdb11d95f9c753e52ceacdfd203edc4e3a6d27c2a88274615e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/slim/prune/sensitivity_anal.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55630, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a14e064c81fbe6eccc8860f0fd2e216ed2bd637dd743378e88b6aeff47329cc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/structure_system/module.py", "duplicate_line": 84, "correlation_key": "fp|6a14e064c81fbe6eccc8860f0fd2e216ed2bd637dd743378e88b6aeff47329cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/structure_table/module.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55629, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3283c2927c0a27e2a560b4a0eb3b04b26a19437bc219cabbae6a1e4c79df533e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/structure_layout/module.py", "duplicate_line": 47, "correlation_key": "fp|3283c2927c0a27e2a560b4a0eb3b04b26a19437bc219cabbae6a1e4c79df533e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/structure_table/module.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55628, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8502f72f73578096d2f7b87bdb356d9e69cb04f20478cf9f51100baac9be74cb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/kie_ser/module.py", "duplicate_line": 28, "correlation_key": "fp|8502f72f73578096d2f7b87bdb356d9e69cb04f20478cf9f51100baac9be74cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/structure_table/module.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55627, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0c866a82218e37dfede0b5c809ca726e668f679f5f524a9fe15a941b9e12413", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/structure_layout/module.py", "duplicate_line": 47, "correlation_key": "fp|e0c866a82218e37dfede0b5c809ca726e668f679f5f524a9fe15a941b9e12413"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/structure_system/module.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55626, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4caf011fd40856e37176f630a2d62552ee213690db9be93e20b399a18cd8296c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/kie_ser/module.py", "duplicate_line": 28, "correlation_key": "fp|4caf011fd40856e37176f630a2d62552ee213690db9be93e20b399a18cd8296c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/structure_system/module.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55625, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2aa7f5496a9c3b9d8b1ff89d833d2a0bc6080c1363b354ddcf633b10b76e07c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/kie_ser/module.py", "duplicate_line": 28, "correlation_key": "fp|2aa7f5496a9c3b9d8b1ff89d833d2a0bc6080c1363b354ddcf633b10b76e07c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/structure_layout/module.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55624, "scanner": "repobility-ai-code-hygiene", "fingerprint": "748b6abd3e23cd8d1161851a6ee4499b38fba3e8dfdc4d1beeb07a4752d78eb7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/ocr_det/params.py", "duplicate_line": 1, "correlation_key": "fp|748b6abd3e23cd8d1161851a6ee4499b38fba3e8dfdc4d1beeb07a4752d78eb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_system/params.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55623, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f43c1abfaaaeb2474d39a6277bef6700c8b9ffeca971bd378a4439d2ca8c52c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/ocr_det/module.py", "duplicate_line": 100, "correlation_key": "fp|f43c1abfaaaeb2474d39a6277bef6700c8b9ffeca971bd378a4439d2ca8c52c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_system/module.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55622, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3cd6971120b1393800e28efb4242a28439977479767e0a6bf1ccd20cf9cb5b2d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/kie_ser/module.py", "duplicate_line": 28, "correlation_key": "fp|3cd6971120b1393800e28efb4242a28439977479767e0a6bf1ccd20cf9cb5b2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_system/module.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55621, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f61888610243e9dd2bc013be2a095b68920ae2872421bb97d73e27ba98b5d23", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/ocr_cls/module.py", "duplicate_line": 72, "correlation_key": "fp|6f61888610243e9dd2bc013be2a095b68920ae2872421bb97d73e27ba98b5d23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_rec/module.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55620, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ae8f5dac2cd8bc8c56123c12d951d56131b72ad13c21a64906ec30c10e984415", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/ocr_det/module.py", "duplicate_line": 61, "correlation_key": "fp|ae8f5dac2cd8bc8c56123c12d951d56131b72ad13c21a64906ec30c10e984415"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_rec/module.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55619, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c4449f47d4011f80d8bac0629e506beb5fba04ad0ef2e6c095e50b3a741fec6e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/kie_ser/module.py", "duplicate_line": 28, "correlation_key": "fp|c4449f47d4011f80d8bac0629e506beb5fba04ad0ef2e6c095e50b3a741fec6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_rec/module.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55618, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2ed365b814febccfa799565473d161241a602cda1d85defbe92326320dd8ca3e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/ocr_cls/module.py", "duplicate_line": 72, "correlation_key": "fp|2ed365b814febccfa799565473d161241a602cda1d85defbe92326320dd8ca3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_det/module.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55617, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71a5a3d29fe922c821c7c5a21b01558053e66ae15dec38afab95c938ad19b704", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/kie_ser/module.py", "duplicate_line": 28, "correlation_key": "fp|71a5a3d29fe922c821c7c5a21b01558053e66ae15dec38afab95c938ad19b704"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_det/module.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55616, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e8bd4c317171f3c2f65c2b6e07584f050222cfac63aa945cf627cd64aac888a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/kie_ser/module.py", "duplicate_line": 28, "correlation_key": "fp|e8bd4c317171f3c2f65c2b6e07584f050222cfac63aa945cf627cd64aac888a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_cls/module.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55615, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e04453413aa0cb4c770eafe9e663cd34ff951496fb4b73f25966b3c0d9df4c75", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/hubserving/kie_ser/module.py", "duplicate_line": 28, "correlation_key": "fp|e04453413aa0cb4c770eafe9e663cd34ff951496fb4b73f25966b3c0d9df4c75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/kie_ser_re/module.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55614, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bf863a2891d8ae5cb3c782f4f357ad733bd7df832855f180cc96f327ed1ff66f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/cpp_infer/src/api/pipelines/ocr.h", "duplicate_line": 2, "correlation_key": "fp|bf863a2891d8ae5cb3c782f4f357ad733bd7df832855f180cc96f327ed1ff66f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/cpp_infer/src/pipelines/ocr/pipeline.h"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55613, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0fe7e31c8dfa88914bf29ed98d8a5ba96cedde70fe215b4ad290014e403c1206", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/cpp_infer/src/api/pipelines/doc_preprocessor.h", "duplicate_line": 2, "correlation_key": "fp|0fe7e31c8dfa88914bf29ed98d8a5ba96cedde70fe215b4ad290014e403c1206"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/cpp_infer/src/pipelines/doc_preprocessor/pipeline.h"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55612, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88e8801787892338782e2db2c7c865f3c010265e5ebc369d218502da773139e7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/cpp_infer/src/api/models/text_recognition.h", "duplicate_line": 2, "correlation_key": "fp|88e8801787892338782e2db2c7c865f3c010265e5ebc369d218502da773139e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/cpp_infer/src/modules/text_recognition/predictor.h"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55611, "scanner": "repobility-ai-code-hygiene", "fingerprint": "64b6d4f779f5b602e48c79f36146cfa77843abd74be10f6bf9af97f2234bb6ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deploy/cpp_infer/src/api/models/text_detection.h", "duplicate_line": 2, "correlation_key": "fp|64b6d4f779f5b602e48c79f36146cfa77843abd74be10f6bf9af97f2234bb6ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/cpp_infer/src/modules/text_detection/predictor.h"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 55610, "scanner": "repobility-ai-code-hygiene", "fingerprint": "17699939b536472ee16182d7ccbf52f5962f0199ec31160472b0106026d6b9f0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api_sdk/typescript/src/client.ts", "duplicate_line": 292, "correlation_key": "fp|17699939b536472ee16182d7ccbf52f5962f0199ec31160472b0106026d6b9f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/typescript/src/internal/poller.ts"}, "region": {"startLine": 117}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 55565, "scanner": "repobility-threat-engine", "fingerprint": "f3c81992efa4197769affee2db9acbc47101e5e0623e13fdf731fde402e06f6f", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(save_dir):\n os.makedirs(save_dir)\n\n for img_name in gt_dict.keys():", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f3c81992efa4197769affee2db9acbc47101e5e0623e13fdf731fde402e06f6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/end2end/convert_ppocr_label.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 55564, "scanner": "repobility-threat-engine", "fingerprint": "e0b4cdb6d4a78a3172562bddf883111c6858981c2a76650d2a43c9d428216712", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(path):\n data = pickle.load(open(path, \"rb\"))\n return data\n\n\ndef save_result", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e0b4cdb6d4a78a3172562bddf883111c6858981c2a76650d2a43c9d428216712"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/table/eval_table.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 55563, "scanner": "repobility-threat-engine", "fingerprint": "e9f30d989524a8cd87ef3427c5b44d08a1cf4bc20fdc8c8fc5e6fe803ff15063", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.isfile(save_file_path):\n os.remove(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e9f30d989524a8cd87ef3427c5b44d08a1cf4bc20fdc8c8fc5e6fe803ff15063"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "configs/rec/multi_language/generate_multi_language_configs.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 55546, "scanner": "repobility-threat-engine", "fingerprint": "f91df3bea6ec2a88bc5ef9c349bf289a0d5607318609d4d58d0833b9750026ca", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Match GT #\"\n + str(gtNum)\n + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f91df3bea6ec2a88bc5ef9c349bf289a0d5607318609d4d58d0833b9750026ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/metrics/eval_det_iou.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 55545, "scanner": "repobility-threat-engine", "fingerprint": "82b42aca5b19b3a13aefb64406b4098f08940e4ee283822fb8c91746dfe4c0df", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"[stat] Inference Time: \" + inferenceTime + \" ;Box Size \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|82b42aca5b19b3a13aefb64406b4098f08940e4ee283822fb8c91746dfe4c0df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/android_demo/app/src/main/java/com/baidu/paddle/lite/demo/ocr/Predictor.java"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 55544, "scanner": "repobility-threat-engine", "fingerprint": "44ea515cc5400402d22908e708b0ba8cd2bb458532661cc5b60a7954a934faa4", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Match GT #\"\n + str(gtNum)\n + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|44ea515cc5400402d22908e708b0ba8cd2bb458532661cc5b60a7954a934faa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/utils/ocr_metric/icdar2015/detection/iou.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_init_pre_processes` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, for=1, if=3, nested_bonus=5."}, "properties": {"repobilityId": 55509, "scanner": "repobility-threat-engine", "fingerprint": "01d7010dd038b93a5d57ccfce74d5f85daba042f698af14fa30a4e514f3934bf", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_init_pre_processes", "breakdown": {"if": 3, "for": 1, "else": 2, "nested_bonus": 5}, "complexity": 11, "correlation_key": "fp|01d7010dd038b93a5d57ccfce74d5f85daba042f698af14fa30a4e514f3934bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/base/base_dataset.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `__getitem__` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, for=1, if=4, nested_bonus=3, recursion=1, ternary=1."}, "properties": {"repobilityId": 55508, "scanner": "repobility-threat-engine", "fingerprint": "4ceea358bdf580a7ca2fac88c31a99954df41ddfcf510a3c0fb878c0d330fe53", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__getitem__", "breakdown": {"if": 4, "for": 1, "else": 1, "except": 1, "ternary": 1, "recursion": 1, "nested_bonus": 3}, "complexity": 12, "correlation_key": "fp|4ceea358bdf580a7ca2fac88c31a99954df41ddfcf510a3c0fb878c0d330fe53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/base/base_dataset.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 55490, "scanner": "repobility-threat-engine", "fingerprint": "510833fc437560c5388a25bacef7c576d4434953107877f9fed6b9a70001854b", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = w.WriteField(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|510833fc437560c5388a25bacef7c576d4434953107877f9fed6b9a70001854b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/transport.go"}, "region": {"startLine": 112}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 55489, "scanner": "repobility-threat-engine", "fingerprint": "af5c8002a6527a6da5c5f262aae3014c829b0e9091a23fd4fde600107bdc6352", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = os.Remove(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|af5c8002a6527a6da5c5f262aae3014c829b0e9091a23fd4fde600107bdc6352"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/resource.go"}, "region": {"startLine": 97}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55704, "scanner": "repobility-docker", "fingerprint": "1972fc78642d9c1eefceace9b14434be7de1baa3d69936440e52900098d0df17", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1972fc78642d9c1eefceace9b14434be7de1baa3d69936440e52900098d0df17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55701, "scanner": "repobility-docker", "fingerprint": "660a1d8171a27e5fbf63242d83cf7ce215e405c1b8cf47d384477d2dd3f6a073", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|660a1d8171a27e5fbf63242d83cf7ce215e405c1b8cf47d384477d2dd3f6a073"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55699, "scanner": "repobility-docker", "fingerprint": "45ba0600653bd67eb1321e51fcc224a8bdee8af5d6717606ea360cd3413ab802", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|45ba0600653bd67eb1321e51fcc224a8bdee8af5d6717606ea360cd3413ab802"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55696, "scanner": "repobility-docker", "fingerprint": "d48cdb93bf8f520dcdd86a40bc53cb74b98ecf2b5023462bc4e7aac2bb60c238", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d48cdb93bf8f520dcdd86a40bc53cb74b98ecf2b5023462bc4e7aac2bb60c238"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55693, "scanner": "repobility-docker", "fingerprint": "5a2808f23f2089a97cf7a14930581b668efb0aff109127eed5589b7348879862", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|5a2808f23f2089a97cf7a14930581b668efb0aff109127eed5589b7348879862"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55689, "scanner": "repobility-docker", "fingerprint": "cb005d7a57db7791629d189f57871f6b17729e9dbed0a27ac7074274a22cee6f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|cb005d7a57db7791629d189f57871f6b17729e9dbed0a27ac7074274a22cee6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55686, "scanner": "repobility-docker", "fingerprint": "08c2f1eecfb9490f9aec23b6b3f6837a1fb76666c9860e309fa19be2123d343d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|08c2f1eecfb9490f9aec23b6b3f6837a1fb76666c9860e309fa19be2123d343d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55682, "scanner": "repobility-docker", "fingerprint": "920fe5d0f738e96af9da1b64f0e818dc5675de2ec4d5d009df26960544a6382a", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|920fe5d0f738e96af9da1b64f0e818dc5675de2ec4d5d009df26960544a6382a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55680, "scanner": "repobility-docker", "fingerprint": "acdd4e393c9fd7d18534ef514ca32cdf3175561656f60db51c3a00bb161e58c1", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|acdd4e393c9fd7d18534ef514ca32cdf3175561656f60db51c3a00bb161e58c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/intel-gpu/compose.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55677, "scanner": "repobility-docker", "fingerprint": "f1cbbca8e73970c1e37fb0bd15be5a5195683782943967a12ba5734979f0357a", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|f1cbbca8e73970c1e37fb0bd15be5a5195683782943967a12ba5734979f0357a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/intel-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55672, "scanner": "repobility-docker", "fingerprint": "42cce5196c962e263b6f1daa4819adb7d06479b4ad8f29078d8e2a433f91210b", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|42cce5196c962e263b6f1daa4819adb7d06479b4ad8f29078d8e2a433f91210b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55666, "scanner": "repobility-docker", "fingerprint": "fdc36dacaea6914545bb44abb015f7436c4e37d54d83607c2f319ebca45229d6", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|fdc36dacaea6914545bb44abb015f7436c4e37d54d83607c2f319ebca45229d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55662, "scanner": "repobility-docker", "fingerprint": "1973c9c9d8021dd0a3535d0eb4b4ac35045d75bd8eda24d6ada94ea1e982cef1", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1973c9c9d8021dd0a3535d0eb4b4ac35045d75bd8eda24d6ada94ea1e982cef1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55657, "scanner": "repobility-docker", "fingerprint": "67f6c911c117e4da1eb4b9b551d14ff59a2821f744e0a4b50af031879a583a76", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|67f6c911c117e4da1eb4b9b551d14ff59a2821f744e0a4b50af031879a583a76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55654, "scanner": "repobility-docker", "fingerprint": "4bcb6ed2ef52dc9336ebcda3b8905488fff4ebd4a95efb4e3c45544be5bfc33e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|4bcb6ed2ef52dc9336ebcda3b8905488fff4ebd4a95efb4e3c45544be5bfc33e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55650, "scanner": "repobility-docker", "fingerprint": "8abd30cd34ff0f62beeb66e9dc6cd45ba4bbf6044857778dbd324e1bf7998f05", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|8abd30cd34ff0f62beeb66e9dc6cd45ba4bbf6044857778dbd324e1bf7998f05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vlm-server` image is selected through a build variable"}, "properties": {"repobilityId": 55647, "scanner": "repobility-docker", "fingerprint": "4606d87fd1bbed15986d26ffb69bae6480add2834b44560c7d56f129928361c9", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-genai-${VLM_BACKEND}-server:${VLM_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|4606d87fd1bbed15986d26ffb69bae6480add2834b44560c7d56f129928361c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `paddleocr-vl-api` image is selected through a build variable"}, "properties": {"repobilityId": 55643, "scanner": "repobility-docker", "fingerprint": "b5655319f15c8d2d9de0ca2a514e5b25a6d29d728cf2a5a805bab1ffa640b93d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddleocr-vl:${API_IMAGE_TAG_SUFFIX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|b5655319f15c8d2d9de0ca2a514e5b25a6d29d728cf2a5a805bab1ffa640b93d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED079", "level": "none", "message": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "properties": {"repobilityId": 55609, "scanner": "repobility-threat-engine", "fingerprint": "38d24e28b8dad06bb987e8f0119a7a6a13c06cc301a7b45daf69a1e7bbafc7d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "off-by-one-slice", "owasp": null, "cwe_ids": ["CWE-193"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348121+00:00", "triaged_in_corpus": 12, "observations_count": 6443, "ai_coder_pattern_id": 19}, "scanner": "repobility-threat-engine", "correlation_key": "fp|38d24e28b8dad06bb987e8f0119a7a6a13c06cc301a7b45daf69a1e7bbafc7d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/supplementary/optimizer.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 55606, "scanner": "repobility-threat-engine", "fingerprint": "8fce77e8cf25aecda20af19f6ab2d674c52733bd07924f4e8e6fa78acf172f26", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8fce77e8cf25aecda20af19f6ab2d674c52733bd07924f4e8e6fa78acf172f26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/supplementary/utils.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 55605, "scanner": "repobility-threat-engine", "fingerprint": "331e94e656bb3adee19133834832ae0d4ff6e7db68be3bc06b64ccaadd05023d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|331e94e656bb3adee19133834832ae0d4ff6e7db68be3bc06b64ccaadd05023d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/table/eval_table.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED030", "level": "none", "message": {"text": "[MINED030] Python Pickle Loads (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 55600, "scanner": "repobility-threat-engine", "fingerprint": "3627c9474e456b71bc9c594cebfdc5d8821b20f8bbec2520ec5f5fe86a0c7fc0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3627c9474e456b71bc9c594cebfdc5d8821b20f8bbec2520ec5f5fe86a0c7fc0", "aggregated_count": 2}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 55596, "scanner": "repobility-threat-engine", "fingerprint": "a98932549a04eeb718529895d1869454506e19fc7a04810044649777392b1070", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a98932549a04eeb718529895d1869454506e19fc7a04810044649777392b1070", "aggregated_count": 1}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 55595, "scanner": "repobility-threat-engine", "fingerprint": "27dd90d3bc4c9c5c506f266095ab5661e1d398f4cf0ed449bcadc82818453bd7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|27dd90d3bc4c9c5c506f266095ab5661e1d398f4cf0ed449bcadc82818453bd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_cli.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 55594, "scanner": "repobility-threat-engine", "fingerprint": "8c76f4e9bef74f49d95780c3b9f702e051df74d5246b1e08cb662a593359647a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c76f4e9bef74f49d95780c3b9f702e051df74d5246b1e08cb662a593359647a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_api_client/_resources.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 55593, "scanner": "repobility-threat-engine", "fingerprint": "d8d9b09c55cf16cd6169b44ea0210b2626c776f6f88adc38e5c94d07928ee00d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d8d9b09c55cf16cd6169b44ea0210b2626c776f6f88adc38e5c94d07928ee00d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_api_client/_http.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 55592, "scanner": "repobility-threat-engine", "fingerprint": "5728b7b83f3bb28a360be3eb40b6cca9adbedafd7cf3ebff8bde153047c91ba9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5728b7b83f3bb28a360be3eb40b6cca9adbedafd7cf3ebff8bde153047c91ba9"}}}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 55591, "scanner": "repobility-threat-engine", "fingerprint": "7f7d5b31d57c869b27c630ed0351e190a504e235fc326506f1afdad27bb6fec1", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|7f7d5b31d57c869b27c630ed0351e190a504e235fc326506f1afdad27bb6fec1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_api_client/_resources.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 55590, "scanner": "repobility-threat-engine", "fingerprint": "f5fb27dfc3dec332ba4ba30bf8840e42a9af3c5450f6f68b79bf782a5c3b83a4", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|f5fb27dfc3dec332ba4ba30bf8840e42a9af3c5450f6f68b79bf782a5c3b83a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_api_client/_http.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 55587, "scanner": "repobility-threat-engine", "fingerprint": "14d923491d95ba4961394dbf15454ed70d5c815f0d7469cf32e4eabcdc77155e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|14d923491d95ba4961394dbf15454ed70d5c815f0d7469cf32e4eabcdc77155e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_doc2md/base.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 55586, "scanner": "repobility-threat-engine", "fingerprint": "7dfae13efa963cab4569d2e2406bfe1e732a9e66e5cb3645c5359a6926c1088e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7dfae13efa963cab4569d2e2406bfe1e732a9e66e5cb3645c5359a6926c1088e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/inference/types.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 55585, "scanner": "repobility-threat-engine", "fingerprint": "85f750a0ee112c0fc0585d37937b5ccbf66ab5f3f192b1e8de167c5d45808ecf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85f750a0ee112c0fc0585d37937b5ccbf66ab5f3f192b1e8de167c5d45808ecf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/__main__.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 55584, "scanner": "repobility-threat-engine", "fingerprint": "ba3aec80ae97f0e846a17a3b1f410d29be1be492b2dd40e64bbc8f7ccfa25fb9", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(sysconfig.get_path('include')", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|test_tipc/build_server.sh|3|print sysconfig.get_path include"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/build_server.sh"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 55583, "scanner": "repobility-threat-engine", "fingerprint": "f02fd6e7b94b98e52b3aaecaa819326b7fb5ad79e7f4b7c26d7ddcd2fc5e97d8", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"Error: The AI Studio access token is required.\", file=sys.stderr)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|13|print error: the ai studio access token is required. file sys.stderr"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/__main__.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 55582, "scanner": "repobility-threat-engine", "fingerprint": "60d7a967589ada85a8f90bdffdc921455ffd03cd63344433da4c765149b88c10", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|60d7a967589ada85a8f90bdffdc921455ffd03cd63344433da4c765149b88c10", "aggregated_count": 5}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 55581, "scanner": "repobility-threat-engine", "fingerprint": "501c378daa006e36ade11f2eec5f1b1bd13ee5f68ecf72adca9e1a0f878553e9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|501c378daa006e36ade11f2eec5f1b1bd13ee5f68ecf72adca9e1a0f878553e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/ocr_cls/params.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 55580, "scanner": "repobility-threat-engine", "fingerprint": "a604397a059f52679c4ee729e189035a57568628df6cd150bcb95077216276e8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a604397a059f52679c4ee729e189035a57568628df6cd150bcb95077216276e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/kie_ser_re/params.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 55579, "scanner": "repobility-threat-engine", "fingerprint": "701550a64f9c33546c151a4a11b9d27dd26335986537dd3410cbfdf6d1e91e12", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|701550a64f9c33546c151a4a11b9d27dd26335986537dd3410cbfdf6d1e91e12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hubserving/kie_ser/params.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 55578, "scanner": "repobility-threat-engine", "fingerprint": "bcb8a7f5b0e525c1639758b690188f712760eb4e101fe86c56c430c276539849", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bcb8a7f5b0e525c1639758b690188f712760eb4e101fe86c56c430c276539849"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/cpp_infer/src/utils/ilogger.h"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 55577, "scanner": "repobility-threat-engine", "fingerprint": "43610adffe65c5296f5cbfa1e13f3f9e4f5de6f21ec8f5008b63b06d50202b99", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|43610adffe65c5296f5cbfa1e13f3f9e4f5de6f21ec8f5008b63b06d50202b99", "aggregated_count": 14}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 55576, "scanner": "repobility-threat-engine", "fingerprint": "cb365843e5928405eeff6c36a2d900e0b6494c4c7f83bd01c26d5d22708b0b11", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb365843e5928405eeff6c36a2d900e0b6494c4c7f83bd01c26d5d22708b0b11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/cpp_infer/src/api/models/text_image_unwarping.cc"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 55575, "scanner": "repobility-threat-engine", "fingerprint": "b87ba38ee72f5658572a9f36d80f5facee70dc0e8d42d87e6067c4f5d108f5d6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b87ba38ee72f5658572a9f36d80f5facee70dc0e8d42d87e6067c4f5d108f5d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/cpp_infer/src/api/models/text_detection.cc"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 55574, "scanner": "repobility-threat-engine", "fingerprint": "7ac6879caad405f54bf67b4807954d2f04927f8c6f02c37150a53254129e83ea", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7ac6879caad405f54bf67b4807954d2f04927f8c6f02c37150a53254129e83ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/cpp_infer/src/api/models/doc_img_orientation_classification.cc"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 55573, "scanner": "repobility-threat-engine", "fingerprint": "11a2fb1604f3f0f8cb9daf66246f989a08efde08dfdb66525f8795fd029460c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|11a2fb1604f3f0f8cb9daf66246f989a08efde08dfdb66525f8795fd029460c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/prepare_lite_cpp.sh"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 55572, "scanner": "repobility-threat-engine", "fingerprint": "e4b1f6ec6aa16f80636e31651f0bb76bc2ca5f59a4920aa7aa08361ac1ead9ac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e4b1f6ec6aa16f80636e31651f0bb76bc2ca5f59a4920aa7aa08361ac1ead9ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/avh/configure_avh.sh"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 55571, "scanner": "repobility-threat-engine", "fingerprint": "cd0c8e85bd308a46f755f44bc6ab20955e3c28a1f9d626cb3a3bf09c3b5d92c7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cd0c8e85bd308a46f755f44bc6ab20955e3c28a1f9d626cb3a3bf09c3b5d92c7", "aggregated_count": 5}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 55570, "scanner": "repobility-threat-engine", "fingerprint": "c19154e3a4edccacfa9bc22b229c60e97e9df0dd389b83693bad8c49122b2508", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c19154e3a4edccacfa9bc22b229c60e97e9df0dd389b83693bad8c49122b2508"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/inference/paddleocr_vl/aistudio.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 55569, "scanner": "repobility-threat-engine", "fingerprint": "b72c52ac360964b9b4dd493dedcae8db8d69976d4d42a8fdc6ee567655946985", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b72c52ac360964b9b4dd493dedcae8db8d69976d4d42a8fdc6ee567655946985"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_server/paddleocr_mcp/inference/ocr/aistudio.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 55568, "scanner": "repobility-threat-engine", "fingerprint": "0df3cbc068374a2234994f66fdb5cd224952fccb2607f2d1ef83c48854de3c4a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0df3cbc068374a2234994f66fdb5cd224952fccb2607f2d1ef83c48854de3c4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/avh/configure_avh.sh"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "properties": {"repobilityId": 55567, "scanner": "repobility-threat-engine", "fingerprint": "33fa2ed011453495060efbd048e4b53b61313fa559d60eea560535548500ddf9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "correlation_key": "fp|33fa2ed011453495060efbd048e4b53b61313fa559d60eea560535548500ddf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/android_demo/app/src/main/java/com/baidu/paddle/lite/demo/ocr/Utils.java"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC124", "level": "none", "message": {"text": "[SEC124] TOCTOU file access (os.access then open) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 55566, "scanner": "repobility-threat-engine", "fingerprint": "9843309aef86983a2adb3ef0d0e92bd6df3f585e717204c8b6ad2d08fe551cf3", "category": "race_condition", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9843309aef86983a2adb3ef0d0e92bd6df3f585e717204c8b6ad2d08fe551cf3"}}}, {"ruleId": "SEC079", "level": "none", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 55562, "scanner": "repobility-threat-engine", "fingerprint": "7f231a47641b0d3ee53ab57c9de2378e2e603c510cc8de6db2875245d61292cf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7f231a47641b0d3ee53ab57c9de2378e2e603c510cc8de6db2875245d61292cf"}}}, {"ruleId": "MINED018", "level": "none", "message": {"text": "[MINED018] Unsafe Deserialization Pickle (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 55558, "scanner": "repobility-threat-engine", "fingerprint": "82c68ae0651087d065734edd98447ffaaa4b2082877ff524102395a395fbf806", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|82c68ae0651087d065734edd98447ffaaa4b2082877ff524102395a395fbf806", "aggregated_count": 2}}}, {"ruleId": "SEC116", "level": "none", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 55554, "scanner": "repobility-threat-engine", "fingerprint": "b6e65f54706655fa02d6ca7160eccf3bfc3cd9417aec04a602738d7c9aa2e531", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6e65f54706655fa02d6ca7160eccf3bfc3cd9417aec04a602738d7c9aa2e531"}}}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 55550, "scanner": "repobility-threat-engine", "fingerprint": "7c597eb50b3cfac268679ac508f3f14e93370a8bf3d9e2eb5e2031b1bcbf77e5", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7c597eb50b3cfac268679ac508f3f14e93370a8bf3d9e2eb5e2031b1bcbf77e5"}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 55540, "scanner": "repobility-threat-engine", "fingerprint": "3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "aggregated_count": 1}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 55536, "scanner": "repobility-threat-engine", "fingerprint": "d80cac35306c610ab4813c23b83ad37e67f2273a1ec392577ad53a603328762d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d80cac35306c610ab4813c23b83ad37e67f2273a1ec392577ad53a603328762d", "aggregated_count": 4}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 55535, "scanner": "repobility-threat-engine", "fingerprint": "3c48f5eba70e96a369724a101d87972caf7f0d4aee3707bafa9f0b2e1a0910a5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c48f5eba70e96a369724a101d87972caf7f0d4aee3707bafa9f0b2e1a0910a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/text_focus_loss.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 55534, "scanner": "repobility-threat-engine", "fingerprint": "33c0c9d824206790fd2b124c5af30075d390bc998dd6441e22af16b0e93bcc2b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|33c0c9d824206790fd2b124c5af30075d390bc998dd6441e22af16b0e93bcc2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/stroke_focus_loss.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 55533, "scanner": "repobility-threat-engine", "fingerprint": "34136bc6763611a29036b1eb3a146453d1a91101d1a72133b3e6e5756c7886c5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|34136bc6763611a29036b1eb3a146453d1a91101d1a72133b3e6e5756c7886c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/utils/make_trainfile.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC114", "level": "none", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 55529, "scanner": "repobility-threat-engine", "fingerprint": "bd1eb12b4f188f0592c73e146c78e4025b691273a56b6147697cf87ed06defc3", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bd1eb12b4f188f0592c73e146c78e4025b691273a56b6147697cf87ed06defc3"}}}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 55525, "scanner": "repobility-threat-engine", "fingerprint": "cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "properties": {"repobilityId": 55519, "scanner": "repobility-threat-engine", "fingerprint": "627907eaffea66f024e4219e19a79ac27a6dc4100784b2eb06fc4901d3f3cc8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 38 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 38 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|627907eaffea66f024e4219e19a79ac27a6dc4100784b2eb06fc4901d3f3cc8c"}}}, {"ruleId": "SEC127", "level": "none", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 55515, "scanner": "repobility-threat-engine", "fingerprint": "50ab5d9a49ab1058072f887256b61b7d43550d23e26f29fa5026526fc20c2fde", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|50ab5d9a49ab1058072f887256b61b7d43550d23e26f29fa5026526fc20c2fde"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 211 more): Same pattern found in 211 additional files. Review if needed."}, "properties": {"repobilityId": 55511, "scanner": "repobility-threat-engine", "fingerprint": "aa3f721d3a2f91f55869ceabe5a318ef8343c76f4416b2f75d834c81bace7aa5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 211 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "__getitem__", "breakdown": {"if": 4, "for": 1, "else": 1, "except": 1, "ternary": 1, "recursion": 1, "nested_bonus": 3}, "aggregated": true, "complexity": 12, "correlation_key": "fp|aa3f721d3a2f91f55869ceabe5a318ef8343c76f4416b2f75d834c81bace7aa5", "aggregated_count": 211}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 46 more): Same pattern found in 46 additional files. Review if needed."}, "properties": {"repobilityId": 55507, "scanner": "repobility-threat-engine", "fingerprint": "faca6f7b9326e9dbbe46c40574ec2f556e023264a8e5c27bbba9167785d2ce03", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 46 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|faca6f7b9326e9dbbe46c40574ec2f556e023264a8e5c27bbba9167785d2ce03", "aggregated_count": 46}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 55506, "scanner": "repobility-threat-engine", "fingerprint": "fca90c59c60f99c84c6a87582d9b5aaa6ad935b9797175a8428f4b3f2412f3af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fca90c59c60f99c84c6a87582d9b5aaa6ad935b9797175a8428f4b3f2412f3af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/data_loader/__init__.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 55505, "scanner": "repobility-threat-engine", "fingerprint": "47c0f6d135af791d0abd48ba948e0947bc1847ebfadfd88cb071e187d2a2b262", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47c0f6d135af791d0abd48ba948e0947bc1847ebfadfd88cb071e187d2a2b262"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/base/base_trainer.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 55504, "scanner": "repobility-threat-engine", "fingerprint": "201b6987cbee3cbfa989da78c65f9a1d1640fc1e6c98d7e2a8566e8ce6b1a8fd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|201b6987cbee3cbfa989da78c65f9a1d1640fc1e6c98d7e2a8566e8ce6b1a8fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/base/base_dataset.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 40 more): Same pattern found in 40 additional files. Review if needed."}, "properties": {"repobilityId": 55503, "scanner": "repobility-threat-engine", "fingerprint": "ef47e704f23e65c9d318e124d575cc2012ca3303ba35b49a50e1e1296ce5e578", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ef47e704f23e65c9d318e124d575cc2012ca3303ba35b49a50e1e1296ce5e578"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 55497, "scanner": "repobility-threat-engine", "fingerprint": "c3f214bf27a66b763cb53e30fffff8955daa4abc1a78cda858676bcec33e58d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3f214bf27a66b763cb53e30fffff8955daa4abc1a78cda858676bcec33e58d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/packages/core/src/resources/model-asset.ts"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 55496, "scanner": "repobility-threat-engine", "fingerprint": "37e3514dcb9fe1f8de3cecceb071bad5beed230bc30698eab9e3d2df64ce15ec", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37e3514dcb9fe1f8de3cecceb071bad5beed230bc30698eab9e3d2df64ce15ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/typescript/src/internal/poller.ts"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 55495, "scanner": "repobility-threat-engine", "fingerprint": "270bf2853bfd9d6e1461f0b40c73c7b63d6a9a3154590fec28a57263fa964d16", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|270bf2853bfd9d6e1461f0b40c73c7b63d6a9a3154590fec28a57263fa964d16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/typescript/src/internal/http.ts"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 55494, "scanner": "repobility-threat-engine", "fingerprint": "8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "aggregated_count": 1}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 55493, "scanner": "repobility-threat-engine", "fingerprint": "5c4731e3afc3d879febe50b258e3cb276963dbb031fc79035bf4acecf87286ea", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c4731e3afc3d879febe50b258e3cb276963dbb031fc79035bf4acecf87286ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/apps/demo/src/main.ts"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 55492, "scanner": "repobility-threat-engine", "fingerprint": "dfeefa6e4cbfb47f9ab7593119d0914901865688563b0633891bbbd11d052cb4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dfeefa6e4cbfb47f9ab7593119d0914901865688563b0633891bbbd11d052cb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/typescript/examples/ocr-url.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 55491, "scanner": "repobility-threat-engine", "fingerprint": "a030dd267613de8d3fdd7e9856a4189db2b1a00e2bcbf574c32fb0a67bf0b3ae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a030dd267613de8d3fdd7e9856a4189db2b1a00e2bcbf574c32fb0a67bf0b3ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/typescript/examples/doc-parsing-file.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 55488, "scanner": "repobility-threat-engine", "fingerprint": "87a374dc589dd420ec377c72db2b292cf3fbbfe6642b8efe3d05d9fe2427b14e", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|87a374dc589dd420ec377c72db2b292cf3fbbfe6642b8efe3d05d9fe2427b14e"}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 55484, "scanner": "repobility-threat-engine", "fingerprint": "8047ae5831d09d7ce2b630a63d20c7ac21c4dbfcc1d1db1dfeca00999ae5217a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8047ae5831d09d7ce2b630a63d20c7ac21c4dbfcc1d1db1dfeca00999ae5217a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/examples/ocr_url/main.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 55483, "scanner": "repobility-threat-engine", "fingerprint": "aaff745ba4492acaff71a5983de62ee55d2f8f2e106a8a6ee412f32e70459d9a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aaff745ba4492acaff71a5983de62ee55d2f8f2e106a8a6ee412f32e70459d9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/examples/doc_parsing_file/main.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC134", "level": "none", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 55482, "scanner": "repobility-threat-engine", "fingerprint": "2fc2352ee79a239983bde3b99e3e602f191c3f964939343206bb75ac755d22c0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2fc2352ee79a239983bde3b99e3e602f191c3f964939343206bb75ac755d22c0"}}}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `deploy/android_demo/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `deploy/android_demo/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (54,329 bytes) committed to a repo that otherwise has 801 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 55891, "scanner": "repobility-supply-chain", "fingerprint": "1182d22ed216e1ae2a55c683822e9f7e52771e1d4f2e7a7716d3781e0cd40388", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1182d22ed216e1ae2a55c683822e9f7e52771e1d4f2e7a7716d3781e0cd40388"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/android_demo/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55890, "scanner": "repobility-supply-chain", "fingerprint": "3e817fb5ce92c90bc84c92e63d493ab1a44b6f115f89374328da1c1f7d54e29a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e817fb5ce92c90bc84c92e63d493ab1a44b6f115f89374328da1c1f7d54e29a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs_anchor_check.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55889, "scanner": "repobility-supply-chain", "fingerprint": "698a616fc67a7e99ccee500822828d14b9dba88db616f70b3d1c56ec88fbe5ee", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|698a616fc67a7e99ccee500822828d14b9dba88db616f70b3d1c56ec88fbe5ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs_anchor_check.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55888, "scanner": "repobility-supply-chain", "fingerprint": "80bab3f4c39de830a7ef67cb587998807ba4c19194ba46be0639a24b13116044", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|80bab3f4c39de830a7ef67cb587998807ba4c19194ba46be0639a24b13116044"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs_anchor_check.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/stale` pinned to mutable ref `@v10`: `uses: actions/stale@v10` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55887, "scanner": "repobility-supply-chain", "fingerprint": "16213c68aee4008f56b3c8ed3ee5c63fc58b21ce272e37399198d9644acea67a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|16213c68aee4008f56b3c8ed3ee5c63fc58b21ce272e37399198d9644acea67a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/close_inactive_issues.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55886, "scanner": "repobility-supply-chain", "fingerprint": "089b5ea2378fae0fdd58c812fed35f603f6c31765ee10ae394768b447471e71d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|089b5ea2378fae0fdd58c812fed35f603f6c31765ee10ae394768b447471e71d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55885, "scanner": "repobility-supply-chain", "fingerprint": "daac4df7526723498eb822ec795a0c43544ab5ec402b94b95af0af202b377041", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|daac4df7526723498eb822ec795a0c43544ab5ec402b94b95af0af202b377041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55884, "scanner": "repobility-supply-chain", "fingerprint": "d1573debd9ccf8f772b880a8ae5cf0d3d16b6b8723300545f21393bb775f8dde", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1573debd9ccf8f772b880a8ae5cf0d3d16b6b8723300545f21393bb775f8dde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55883, "scanner": "repobility-supply-chain", "fingerprint": "72e74aa92d3fa4d6b60118d3918a1e80af1aa53934dd6fc6dfa0e9f57f3052b6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|72e74aa92d3fa4d6b60118d3918a1e80af1aa53934dd6fc6dfa0e9f57f3052b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55882, "scanner": "repobility-supply-chain", "fingerprint": "e58fda91dacd62d1c651319943fce7ee01f255ff155ff5a227253b919f5acad8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e58fda91dacd62d1c651319943fce7ee01f255ff155ff5a227253b919f5acad8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_publish_release_docs.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55881, "scanner": "repobility-supply-chain", "fingerprint": "08b0a8bfe8481508b72d720126af1ea35370ca1f555edd4cc1048a91e515cdc2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|08b0a8bfe8481508b72d720126af1ea35370ca1f555edd4cc1048a91e515cdc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_publish_release_docs.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55880, "scanner": "repobility-supply-chain", "fingerprint": "3871ce47be7b81de94a406d3ef884fa44bef0e6ad78f7af16d1cdcf5ecd24852", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3871ce47be7b81de94a406d3ef884fa44bef0e6ad78f7af16d1cdcf5ecd24852"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_publish_release_docs.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55879, "scanner": "repobility-supply-chain", "fingerprint": "69259ed8021e8483ee65ca1b7f617e919ab65c18d82f71c92d4398d25b7bf230", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69259ed8021e8483ee65ca1b7f617e919ab65c18d82f71c92d4398d25b7bf230"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/link_check.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55878, "scanner": "repobility-supply-chain", "fingerprint": "dda300017619abbeaf2072aa67cce78d20035180f625f4d16900e882fe068329", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dda300017619abbeaf2072aa67cce78d20035180f625f4d16900e882fe068329"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/link_check.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55877, "scanner": "repobility-supply-chain", "fingerprint": "92abb4c1b1e4c0e7950b40bd59f84fd95e96e0e07b530ff0efca5d16457d03b4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92abb4c1b1e4c0e7950b40bd59f84fd95e96e0e07b530ff0efca5d16457d03b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codestyle.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55876, "scanner": "repobility-supply-chain", "fingerprint": "d464656d6676a34a567a6467c0643850e13e26882ed0d1910d5c30370c47ebcd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d464656d6676a34a567a6467c0643850e13e26882ed0d1910d5c30370c47ebcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codestyle.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55875, "scanner": "repobility-supply-chain", "fingerprint": "9739d9d55bf5bc328275de79a1d5b2f01be97b55d0e2fb9a897c164f125f4e01", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9739d9d55bf5bc328275de79a1d5b2f01be97b55d0e2fb9a897c164f125f4e01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codestyle.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55874, "scanner": "repobility-supply-chain", "fingerprint": "3700ebfe842205aa2e434c5df0310f825118b0779c0d4eabce913df76bc3f8a7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3700ebfe842205aa2e434c5df0310f825118b0779c0d4eabce913df76bc3f8a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_publish_develop_docs.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55873, "scanner": "repobility-supply-chain", "fingerprint": "411866b7de47e88599dc847ea9292184a857103b5e2369c24d72344e23b12209", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|411866b7de47e88599dc847ea9292184a857103b5e2369c24d72344e23b12209"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_publish_develop_docs.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55872, "scanner": "repobility-supply-chain", "fingerprint": "2bbdd749c8818daaf0ea3d2367ee0076439ccd41cc72923c5c2e0ac9f54e4d3e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2bbdd749c8818daaf0ea3d2367ee0076439ccd41cc72923c5c2e0ac9f54e4d3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_publish_develop_docs.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55871, "scanner": "repobility-supply-chain", "fingerprint": "7977055f3a507fa16fe65cfc440d0fb4181d09571268ff25b35105f290212a5e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7977055f3a507fa16fe65cfc440d0fb4181d09571268ff25b35105f290212a5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_gpu.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55870, "scanner": "repobility-supply-chain", "fingerprint": "bdfeb8e3562a554e22d913f71bc65d12c6ab63a6b825587e44259c4c7fd313bb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bdfeb8e3562a554e22d913f71bc65d12c6ab63a6b825587e44259c4c7fd313bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/python_publish.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 55869, "scanner": "repobility-supply-chain", "fingerprint": "31d6bd9da81c0cc71eece66b36fca7bf09899fa552808574f432ba63cbf47692", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31d6bd9da81c0cc71eece66b36fca7bf09899fa552808574f432ba63cbf47692"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/python_publish.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `registry.baidubce.com/paddlepaddle/paddle:2.0.0-gpu-cuda10.1-cudnn7` not pinned by digest: `FROM registry.baidubce.com/paddlepaddle/paddle:2.0.0-gpu-cuda10.1-cudnn7` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55866, "scanner": "repobility-supply-chain", "fingerprint": "36b5448402fc5da1b77e770dbc75fb02a701714516abd922266257e7a7dae6f1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|36b5448402fc5da1b77e770dbc75fb02a701714516abd922266257e7a7dae6f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/hubserving/gpu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `registry.baidubce.com/paddlepaddle/paddle:2.0.0` not pinned by digest: `FROM registry.baidubce.com/paddlepaddle/paddle:2.0.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55865, "scanner": "repobility-supply-chain", "fingerprint": "1f4f5b6a7e30428548ec8c2b516cd99d65b8167af88131c53f2846b8f40c4c1e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f4f5b6a7e30428548ec8c2b516cd99d65b8167af88131c53f2846b8f40c4c1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/hubserving/cpu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `vivienfanghua/vllm_paddle:base` not pinned by digest: `FROM vivienfanghua/vllm_paddle:base` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55864, "scanner": "repobility-supply-chain", "fingerprint": "959c06e8673552b9fc11791b38bf6d9c152f4e2907675ee91fb044125f82ac9a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|959c06e8673552b9fc11791b38bf6d9c152f4e2907675ee91fb044125f82ac9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/pipeline.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `rocm/vllm-dev:nightly_main_20260125` not pinned by digest: `FROM rocm/vllm-dev:nightly_main_20260125` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55863, "scanner": "repobility-supply-chain", "fingerprint": "35b8674e4fe8bb94a39c04c9ec70adeba23bc53e0a00e98f080ff968171a82ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35b8674e4fe8bb94a39c04c9ec70adeba23bc53e0a00e98f080ff968171a82ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/vlm.Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.10` not pinned by digest: `FROM python:3.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55862, "scanner": "repobility-supply-chain", "fingerprint": "e82d145e15fbf1a2b7fb647a8f7d3fbef394766701f3f72e7e18d49fa807e4a2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e82d145e15fbf1a2b7fb647a8f7d3fbef394766701f3f72e7e18d49fa807e4a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/pipeline.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-genai-vllm-server:latest-sm120` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-genai-vllm-server:latest-sm120` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55861, "scanner": "repobility-supply-chain", "fingerprint": "b97e3af9fe1fd3695a13cb673b2123212e1871cc8d9316fd52c93c123d0a45eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b97e3af9fe1fd3695a13cb673b2123212e1871cc8d9316fd52c93c123d0a45eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/vlm.Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-paddle-metax-gpu:3.3.0` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-paddle-metax-gpu:3.3.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55860, "scanner": "repobility-supply-chain", "fingerprint": "3e5606446d92b6cd551f45cf0ff9191d6fe93e8f392c28ef834643788ad087ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e5606446d92b6cd551f45cf0ff9191d6fe93e8f392c28ef834643788ad087ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/pipeline.Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-fastdeploy-metax-gpu:2.3.0` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-fastdeploy-metax-gpu:2.3.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55859, "scanner": "repobility-supply-chain", "fingerprint": "8909c582ac82bf8dbe17b12a6e1f136354605e3eaa34b463faa1e99e6e1b1524", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8909c582ac82bf8dbe17b12a6e1f136354605e3eaa34b463faa1e99e6e1b1524"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/vlm.Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-npu:cann800-ubuntu20-npu-910b-base-aarch64-gcc84` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-npu:cann800-ubuntu20-npu-910b-base-aarch64-gcc84` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55858, "scanner": "repobility-supply-chain", "fingerprint": "e907c3c8d339bad361e51334cfe56ee0b20819748112d4da31a0ce1c5a691333", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e907c3c8d339bad361e51334cfe56ee0b20819748112d4da31a0ce1c5a691333"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/pipeline.Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-npu:cann800-ubuntu20-npu-910b-base-x86_64-gcc84` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-npu:cann800-ubuntu20-npu-910b-base-x86_64-gcc84` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55857, "scanner": "repobility-supply-chain", "fingerprint": "e31fe65e1f850f1a2c9b1f0794f400dae5a699b86c3f8fda1a4fe02e22ece33c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e31fe65e1f850f1a2c9b1f0794f400dae5a699b86c3f8fda1a4fe02e22ece33c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/pipeline.Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-vllm-huawei-npu:0.12.0rc1` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-vllm-huawei-npu:0.12.0rc1` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55856, "scanner": "repobility-supply-chain", "fingerprint": "92ae0c41a15c347dde616170c4b1d1823096d6cae516e8e2df5bec68c8713c69", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92ae0c41a15c347dde616170c4b1d1823096d6cae516e8e2df5bec68c8713c69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/vlm.Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-ixuca:3.3.0` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-ixuca:3.3.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55855, "scanner": "repobility-supply-chain", "fingerprint": "fe3e66aae54c34d940b4b4c8a94f3ccaaeaec62532a1138ab712ad448d39197d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe3e66aae54c34d940b4b4c8a94f3ccaaeaec62532a1138ab712ad448d39197d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/pipeline.Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-ixuca:paddle-ocr-vl-1107` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-ixuca:paddle-ocr-vl-1107` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55854, "scanner": "repobility-supply-chain", "fingerprint": "3e04cc714002cd17b8a470ebc0eab934cc5cc112904411055714ac4cfd278b2f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e04cc714002cd17b8a470ebc0eab934cc5cc112904411055714ac4cfd278b2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/vlm.Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `intel/llm-scaler-vllm:0.11.1-b7` not pinned by digest: `FROM intel/llm-scaler-vllm:0.11.1-b7` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55853, "scanner": "repobility-supply-chain", "fingerprint": "37251457d24aa2c701cf4537fa044f7bb8a0b01e3c509a66f4eb42ff9f0c4ea2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|37251457d24aa2c701cf4537fa044f7bb8a0b01e3c509a66f4eb42ff9f0c4ea2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/intel-gpu/pipeline.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `intel/llm-scaler-vllm:0.11.1-b7` not pinned by digest: `FROM intel/llm-scaler-vllm:0.11.1-b7` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55852, "scanner": "repobility-supply-chain", "fingerprint": "b4682daa642e6eea502d592bad1e6ca6cc89634ddb0734751579caad4ee2bd2c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b4682daa642e6eea502d592bad1e6ca6cc89634ddb0734751579caad4ee2bd2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/intel-gpu/vlm.Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-xpu:ubuntu20-x86_64-gcc84-py310` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/device/paddle-xpu:ubuntu20-x86_64-gcc84-py310` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55851, "scanner": "repobility-supply-chain", "fingerprint": "40fddad0c2e9f4fa9ba4a66f0302b79f647f6e34cee1ec5adbcc89b4e3b434a0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|40fddad0c2e9f4fa9ba4a66f0302b79f647f6e34cee1ec5adbcc89b4e3b434a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/pipeline.Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/fastdeploy-xpu:2.3.0` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/fastdeploy-xpu:2.3.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55850, "scanner": "repobility-supply-chain", "fingerprint": "2b9a212f9feb640c4ea2c486502d599699c13c4ce17dad1a78a265744fc13a43", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b9a212f9feb640c4ea2c486502d599699c13c4ce17dad1a78a265744fc13a43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/vlm.Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.10` not pinned by digest: `FROM python:3.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55849, "scanner": "repobility-supply-chain", "fingerprint": "a7ccd31fdacbfd6ba338e33e124d1f3a5cc64afda1dc6533f1a5bbe8f5e9f26b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a7ccd31fdacbfd6ba338e33e124d1f3a5cc64afda1dc6533f1a5bbe8f5e9f26b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/pipeline.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/fastdeploy-cuda-12.6:2.3.0` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/fastdeploy-cuda-12.6:2.3.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55848, "scanner": "repobility-supply-chain", "fingerprint": "194e63dec6c457ae8ba46f9ce2461808a53539ec45d79e3604c8a50c91bc04c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|194e63dec6c457ae8ba46f9ce2461808a53539ec45d79e3604c8a50c91bc04c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/vlm.Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-genai-vllm-server:latest` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddlex-genai-vllm-server:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55847, "scanner": "repobility-supply-chain", "fingerprint": "ead04233df47d3cd9f5aa4885d04a0560035fafc3d6f290b0cdffe6d3bec79eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ead04233df47d3cd9f5aa4885d04a0560035fafc3d6f290b0cdffe6d3bec79eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/vlm.Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddle-dcu:dtk24.04.1-kylinv10-gcc82` not pinned by digest: `FROM ccr-2vdh3abv-pub.cnc.bj.baidubce.com/paddlepaddle/paddle-dcu:dtk24.04.1-kylinv10-gcc82` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55846, "scanner": "repobility-supply-chain", "fingerprint": "df4b379782203f2ab73a993a0ebbf9471c978dd8e59dd912dd7a93185c4b32e5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|df4b379782203f2ab73a993a0ebbf9471c978dd8e59dd912dd7a93185c4b32e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/pipeline.Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `image.sourcefind.cn:5000` not pinned by digest: `FROM image.sourcefind.cn:5000` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55845, "scanner": "repobility-supply-chain", "fingerprint": "f45a9450badfc23982e8a45b599b1917d3dadee8b6d5ac8ddacd647ddb77c605", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f45a9450badfc23982e8a45b599b1917d3dadee8b6d5ac8ddacd647ddb77c605"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/vlm.Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.10-slim` not pinned by digest: `FROM python:3.10-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 55844, "scanner": "repobility-supply-chain", "fingerprint": "a86b61c8afd27be847136a77f4587a62bda2e147404932de1900329e04625d5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a86b61c8afd27be847136a77f4587a62bda2e147404932de1900329e04625d5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/gateway.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pycqa/flake8` pinned to mutable rev `7.1.1`: `.pre-commit-config.yaml` references `https://github.com/pycqa/flake8` at `rev: 7.1.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 55820, "scanner": "repobility-supply-chain", "fingerprint": "84bfd788a6049f8003e7065508f8138dffc090b96596c0ce5c6d875cf7c34538", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84bfd788a6049f8003e7065508f8138dffc090b96596c0ce5c6d875cf7c34538"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/psf/black.git` pinned to mutable rev `24.10.0`: `.pre-commit-config.yaml` references `https://github.com/psf/black.git` at `rev: 24.10.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 55819, "scanner": "repobility-supply-chain", "fingerprint": "f327dbfc5341e15e4cae2fa61cb6f9edd0b3999c985b4725fd23b8c67f1b70e7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f327dbfc5341e15e4cae2fa61cb6f9edd0b3999c985b4725fd23b8c67f1b70e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/Lucas-C/pre-commit-hooks` pinned to mutable rev `v1.5.5`: `.pre-commit-config.yaml` references `https://github.com/Lucas-C/pre-commit-hooks` at `rev: v1.5.5`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 55818, "scanner": "repobility-supply-chain", "fingerprint": "fd9e6365dff2bde3ffe76beba18002ce4b5261b4df96c514b6df8c6f7c050933", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd9e6365dff2bde3ffe76beba18002ce4b5261b4df96c514b6df8c6f7c050933"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v5.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v5.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 55817, "scanner": "repobility-supply-chain", "fingerprint": "a0d9a060e961998ecdd80547e76185498ab19023e274fd9689f19fb8de74177a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a0d9a060e961998ecdd80547e76185498ab19023e274fd9689f19fb8de74177a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /restructure-pages has no auth: Handler `_handle_restructure_pages` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 55816, "scanner": "repobility-route-auth", "fingerprint": "ff97fbe4431659db30d6bcca96e862e4070796c84ef792ea4057237c5eaae512", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|ff97fbe4431659db30d6bcca96e862e4070796c84ef792ea4057237c5eaae512"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/gateway/app.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /layout-parsing has no auth: Handler `_handle_infer` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 55815, "scanner": "repobility-route-auth", "fingerprint": "982e8a21e3633131d79cbe2c6fae9943cc8ebdc01f42fff059ddd9d754e7ade7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|982e8a21e3633131d79cbe2c6fae9943cc8ebdc01f42fff059ddd9d754e7ade7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/gateway/app.py"}, "region": {"startLine": 333}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `urllib.request.urlopen` inside async function `_check_vlm_ready`: `urllib.request.urlopen` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 55812, "scanner": "repobility-ast-engine", "fingerprint": "7644edb4fb28917f16e37a64a42ac63814778196d372772233d33a2eb0b528b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7644edb4fb28917f16e37a64a42ac63814778196d372772233d33a2eb0b528b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/gateway/app.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `urllib.request.Request` inside async function `_check_vlm_ready`: `urllib.request.Request` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 55811, "scanner": "repobility-ast-engine", "fingerprint": "dc293c518dff813a1178d1eff840d027cde8751c432acc9a105110716d011e12", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc293c518dff813a1178d1eff840d027cde8751c432acc9a105110716d011e12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/hps/gateway/app.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict: Test function `test_predict` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55771, "scanner": "repobility-ast-engine", "fingerprint": "c5072d6bd7546484e17cf65e1fa500e25a599319b8993827be6abca965b366a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5072d6bd7546484e17cf65e1fa500e25a599319b8993827be6abca965b366a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/models/test_table_classifcation.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict_params: Test function `test_predict_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55770, "scanner": "repobility-ast-engine", "fingerprint": "7c7cd1d7caffefc5c175206db20794c7379458ec02f6bc09407c2ad317119e1a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c7cd1d7caffefc5c175206db20794c7379458ec02f6bc09407c2ad317119e1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/models/test_layout_detection.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict: Test function `test_predict` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55769, "scanner": "repobility-ast-engine", "fingerprint": "2d4b76beaa797753dbc57871b692253b2a7e7f2f0dc9d5504d68e113e502348f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d4b76beaa797753dbc57871b692253b2a7e7f2f0dc9d5504d68e113e502348f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/models/test_layout_detection.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict: Test function `test_predict` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55768, "scanner": "repobility-ast-engine", "fingerprint": "67ed5572a3a1e77d71c5c969c6d95aa22b8bb72212c0be08c5aa04ec8c74e8c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67ed5572a3a1e77d71c5c969c6d95aa22b8bb72212c0be08c5aa04ec8c74e8c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/models/test_doc_img_orientation_classifcation.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict_params: Test function `test_predict_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55767, "scanner": "repobility-ast-engine", "fingerprint": "9499f4554457f3c1a0e85f7acaab4ddae039077437a0922c0c643f62d57621c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9499f4554457f3c1a0e85f7acaab4ddae039077437a0922c0c643f62d57621c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/models/test_seal_text_detection.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict_params: Test function `test_predict_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55766, "scanner": "repobility-ast-engine", "fingerprint": "6e1a2b9e74d7fb6894dc1c482b228090e52dbf6b420959d0fee7489829fc00e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e1a2b9e74d7fb6894dc1c482b228090e52dbf6b420959d0fee7489829fc00e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_formula_recognition.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_multiple_bboxes: Test function `test_multiple_bboxes` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55765, "scanner": "repobility-ast-engine", "fingerprint": "70b3ef4bdc9bd3776d01c7d611c816e19acc76cddd7b4f5a18ea12a2993f1d34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70b3ef4bdc9bd3776d01c7d611c816e19acc76cddd7b4f5a18ea12a2993f1d34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_patch_layout_parsing.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_single_bbox: Test function `test_single_bbox` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55764, "scanner": "repobility-ast-engine", "fingerprint": "f14818783d22425ffd659dce5f6bb7ab5570168bd86b48e8f3b91c0c07affa11", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f14818783d22425ffd659dce5f6bb7ab5570168bd86b48e8f3b91c0c07affa11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_patch_layout_parsing.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_mode_raises: Test function `test_invalid_mode_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55763, "scanner": "repobility-ast-engine", "fingerprint": "da82e36d947bc0b6b719a87b16e2cedcc720d60e7375322302c947ef3442cce9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da82e36d947bc0b6b719a87b16e2cedcc720d60e7375322302c947ef3442cce9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_patch_layout_parsing.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict_params: Test function `test_predict_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55762, "scanner": "repobility-ast-engine", "fingerprint": "bc2c2cc3233b6d5b89910ad8213b97a1b204926f9be823c88e84a44a4429f6d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc2c2cc3233b6d5b89910ad8213b97a1b204926f9be823c88e84a44a4429f6d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_ocr.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict_params: Test function `test_predict_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55761, "scanner": "repobility-ast-engine", "fingerprint": "7698caf531e7abceb4ffde32d920e04bd5418e4adbbc0bd56cf8317f6b331a76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7698caf531e7abceb4ffde32d920e04bd5418e4adbbc0bd56cf8317f6b331a76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_pp_structurev3.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict_params: Test function `test_predict_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55760, "scanner": "repobility-ast-engine", "fingerprint": "c2d1884b76205a0cc25d730c5b55e8133b378eb3bfd7e4bb8e550dc23fd86743", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c2d1884b76205a0cc25d730c5b55e8133b378eb3bfd7e4bb8e550dc23fd86743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_seal_rec.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict_params: Test function `test_predict_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55759, "scanner": "repobility-ast-engine", "fingerprint": "f02ad0fe68cc86ca00db53e53f2b063b91cd2ee4903fb7f68a6830d2816508fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f02ad0fe68cc86ca00db53e53f2b063b91cd2ee4903fb7f68a6830d2816508fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_doc_preprocessor.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_predict_params: Test function `test_predict_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55758, "scanner": "repobility-ast-engine", "fingerprint": "330f7d18f63544ae75e65c16c5ee16d8bf468e8979d4b8c6005b100b2754dc84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|330f7d18f63544ae75e65c16c5ee16d8bf468e8979d4b8c6005b100b2754dc84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pipelines/test_table_recognition_v2.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.headers` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55750, "scanner": "repobility-ast-engine", "fingerprint": "d2c1952beff096f879610c43a3302d116fb662f51d5363766bd8b591c89f4080", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d2c1952beff096f879610c43a3302d116fb662f51d5363766bd8b591c89f4080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.rfile` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.rfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55749, "scanner": "repobility-ast-engine", "fingerprint": "f0a5c89bf128b9d02862a944197683ad012ff6d92b551ff2ee93b186f07f939c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f0a5c89bf128b9d02862a944197683ad012ff6d92b551ff2ee93b186f07f939c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.headers` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55748, "scanner": "repobility-ast-engine", "fingerprint": "c9f2b48dff59293ef8ee9a56c60d1c8425fbc263d467dd8da9e751d3aa857ae3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9f2b48dff59293ef8ee9a56c60d1c8425fbc263d467dd8da9e751d3aa857ae3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.wfile` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.wfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55747, "scanner": "repobility-ast-engine", "fingerprint": "5902ba8606d4e573d10760e63b94cd88c1f708da394d578caece42529145abfd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5902ba8606d4e573d10760e63b94cd88c1f708da394d578caece42529145abfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55746, "scanner": "repobility-ast-engine", "fingerprint": "a58697abbb7baedc7aa7d723749511743930b8d0c6befd7b59526689a33be21d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a58697abbb7baedc7aa7d723749511743930b8d0c6befd7b59526689a33be21d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.end_headers` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.end_headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55745, "scanner": "repobility-ast-engine", "fingerprint": "9845bf27f785be97f06ac0456a3403dabce20c031f1a8e3f467a09e6f6eb7b5b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9845bf27f785be97f06ac0456a3403dabce20c031f1a8e3f467a09e6f6eb7b5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55744, "scanner": "repobility-ast-engine", "fingerprint": "3e5a40577c8900af70eae859aa75be23cfaeabd1aa2ef11b686eb492fe11a61f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e5a40577c8900af70eae859aa75be23cfaeabd1aa2ef11b686eb492fe11a61f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_response` used but never assigned in __init__: Method `do_POST` of class `_MockHandler` reads `self.send_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55743, "scanner": "repobility-ast-engine", "fingerprint": "abf508c2a2150f4fafb12681323d1a7f0fb45a76d0ec7c268d17e5a9fca1e7b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|abf508c2a2150f4fafb12681323d1a7f0fb45a76d0ec7c268d17e5a9fca1e7b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_paddleocr_client_reads_env_token: Test function `test_paddleocr_client_reads_env_token` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55742, "scanner": "repobility-ast-engine", "fingerprint": "547701559bf19a45411f959838f60b9d86e3b9f30621a4b8b05c62a77f80a97b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|547701559bf19a45411f959838f60b9d86e3b9f30621a4b8b05c62a77f80a97b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_paddleocr_client_requires_token: Test function `test_paddleocr_client_requires_token` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55741, "scanner": "repobility-ast-engine", "fingerprint": "dfb172b206a6c366e3a7b0e87be16240ed5b501e5d022ea53fa5a03fc2639616", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dfb172b206a6c366e3a7b0e87be16240ed5b501e5d022ea53fa5a03fc2639616"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_mapping_500: Test function `test_error_mapping_500` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55740, "scanner": "repobility-ast-engine", "fingerprint": "61c6941c8bc2fc51ac43a91f881ef30295c98845f53793fdd3d206d8914d088b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61c6941c8bc2fc51ac43a91f881ef30295c98845f53793fdd3d206d8914d088b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_mapping_503: Test function `test_error_mapping_503` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55739, "scanner": "repobility-ast-engine", "fingerprint": "40fea2c34844bd14c1fa27fefc192dabeb6d2a5831860c8c846a4b6ad7cf9510", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40fea2c34844bd14c1fa27fefc192dabeb6d2a5831860c8c846a4b6ad7cf9510"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_mapping_429: Test function `test_error_mapping_429` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55738, "scanner": "repobility-ast-engine", "fingerprint": "415dac370f7e8e47cc9a0bc1865a15ede9698e4b1bf546d3c8608939662efebb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|415dac370f7e8e47cc9a0bc1865a15ede9698e4b1bf546d3c8608939662efebb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_mapping_400: Test function `test_error_mapping_400` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55737, "scanner": "repobility-ast-engine", "fingerprint": "074a3c951cef614ebf25b22655696e96fd8e7ea265eb3e0273a6491cddea659d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|074a3c951cef614ebf25b22655696e96fd8e7ea265eb3e0273a6491cddea659d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_mapping_401: Test function `test_error_mapping_401` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55736, "scanner": "repobility-ast-engine", "fingerprint": "63674e5d2f3406043a76a5c230ce87360271fb4cc0a6a898f07416a047e0b5b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63674e5d2f3406043a76a5c230ce87360271fb4cc0a6a898f07416a047e0b5b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_client_http.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_iaa_augment_unknown_transform: Test function `test_iaa_augment_unknown_transform` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55735, "scanner": "repobility-ast-engine", "fingerprint": "d8226a76423a50dca3cfb3f8bef459d1c40cb0bd2eec50ddcb12b3426ee6d8b6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8226a76423a50dca3cfb3f8bef459d1c40cb0bd2eec50ddcb12b3426ee6d8b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_iaa_augment.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_tools_program_parse_opt_rejects_python_object_tags: Test function `test_tools_program_parse_opt_rejects_python_object_tags` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55734, "scanner": "repobility-ast-engine", "fingerprint": "7758198ea327d97018867335e092efe276c00be39eea723ec2d6c56958272c2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7758198ea327d97018867335e092efe276c00be39eea723ec2d6c56958272c2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_safe_yaml_config_loading.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_tools_program_load_config_rejects_python_object_tags: Test function `test_tools_program_load_config_rejects_python_object_tags` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55733, "scanner": "repobility-ast-engine", "fingerprint": "9418366a40cd8981b5403f8ef6c0ebf9df102a5c6e3c8d2762421145d9cc3433", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9418366a40cd8981b5403f8ef6c0ebf9df102a5c6e3c8d2762421145d9cc3433"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_safe_yaml_config_loading.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_fps` used but never assigned in __init__: Method `analysis` of class `TimeAnalyzer` reads `self._get_fps`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55730, "scanner": "repobility-ast-engine", "fingerprint": "473069c802c9ed646d980806597aa598de70e404ef7865fdbfe438fea23cd6b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|473069c802c9ed646d980806597aa598de70e404ef7865fdbfe438fea23cd6b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/analysis.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_fps` used but never assigned in __init__: Method `analysis` of class `TimeAnalyzer` reads `self._get_fps`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55729, "scanner": "repobility-ast-engine", "fingerprint": "30d142ed84cbe0da2ae2a3d3748d4be13710dae0bee7a321b3df58c36bc03525", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30d142ed84cbe0da2ae2a3d3748d4be13710dae0bee7a321b3df58c36bc03525"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/analysis.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._parse_opt` used but never assigned in __init__: Method `parse_args` of class `ArgsParser` reads `self._parse_opt`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55725, "scanner": "repobility-ast-engine", "fingerprint": "30a7b2c6d9018bfc629578667a1d176ef71f747c4ceebd6aebcf4132ce3bb6ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30a7b2c6d9018bfc629578667a1d176ef71f747c4ceebd6aebcf4132ce3bb6ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/program.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._parse_opt` used but never assigned in __init__: Method `parse_args` of class `ReArgsParser` reads `self._parse_opt`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55724, "scanner": "repobility-ast-engine", "fingerprint": "68909661f4ab4d7b8679eee592e14f85a41538aaee406c0905d35f5d00638ccf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68909661f4ab4d7b8679eee592e14f85a41538aaee406c0905d35f5d00638ccf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/infer_kie_token_ser_re.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._momentum` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self._momentum`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55723, "scanner": "repobility-ast-engine", "fingerprint": "852fc62fa19ba85a7e83f9f1a95d3113e8d39022c683612a1eb756a50c03ddbd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|852fc62fa19ba85a7e83f9f1a95d3113e8d39022c683612a1eb756a50c03ddbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._variance` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self._variance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55722, "scanner": "repobility-ast-engine", "fingerprint": "bd1cc585d3e390949b9efbf9f7795c588bb7acae5a38bc3f6fc7ccad9a21e8c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd1cc585d3e390949b9efbf9f7795c588bb7acae5a38bc3f6fc7ccad9a21e8c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._mean` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self._mean`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55721, "scanner": "repobility-ast-engine", "fingerprint": "b7c1aa52320619b0c9eb5b531896f88889d1fb70ea0a7f1be755fe9ab864f7df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7c1aa52320619b0c9eb5b531896f88889d1fb70ea0a7f1be755fe9ab864f7df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._epsilon` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self._epsilon`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55720, "scanner": "repobility-ast-engine", "fingerprint": "1d78b07507668c56c00bc074c577624b6f70f7008ba6b034385f2b1e088a33f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d78b07507668c56c00bc074c577624b6f70f7008ba6b034385f2b1e088a33f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._momentum` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self._momentum`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55719, "scanner": "repobility-ast-engine", "fingerprint": "3411bfef70e4414d72874358907a04b5510489ef006a454aea132431ff765ab0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3411bfef70e4414d72874358907a04b5510489ef006a454aea132431ff765ab0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.training` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self.training`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55718, "scanner": "repobility-ast-engine", "fingerprint": "767881c4eeb601bf62a9150b86f0430d3a6ca153737f1cacb16c0a9587d5da5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|767881c4eeb601bf62a9150b86f0430d3a6ca153737f1cacb16c0a9587d5da5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._variance` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self._variance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55717, "scanner": "repobility-ast-engine", "fingerprint": "52c4d007405dd0226aa405f6b7f708fc5370b68211d50f43fdb8625771edc956", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|52c4d007405dd0226aa405f6b7f708fc5370b68211d50f43fdb8625771edc956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._mean` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self._mean`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55716, "scanner": "repobility-ast-engine", "fingerprint": "4347d9ee7a3afc2d45adb1c7075705dd2ad0097c92d6da2810ab8f76ee174491", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4347d9ee7a3afc2d45adb1c7075705dd2ad0097c92d6da2810ab8f76ee174491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.bias` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self.bias`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55715, "scanner": "repobility-ast-engine", "fingerprint": "6f61391abf5454cd1bba163523e43430a1e39df563c4b615459ff108dc23564c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f61391abf5454cd1bba163523e43430a1e39df563c4b615459ff108dc23564c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.weight` used but never assigned in __init__: Method `forward` of class `NaiveSyncBatchNorm` reads `self.weight`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55714, "scanner": "repobility-ast-engine", "fingerprint": "67160577895cc16ed83fa807e67c66f26abe7423e09a07b0e2d9be62d0d57972", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67160577895cc16ed83fa807e67c66f26abe7423e09a07b0e2d9be62d0d57972"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/naive_sync_bn.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_reader: Test function `test_reader` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 55713, "scanner": "repobility-ast-engine", "fingerprint": "3d45434426a997e478ac496710c848d2b4e30647a40e32e9740e6ce2721c20b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d45434426a997e478ac496710c848d2b4e30647a40e32e9740e6ce2721c20b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/train.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._has_intersection` used but never assigned in __init__: Method `_filter_text_res` of class `StructureSystem` reads `self._has_intersection`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55712, "scanner": "repobility-ast-engine", "fingerprint": "a3f1745bea00119a5593b7daeac33aa67951c928fff83d12a496db1d0ed2fd6d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3f1745bea00119a5593b7daeac33aa67951c928fff83d12a496db1d0ed2fd6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/predict_system.py"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._filter_text_res` used but never assigned in __init__: Method `__call__` of class `StructureSystem` reads `self._filter_text_res`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55711, "scanner": "repobility-ast-engine", "fingerprint": "3c0099ee3f5f79fed4b244110bc8bb5747770c4cdacd5244312795602a7cc935", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c0099ee3f5f79fed4b244110bc8bb5747770c4cdacd5244312795602a7cc935"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/predict_system.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._predict_text` used but never assigned in __init__: Method `__call__` of class `StructureSystem` reads `self._predict_text`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 55710, "scanner": "repobility-ast-engine", "fingerprint": "caf7bf0a6f5061c16beb2fb62ef0787bac1c93e8fcfbe9a5acf086b1370048cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|caf7bf0a6f5061c16beb2fb62ef0787bac1c93e8fcfbe9a5acf086b1370048cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/predict_system.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55705, "scanner": "repobility-docker", "fingerprint": "eee9ed60505d35ded95c9f9e06d8c5459a23f146449bdedf551a506687d00bda", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|eee9ed60505d35ded95c9f9e06d8c5459a23f146449bdedf551a506687d00bda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55702, "scanner": "repobility-docker", "fingerprint": "37d8cec63cdb5816e94520dbf2b78b4120b87b8cb1c8fd9313fe241a99a68439", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|37d8cec63cdb5816e94520dbf2b78b4120b87b8cb1c8fd9313fe241a99a68439"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55700, "scanner": "repobility-docker", "fingerprint": "9a56e28747197ec82ce64385cc4106131e2ba8bebad516c686efe7cf4d723b77", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9a56e28747197ec82ce64385cc4106131e2ba8bebad516c686efe7cf4d723b77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55697, "scanner": "repobility-docker", "fingerprint": "6b5547d16b4ef3e3d8beebe2dc662736c418c0cd4c08598e05a137c6e99f2eb1", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6b5547d16b4ef3e3d8beebe2dc662736c418c0cd4c08598e05a137c6e99f2eb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55695, "scanner": "repobility-docker", "fingerprint": "4ace8caeba7ad44a9bf0508681844c49db6b8ca38ecec422b9864cd53e8c565c", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4ace8caeba7ad44a9bf0508681844c49db6b8ca38ecec422b9864cd53e8c565c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55691, "scanner": "repobility-docker", "fingerprint": "a5c9c835e8c28a50d6d13dc11603d1c75057701db9fc21efcc5fb96e90ecc939", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a5c9c835e8c28a50d6d13dc11603d1c75057701db9fc21efcc5fb96e90ecc939"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55688, "scanner": "repobility-docker", "fingerprint": "6293c3599880caeb1198f68ebbb11321d1e20871f236edc7bde4b5be9883b564", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6293c3599880caeb1198f68ebbb11321d1e20871f236edc7bde4b5be9883b564"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55684, "scanner": "repobility-docker", "fingerprint": "e0f2d41dc9929312bf3d15e13637a627cc1c57090ddc21dedc32418940ed8306", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e0f2d41dc9929312bf3d15e13637a627cc1c57090ddc21dedc32418940ed8306"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55681, "scanner": "repobility-docker", "fingerprint": "cb06e2bef5e5785961576cb80a998db651e85d47030eef2713c1f5ed15d73163", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cb06e2bef5e5785961576cb80a998db651e85d47030eef2713c1f5ed15d73163"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/intel-gpu/compose.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55678, "scanner": "repobility-docker", "fingerprint": "aaf1ba661e19603467d483b1d3b932a5e2595221501ce630076489d0aa990cb4", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|aaf1ba661e19603467d483b1d3b932a5e2595221501ce630076489d0aa990cb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/intel-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55676, "scanner": "repobility-docker", "fingerprint": "7a7374868eb5e5f983641e2d487a940563867eca76c01321627919368f555603", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7a7374868eb5e5f983641e2d487a940563867eca76c01321627919368f555603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKC003", "level": "error", "message": {"text": "Compose service joins the host PID namespace"}, "properties": {"repobilityId": 55674, "scanner": "repobility-docker", "fingerprint": "09f715d82c7675266dca71d9549dcec1a6e0f3c6312d775f40e9ad1f8a95e774", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "pid: host was set on the service.", "evidence": {"rule_id": "DKC003", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|09f715d82c7675266dca71d9549dcec1a6e0f3c6312d775f40e9ad1f8a95e774"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55670, "scanner": "repobility-docker", "fingerprint": "cd60479bf29bec3e2182892cd3ebf9951109dee1ccc5389d2925226645d1b808", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cd60479bf29bec3e2182892cd3ebf9951109dee1ccc5389d2925226645d1b808"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC003", "level": "error", "message": {"text": "Compose service joins the host PID namespace"}, "properties": {"repobilityId": 55668, "scanner": "repobility-docker", "fingerprint": "6080beea9dc8ca5c4abbdde4566905fe67989ea20319de0b1dc77353b229e663", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "pid: host was set on the service.", "evidence": {"rule_id": "DKC003", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6080beea9dc8ca5c4abbdde4566905fe67989ea20319de0b1dc77353b229e663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55665, "scanner": "repobility-docker", "fingerprint": "d63c4d63f1673d1c85af2b3a10ff434b43a04e1391a0421052f62ed4ea5f1387", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d63c4d63f1673d1c85af2b3a10ff434b43a04e1391a0421052f62ed4ea5f1387"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55660, "scanner": "repobility-docker", "fingerprint": "dbd4512c8a2f5820cf9a12889209c978bab8328288697077ca99e30b9c2faf6c", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dbd4512c8a2f5820cf9a12889209c978bab8328288697077ca99e30b9c2faf6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55656, "scanner": "repobility-docker", "fingerprint": "2b01af840a507ffaed6bd76d67e90012de978cfb6e8868814faef86419c5c0de", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2b01af840a507ffaed6bd76d67e90012de978cfb6e8868814faef86419c5c0de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55652, "scanner": "repobility-docker", "fingerprint": "41b40a7fb59a5bafa3d5780122c6053687310ac7f6714f444c166b58aa156c6b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|41b40a7fb59a5bafa3d5780122c6053687310ac7f6714f444c166b58aa156c6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55649, "scanner": "repobility-docker", "fingerprint": "c76508b732407d7ba7230e9918e67b150530efdec6ef3b9082506d2dc91372d3", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c76508b732407d7ba7230e9918e67b150530efdec6ef3b9082506d2dc91372d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKC006", "level": "error", "message": {"text": "Compose service explicitly runs as root"}, "properties": {"repobilityId": 55645, "scanner": "repobility-docker", "fingerprint": "3568055a73ea6fb29ade2a82ed759473def66f71d35debb4e52b59f6c71ca6b9", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "The service sets user to root and no privilege-drop wrapper was detected.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3568055a73ea6fb29ade2a82ed759473def66f71d35debb4e52b59f6c71ca6b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 55608, "scanner": "repobility-threat-engine", "fingerprint": "c8e35d21f7a26bc03fc8bf897956f97df11d8a31ac54d3a05ca57b56e3fa724e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c8e35d21f7a26bc03fc8bf897956f97df11d8a31ac54d3a05ca57b56e3fa724e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/compare_results.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 55604, "scanner": "repobility-threat-engine", "fingerprint": "274dcedfd0be42491944d084da70ca5b218645bd7702f874ccc9ed530c976c0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|274dcedfd0be42491944d084da70ca5b218645bd7702f874ccc9ed530c976c0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/postprocess/ct_postprocess.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 55589, "scanner": "repobility-threat-engine", "fingerprint": "de554fe4e4fb75461c9c5d9912a3e2a875b0ea50b325b43fdb2b5d0e7e4f4f83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|de554fe4e4fb75461c9c5d9912a3e2a875b0ea50b325b43fdb2b5d0e7e4f4f83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/utils/network.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 55539, "scanner": "repobility-threat-engine", "fingerprint": "77d414c76d34da61a56378e3c919efe94f2e92971d7b55d560c0f7835d460b96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|77d414c76d34da61a56378e3c919efe94f2e92971d7b55d560c0f7835d460b96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/simple_dataset.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 55538, "scanner": "repobility-threat-engine", "fingerprint": "216ed840f70a9a5a47aeabb8f3134a6893d52e466b6c1397924ab4eb89e0a275", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|216ed840f70a9a5a47aeabb8f3134a6893d52e466b6c1397924ab4eb89e0a275"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr/_cli.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 55537, "scanner": "repobility-threat-engine", "fingerprint": "eb772782aaeefb4f7e97615c45139cee3ecdd717287fad098c490520ff533d4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eb772782aaeefb4f7e97615c45139cee3ecdd717287fad098c490520ff533d4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/utils/metrics.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 55532, "scanner": "repobility-threat-engine", "fingerprint": "ec474286c6dd41d35256a063cd37e7d09b83ec9c41a36c84a0e92912995859fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec474286c6dd41d35256a063cd37e7d09b83ec9c41a36c84a0e92912995859fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/utils/network.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 55531, "scanner": "repobility-threat-engine", "fingerprint": "53d5e5a23ee6034fad53158fee5f0319ea0ab00c369832ead8c45376470c68a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|53d5e5a23ee6034fad53158fee5f0319ea0ab00c369832ead8c45376470c68a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/utils/gen_label.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 55530, "scanner": "repobility-threat-engine", "fingerprint": "3d07fe2c4da4ef70c43d58f35cf8cd018e97d28403fbfd62f975dd7e459a6f14", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d07fe2c4da4ef70c43d58f35cf8cd018e97d28403fbfd62f975dd7e459a6f14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/tools/predict.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 55528, "scanner": "repobility-threat-engine", "fingerprint": "0d61825691a54bec0560f05f89fe72e3279af6917ed4e39757f12ac872c7538e", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|ppocr/utils/gen_label.py|35|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/utils/gen_label.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 55527, "scanner": "repobility-threat-engine", "fingerprint": "2e5b79af6006ff7dece40f8f0d4bfbd721bf41b159563837162a7185085bd195", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(inference_model_dir, \"inference.pdiparams", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|145|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/slim/quantization/quant_kl.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 55526, "scanner": "repobility-threat-engine", "fingerprint": "c1bd601c6acc7bf0f26a4f6c53e92340ddc94f50fbabca058f424bb53ab0063d", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(args.model_dir, \"inference.pdiparams", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|58|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/tools/infer.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 55524, "scanner": "repobility-threat-engine", "fingerprint": "81736695988cf2f6f4c5e83a1de0b9138baa54de0f4ccb1bd9fa4eca8494e830", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|ppocr/utils/gen_label.py|35|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/utils/gen_label.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 55523, "scanner": "repobility-threat-engine", "fingerprint": "bff4a9ae364323cd4a31db903e57d6576e84bf1f3772d16365a4c1d99f44828e", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(inference_model_dir, \"inference.pdiparams", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|145|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/slim/quantization/quant_kl.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 55522, "scanner": "repobility-threat-engine", "fingerprint": "8dc9ea2b1cb8a102603442f38feb563dcaa07c1fe17d746743c08e288dac179e", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(args.model_dir, \"inference.pdiparams", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|58|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/tools/infer.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 55518, "scanner": "repobility-threat-engine", "fingerprint": "415aefcb779ee236ab50d3f419851cda0be7780915e7bf8e73b1ac3c826c26b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "paddle.jit.save(model, save_path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|415aefcb779ee236ab50d3f419851cda0be7780915e7bf8e73b1ac3c826c26b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/tools/export_model.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 55517, "scanner": "repobility-threat-engine", "fingerprint": "33411ace884f01d01b989ffecc715868145a0530c13bcfb01143a10a16952518", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "item.update(data)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|33411ace884f01d01b989ffecc715868145a0530c13bcfb01143a10a16952518"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/data_loader/dataset.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 55516, "scanner": "repobility-threat-engine", "fingerprint": "d45ab58d704d0592a69b435eb663c447c0fae8eb2147343c1be82a2c57c7a732", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "paddle.save(state, filename)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d45ab58d704d0592a69b435eb663c447c0fae8eb2147343c1be82a2c57c7a732"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/base/base_trainer.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 55487, "scanner": "repobility-threat-engine", "fingerprint": "5cb78678b5d4cef6693f7a0842880002ac4bd0f26d398439371d0ba40bcd64ee", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5cb78678b5d4cef6693f7a0842880002ac4bd0f26d398439371d0ba40bcd64ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/transport.go"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 55486, "scanner": "repobility-threat-engine", "fingerprint": "b8c7c6eebc90336b0eb6eee659200ecacd86f1bb09517a9721b5375a30cb2827", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b8c7c6eebc90336b0eb6eee659200ecacd86f1bb09517a9721b5375a30cb2827"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/options.go"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 55485, "scanner": "repobility-threat-engine", "fingerprint": "5a5b32433f0af185249e46ceb9d3bcddbeb79682336992e5fbae16540fcbf022", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5a5b32433f0af185249e46ceb9d3bcddbeb79682336992e5fbae16540fcbf022"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_sdk/go/ocr.go"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 55814, "scanner": "repobility-ast-engine", "fingerprint": "1a769d6d1eb568105dc4b09e3522c68e80aa1b7d1b6a99425d1ae281900d7f50", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a769d6d1eb568105dc4b09e3522c68e80aa1b7d1b6a99425d1ae281900d7f50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/table/tablepyxl/style.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 55813, "scanner": "repobility-ast-engine", "fingerprint": "3d7cf644475d48893e09eea202b41941826daf05f9a8d4dc799b7dccfdf2a099", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d7cf644475d48893e09eea202b41941826daf05f9a8d4dc799b7dccfdf2a099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/end2end/draw_html.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 55800, "scanner": "repobility-ast-engine", "fingerprint": "d19adf741eb8e5cc572a82b65573488b908eacc2b35ca0cb4fb8a0a6ce1679e5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d19adf741eb8e5cc572a82b65573488b908eacc2b35ca0cb4fb8a0a6ce1679e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/imaug/unimernet_aug.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `pickle` used but not imported: The file uses `pickle.something(...)` but never imports `pickle`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 55757, "scanner": "repobility-ast-engine", "fingerprint": "037e55d62cb48d393c832689f6e5e71915d7702fef3e32b7051f5522f7b5c5c7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|037e55d62cb48d393c832689f6e5e71915d7702fef3e32b7051f5522f7b5c5c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/supplementary/utils.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `errno` used but not imported: The file uses `errno.something(...)` but never imports `errno`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 55753, "scanner": "repobility-ast-engine", "fingerprint": "a6534efc2d0c4caefd61315ed27644e56222f3c959048221fa2d3287d6241d71", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6534efc2d0c4caefd61315ed27644e56222f3c959048221fa2d3287d6241d71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/supplementary/train.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55694, "scanner": "repobility-docker", "fingerprint": "018db63c1658d37367728f45f467402885fa5cd7f073bd22e733cea8fa52be89", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|018db63c1658d37367728f45f467402885fa5cd7f073bd22e733cea8fa52be89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55690, "scanner": "repobility-docker", "fingerprint": "0d606e56b397b0e03d00d5d263f6345935e1193cb4e00c5880026ac521562132", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0d606e56b397b0e03d00d5d263f6345935e1193cb4e00c5880026ac521562132"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55687, "scanner": "repobility-docker", "fingerprint": "89a22e9529bf344bf314b3a733ebe9e0292c8f4dc2d372288279bbf9a7af6397", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|89a22e9529bf344bf314b3a733ebe9e0292c8f4dc2d372288279bbf9a7af6397"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55683, "scanner": "repobility-docker", "fingerprint": "3d72785abe9296a41e238e1395e92c452f83d19cf00b1f255c72c6a3437b6fd5", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|3d72785abe9296a41e238e1395e92c452f83d19cf00b1f255c72c6a3437b6fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55673, "scanner": "repobility-docker", "fingerprint": "daf906c69843572c000bfa208b9a743ebc8f6b13d6d35011f47595b3e5f4e417", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|daf906c69843572c000bfa208b9a743ebc8f6b13d6d35011f47595b3e5f4e417"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55667, "scanner": "repobility-docker", "fingerprint": "8cbeebe8428e4c7fb0d45d44a7125a90a3868235c89ca544803c15afd0ca176d", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8cbeebe8428e4c7fb0d45d44a7125a90a3868235c89ca544803c15afd0ca176d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55663, "scanner": "repobility-docker", "fingerprint": "03f7f5d6430d5f682ebf794dbf1884448c1d89ab37ca81045431ac7412a74915", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|03f7f5d6430d5f682ebf794dbf1884448c1d89ab37ca81045431ac7412a74915"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55658, "scanner": "repobility-docker", "fingerprint": "46067854c6c8fcc6b089fef03decf7554405a25c3aa986c5a9a8b80ddd0f19c4", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|46067854c6c8fcc6b089fef03decf7554405a25c3aa986c5a9a8b80ddd0f19c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55655, "scanner": "repobility-docker", "fingerprint": "ea8eec71ac6cbf0416485b53a131ee803de07ebaf1d186422f411a1b6231ef04", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vlm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|ea8eec71ac6cbf0416485b53a131ee803de07ebaf1d186422f411a1b6231ef04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 55651, "scanner": "repobility-docker", "fingerprint": "774a33ff1309788947fea5a71daa63a1faad6749d65bc57bf7c8efdfe5291e8b", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "paddleocr-vl-api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|774a33ff1309788947fea5a71daa63a1faad6749d65bc57bf7c8efdfe5291e8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 55603, "scanner": "repobility-threat-engine", "fingerprint": "68d8da96e184fab2ad294a925134296355db832ad51284e2fe13705515197e98", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|68d8da96e184fab2ad294a925134296355db832ad51284e2fe13705515197e98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_tipc/supplementary/utils.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 55602, "scanner": "repobility-threat-engine", "fingerprint": "f46c64fadc81a4d7cb043bc9bce992403989c06b2cff8bdf02a95f6b56fa98e0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f46c64fadc81a4d7cb043bc9bce992403989c06b2cff8bdf02a95f6b56fa98e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppstructure/table/eval_table.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 55601, "scanner": "repobility-threat-engine", "fingerprint": "a87d627568e17d0110fcc235de243a3dd600fe7310917840d63c4c351d161193", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a87d627568e17d0110fcc235de243a3dd600fe7310917840d63c4c351d161193"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/center_loss.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 55599, "scanner": "repobility-threat-engine", "fingerprint": "fa65aa50443bb978765c73a8eb6943371f91e8749a678c8e251a505adc83411a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fa65aa50443bb978765c73a8eb6943371f91e8749a678c8e251a505adc83411a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/losses/center_loss.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 55598, "scanner": "repobility-threat-engine", "fingerprint": "fa1e4fa8d0bcfcf24e67c73376893a040522a06c2a95285ad48afabbc55536bc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fa1e4fa8d0bcfcf24e67c73376893a040522a06c2a95285ad48afabbc55536bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/lmdb_dataset.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 55597, "scanner": "repobility-threat-engine", "fingerprint": "cd1e544e7cec1201815af8acd1135f5cca835a2c257de9331d6a78db02c1a9ae", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd1e544e7cec1201815af8acd1135f5cca835a2c257de9331d6a78db02c1a9ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ppocr/data/latexocr_dataset.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 55561, "scanner": "repobility-threat-engine", "fingerprint": "8dd1b89057d47a90245e128494b16d146e1069a8f07108c056e48af38bc998a3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(input)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8dd1b89057d47a90245e128494b16d146e1069a8f07108c056e48af38bc998a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/packages/core/src/pipelines/ocr/config.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 55560, "scanner": "repobility-threat-engine", "fingerprint": "94861c59480977cb07ea4f7a772bfeb55b71cedcb2957eba77af9a01520a36b7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(text)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|94861c59480977cb07ea4f7a772bfeb55b71cedcb2957eba77af9a01520a36b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/packages/core/src/models/common.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 55559, "scanner": "repobility-threat-engine", "fingerprint": "24066eba82bc02298c7265a04edd8c23ba02de8b256f2543c4be6ef74b03b2c5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(\n open(\"./rec_multi_language_lite_train.yml\", \"rb\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|24066eba82bc02298c7265a04edd8c23ba02de8b256f2543c4be6ef74b03b2c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "configs/rec/multi_language/generate_multi_language_configs.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 55557, "scanner": "repobility-threat-engine", "fingerprint": "7bd4789d37f3edec2dc39a00a5728c4dcfa0096bce5e7ac0e7bedb7cdd63a277", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7bd4789d37f3edec2dc39a00a5728c4dcfa0096bce5e7ac0e7bedb7cdd63a277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/packages/core/src/models/common.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 55556, "scanner": "repobility-threat-engine", "fingerprint": "9a3902a20a862e273070b5796d577517ddf0b8a22a169bc515613b2bcd062be7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a3902a20a862e273070b5796d577517ddf0b8a22a169bc515613b2bcd062be7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "configs/rec/multi_language/generate_multi_language_configs.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 55555, "scanner": "repobility-threat-engine", "fingerprint": "1d17e6e98308bebd125573fc060f65eba762e6cda6ac2bf2c3f8ff4d55577563", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d17e6e98308bebd125573fc060f65eba762e6cda6ac2bf2c3f8ff4d55577563"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/utils/util.py"}, "region": {"startLine": 284}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 55553, "scanner": "repobility-threat-engine", "fingerprint": "8487e2a94cdc4e462b738c50926e0524ccd86c8f7789df54813c3ca215e9bfd8", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|38|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "paddleocr-js/packages/core/src/models/common.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 55552, "scanner": "repobility-threat-engine", "fingerprint": "8d9670ba256e0074a9e87ec1c22d6d6e499c72ea8c6922d8d58abdc0950f7a02", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|133|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "configs/rec/multi_language/generate_multi_language_configs.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 55551, "scanner": "repobility-threat-engine", "fingerprint": "db22a5b5555dbc6f905365b841b4e450193c46633861034a5010b41bbcc69859", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|284|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/PaddleOCR_DBNet/utils/util.py"}, "region": {"startLine": 284}}}]}]}]}