{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/420"}, "properties": {"repository": "junit-team/junit5", "repoUrl": "https://github.com/junit-team/junit5.git", "branch": "main"}, "results": [{"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22462, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55f26279c7d971f492c49dc105117dc2525f697f05739bf5529752138daabdef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-params/src/main/java/org/junit/jupiter/params/ParameterizedClassContext.java", "duplicate_line": 69, "correlation_key": "fp|55f26279c7d971f492c49dc105117dc2525f697f05739bf5529752138daabdef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-params/src/main/java/org/junit/jupiter/params/ParameterizedTestContext.java"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22461, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6978871f394b1f64c74cf53942c117fba4d4cd9707cf421fabd14847cfc71c90", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/TestFactoryTestDescriptor.java", "duplicate_line": 57, "correlation_key": "fp|6978871f394b1f64c74cf53942c117fba4d4cd9707cf421fabd14847cfc71c90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/TestTemplateTestDescriptor.java"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22460, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f6fff9e322cae89f075ef2d118b1738cb8119e32f5225e6d757efa774cd59ed9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/ClassTemplateInvocationExtensionContext.java", "duplicate_line": 24, "correlation_key": "fp|f6fff9e322cae89f075ef2d118b1738cb8119e32f5225e6d757efa774cd59ed9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/TestTemplateExtensionContext.java"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22459, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b3bd970e2f3ea8c383be584e37948267fd4e7be67cadae1bd1de658c24a8243", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/MethodExtensionContext.java", "duplicate_line": 25, "correlation_key": "fp|5b3bd970e2f3ea8c383be584e37948267fd4e7be67cadae1bd1de658c24a8243"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/TestTemplateExtensionContext.java"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22458, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a1e3b514f335bc265f0f2834c1600e70ed6ae45965ff6147e8a6ae1d4ce3f13f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/ClassTemplateInvocationExtensionContext.java", "duplicate_line": 24, "correlation_key": "fp|a1e3b514f335bc265f0f2834c1600e70ed6ae45965ff6147e8a6ae1d4ce3f13f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/MethodExtensionContext.java"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22457, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18695b73e9656214a48ce93332c1ef27a2271da5af6788172f8905bb605dfdfb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/ClassTemplateInvocationExtensionContext.java", "duplicate_line": 44, "correlation_key": "fp|18695b73e9656214a48ce93332c1ef27a2271da5af6788172f8905bb605dfdfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/JupiterEngineExtensionContext.java"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22456, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac456ff2d387595b1df8bcc55824d7fb3eeee8a2c5b1d480ecb42c50c3520e38", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/DynamicExtensionContext.java", "duplicate_line": 20, "correlation_key": "fp|ac456ff2d387595b1df8bcc55824d7fb3eeee8a2c5b1d480ecb42c50c3520e38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/JupiterEngineExtensionContext.java"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22455, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93112a009c51fe698c21dfce8328bdafc525520355edcc3f7ce813d4ca1c1e7b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/ClassTemplateInvocationExtensionContext.java", "duplicate_line": 44, "correlation_key": "fp|93112a009c51fe698c21dfce8328bdafc525520355edcc3f7ce813d4ca1c1e7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/DynamicExtensionContext.java"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22454, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1c55d006a23d6af3a4bae18227a55e78df90c13157439adbbc60a75ecb1f6d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/ClassExtensionContext.java", "duplicate_line": 27, "correlation_key": "fp|f1c55d006a23d6af3a4bae18227a55e78df90c13157439adbbc60a75ecb1f6d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-engine/src/main/java/org/junit/jupiter/engine/descriptor/ClassTemplateInvocationExtensionContext.java"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22453, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b10e56f58ce9da53c353d79bb583f88e993b1f22a36dfc6100bdbceafe34da9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "junit-jupiter-api/src/main/java/org/junit/jupiter/api/AssertThrows.java", "duplicate_line": 30, "correlation_key": "fp|8b10e56f58ce9da53c353d79bb583f88e993b1f22a36dfc6100bdbceafe34da9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-jupiter-api/src/main/java/org/junit/jupiter/api/AssertThrowsExactly.java"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 22479, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22478, "scanner": "repobility-threat-engine", "fingerprint": "b6f4c870cf4bcfa32b592fff5651219d8e0eb41a63df1f7fa0462e6a956d836e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(P", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b6f4c870cf4bcfa32b592fff5651219d8e0eb41a63df1f7fa0462e6a956d836e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-platform-console/src/main/java/org/junit/platform/console/command/ConsoleTestExecutor.java"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22477, "scanner": "repobility-threat-engine", "fingerprint": "037a6632402dca6c2069c85f7da0b2f17364a3d57ff82887621939f304cf021d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|037a6632402dca6c2069c85f7da0b2f17364a3d57ff82887621939f304cf021d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-platform-reporting/src/main/java/org/junit/platform/reporting/open/xml/GitInfoCollector.java"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22476, "scanner": "repobility-threat-engine", "fingerprint": "ac7cedce60b5cd6b50806e70f8cc5e698bd3a080d7357dac249793a586d16cd7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(g", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac7cedce60b5cd6b50806e70f8cc5e698bd3a080d7357dac249793a586d16cd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "junit-platform-reporting/src/main/java/org/junit/platform/reporting/open/xml/OpenTestReportGeneratingListener.java"}, "region": {"startLine": 206}}}]}]}]}