{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `generate_config_header` (dict): `def generate_config_header(... = []/{}/set())` ", "shortDescription": {"text": "[MINED109] Mutable default argument in `generate_config_header` (dict): `def generate_config_header(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def generate_config_header(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR018", "name": "Database dump or local database file is included in Docker build context", "shortDescription": {"text": "Database dump or local database file is included in Docker build context"}, "fullDescription": {"text": "Move database dumps outside the Docker build context or exclude them with .dockerignore. Keep backup and restore artifacts in private object storage or a dedicated backup workflow."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC037", "name": "[SEC037] Uncontrolled Recursion \u2014 stack/depth exhaustion: Parsing arbitrary-depth user input (XML, JSON, YAML) without a", "shortDescription": {"text": "[SEC037] Uncontrolled Recursion \u2014 stack/depth exhaustion: Parsing arbitrary-depth user input (XML, JSON, YAML) without a depth limit, or recursive function over user-controlled structure. Attacker sends `{\"a\":{\"a\":{\"a\":...10000 levels...}}}"}, "fullDescription": {"text": "Use `defusedxml.ElementTree` instead of `xml.etree.ElementTree` \u2014 it rejects deeply-nested + billion-laughs payloads.\nFor JSON: set a depth limit explicitly:\n  import json\n  data = json.loads(s)  # then validate structure depth manually\nFor YAML: always use `yaml.safe_load`. For recursive code over user input, add an explicit depth counter and bail at depth > 100."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC119", "name": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbo", "shortDescription": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "fullDescription": {"text": "Use 0600 (owner rw only) for secrets, 0644 for general files, 0700 for directories with secrets. Java: `setReadable(true, true)` (owner-only)."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_rg_s3_url_for` has cognitive complexity 15 (SonarSource scale). Cognitiv", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_rg_s3_url_for` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursio"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED089", "name": "[MINED089] Js Always False If: if (false) \u2014 branch never taken. Dead code / disabled feature.", "shortDescription": {"text": "[MINED089] Js Always False If: if (false) \u2014 branch never taken. Dead code / disabled feature."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-561 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED013", "name": "[MINED013] Password In Url (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED013] Password In Url (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED076", "name": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message", "shortDescription": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED077] Python Open No Context (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 6 more): Same pattern found in 6 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 35 more): Same pattern found in 35 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 35 more): Same pattern found in 35 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 65 more): Same pattern found in 65 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 65 more): Same pattern found in 65 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images shou"}, "fullDescription": {"text": "Replace with: `FROM ubuntu:22.04@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `eslint-plugin-mongodb` pulled from URL/Git: `dependencies.eslint-plugin-mongodb` = `file:bu", "shortDescription": {"text": "[MINED122] package.json dep `eslint-plugin-mongodb` pulled from URL/Git: `dependencies.eslint-plugin-mongodb` = `file:buildscripts/eslint-plugin-mongodb` bypasses the npm registry. No integrity hash, no version locking, no registry-side sca"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Hand", "shortDescription": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Handler `test_missing_pr_number_raises_error` is registered with router/app.patch(...) but no Depends/Security parameter is "}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `requests.append` inside async function `execute_ixscan_w_filters_w_diff_num_leaves`: `requests", "shortDescription": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_ixscan_w_filters_w_diff_num_leaves`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_flags: Test function `test_flags` runs code but contains no assert / expect / sho", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_flags: Test function `test_flags` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.get_output_path` used but never assigned in __init__: Method `get_paths` of class `GoldenTestApp` reads", "shortDescription": {"text": "[MINED108] `self.get_output_path` used but never assigned in __init__: Method `get_paths` of class `GoldenTestApp` reads `self.get_output_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attribute"}, "fullDescription": {"text": "Initialize `self.get_output_path = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN004", "name": "Consent is collected in UI without visible backend audit persistence", "shortDescription": {"text": "Consent is collected in UI without visible backend audit persistence"}, "fullDescription": {"text": "Persist consent as a backend record with subject, actor, purpose, scope, legal text version, timestamp, IP address, user agent, and revocation state."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR015", "name": "Docker build context is very large", "shortDescription": {"text": "Docker build context is very large"}, "fullDescription": {"text": "Shrink the build context with .dockerignore, move generated/runtime data outside the build context, and copy only the manifest files needed for cached dependency layers."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based o", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC113", "name": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impe", "shortDescription": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "fullDescription": {"text": "Python: load `~/.ssh/known_hosts` and use `paramiko.RejectPolicy()`. Go: implement a `ssh.HostKeyCallback` that compares against a known fingerprint. Java JSch: load known_hosts via `jsch.setKnownHosts(...)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED104", "name": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local pr", "shortDescription": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "fullDescription": {"text": "Use the least-privilege mode the file actually needs (e.g. 640 for configs, 750 for executables). For directories that genuinely need shared write access, use a group with chmod g+w and chown the right group."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED040", "name": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes.", "shortDescription": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`", "shortDescription": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import queue` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED035", "name": "[MINED035] Js New Function: new Function(...) compiles strings to functions.", "shortDescription": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED007", "name": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection.", "shortDescription": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-89 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED102", "name": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command i", "shortDescription": {"text": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command injection. An attacker controlling any interpolated value can execute arbitrary shell commands."}, "fullDescription": {"text": "Use the list form of subprocess (e.g. subprocess.run([\"cmd\", arg1, arg2])) with shell=False. Never combine shell=True with string interpolation."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python obje", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1193"}, "properties": {"repository": "mongodb/mongo", "repoUrl": "https://github.com/mongodb/mongo", "branch": "master"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_config_header` (dict): `def generate_config_header(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120191, "scanner": "repobility-ast-engine", "fingerprint": "38d2d2b9c7241a48c7125ccc3377f3b14090c48bae16433497b4f7e0ca4d2364", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|38d2d2b9c7241a48c7125ccc3377f3b14090c48bae16433497b4f7e0ca4d2364"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/util/version_constants_gen.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_config_header` (dict): `def generate_config_header(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120190, "scanner": "repobility-ast-engine", "fingerprint": "065c519694358cf845e92e2a984060603e1c07c77a4b4d6335157858a7e6990b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|065c519694358cf845e92e2a984060603e1c07c77a4b4d6335157858a7e6990b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/mongo_config_header.py"}, "region": {"startLine": 442}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_config_header` (list): `def generate_config_header(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120189, "scanner": "repobility-ast-engine", "fingerprint": "f8aed22d0026c6fa5d18bf53abec48db299e2a28cf8c44c417769e6d5f588f52", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8aed22d0026c6fa5d18bf53abec48db299e2a28cf8c44c417769e6d5f588f52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/mongo_config_header.py"}, "region": {"startLine": 442}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `setup` (dict): `def setup(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120188, "scanner": "repobility-ast-engine", "fingerprint": "5db940790597eb146d3d15e15dd8b21bf5cd1daf840d05bfaaafdf84dbde5cbe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5db940790597eb146d3d15e15dd8b21bf5cd1daf840d05bfaaafdf84dbde5cbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/fixtures/standalone.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `restart_node` (dict): `def restart_node(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120187, "scanner": "repobility-ast-engine", "fingerprint": "98776833101417e7e7023799bcbd4c5fa59fd5b3147a632ac0d7459972363d33", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98776833101417e7e7023799bcbd4c5fa59fd5b3147a632ac0d7459972363d33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/fixtures/replicaset.py"}, "region": {"startLine": 1095}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120186, "scanner": "repobility-ast-engine", "fingerprint": "ea04d3c289e020e17d088ba2d2320c1b481192d5b2c00e0b76c8ab46a727e9b4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea04d3c289e020e17d088ba2d2320c1b481192d5b2c00e0b76c8ab46a727e9b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/initialsync.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120184, "scanner": "repobility-ast-engine", "fingerprint": "90e99bf6f376655113961da946889d9e6ce1cf78de9e7e43cf452bdc4742ee4c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|90e99bf6f376655113961da946889d9e6ce1cf78de9e7e43cf452bdc4742ee4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/check_idle_cursors.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_targets` (list): `def generate_targets(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120136, "scanner": "repobility-ast-engine", "fingerprint": "b6671941c3ec146a0881f745dd2f5898423fd047f1c81fac4abde0520cfd11af", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6671941c3ec146a0881f745dd2f5898423fd047f1c81fac4abde0520cfd11af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/autogenerated_targets.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120123, "scanner": "repobility-ast-engine", "fingerprint": "a81a3c9e87e26349dbff863e40eb1ef372852ab716a42d5be5be433e58f25301", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a81a3c9e87e26349dbff863e40eb1ef372852ab716a42d5be5be433e58f25301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "x509/mkcert.py"}, "region": {"startLine": 544}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_query` (list): `def _query(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120122, "scanner": "repobility-ast-engine", "fingerprint": "7cc4dde98e5305f383f097d2ae7759ed4dac1d4b74e07e6c55266e143c6611f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7cc4dde98e5305f383f097d2ae7759ed4dac1d4b74e07e6c55266e143c6611f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/fix_headers.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120121, "scanner": "repobility-ast-engine", "fingerprint": "1ef7fa7b5ec9c3032ec05e7194c4b2c24f92264a3e9f7e7fbbedffb076675b92", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ef7fa7b5ec9c3032ec05e7194c4b2c24f92264a3e9f7e7fbbedffb076675b92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/fast_archive.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120119, "scanner": "repobility-ast-engine", "fingerprint": "fa4da0d47e0c19b8612fea5a83f231e83bc114891a086b8dacb5d647a19a6486", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa4da0d47e0c19b8612fea5a83f231e83bc114891a086b8dacb5d647a19a6486"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/s3_lock.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120118, "scanner": "repobility-ast-engine", "fingerprint": "ef4baeec4f451f29211aee6543b533f77b3ff5c604a460299147b3cf0d81ac35", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef4baeec4f451f29211aee6543b533f77b3ff5c604a460299147b3cf0d81ac35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/jepsen_report.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120116, "scanner": "repobility-ast-engine", "fingerprint": "314834d6cc050f03b9f349ff26859e27cb7b68dad8adeb595acc8fb17f860495", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|314834d6cc050f03b9f349ff26859e27cb7b68dad8adeb595acc8fb17f860495"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/validate_task_gen.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120115, "scanner": "repobility-ast-engine", "fingerprint": "546775404825a8099e925ba904fdd99aa44de8ecd6c1f61d637280720cc7ac0b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|546775404825a8099e925ba904fdd99aa44de8ecd6c1f61d637280720cc7ac0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/clang_tidy_vscode.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120114, "scanner": "repobility-ast-engine", "fingerprint": "20e0184b2ecb11b9bdf64623702931f08d3d463940dff1b5b48560deabeeb28a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20e0184b2ecb11b9bdf64623702931f08d3d463940dff1b5b48560deabeeb28a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/github_merge_queue_metrics.py"}, "region": {"startLine": 526}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120113, "scanner": "repobility-ast-engine", "fingerprint": "cc9e19308fcd7fef99666ab69af513cfa67281ced8591851b01bcab07e349236", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc9e19308fcd7fef99666ab69af513cfa67281ced8591851b01bcab07e349236"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/github_merge_queue_metrics.py"}, "region": {"startLine": 494}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120112, "scanner": "repobility-ast-engine", "fingerprint": "9efce68cd15eb6d52dc1b30f5992348a7a1600c2627ffe38199145618b26d037", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9efce68cd15eb6d52dc1b30f5992348a7a1600c2627ffe38199145618b26d037"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/github_merge_queue_metrics.py"}, "region": {"startLine": 411}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `is_valid_commit` (list): `def is_valid_commit(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120111, "scanner": "repobility-ast-engine", "fingerprint": "b35f94b2b12946020c73de74f02c323fb6fcfcac09d1f2c2210cfc38f42941cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b35f94b2b12946020c73de74f02c323fb6fcfcac09d1f2c2210cfc38f42941cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/validate_commit_message.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120110, "scanner": "repobility-ast-engine", "fingerprint": "c9d2029c3de5899d121115d1b5d7722b67405aedc73a6167cff00b431647e859", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9d2029c3de5899d121115d1b5d7722b67405aedc73a6167cff00b431647e859"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/sbom_linter.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120109, "scanner": "repobility-ast-engine", "fingerprint": "3a4bd06edddcc7bc9c2908724e56c78126ddbe0c5dc38925538609edf6583669", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a4bd06edddcc7bc9c2908724e56c78126ddbe0c5dc38925538609edf6583669"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/lint_markdown_links.py"}, "region": {"startLine": 1016}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120108, "scanner": "repobility-ast-engine", "fingerprint": "731cd8bad02c6f3e9f8a9a5b9786d3601944648f9137772fa6b0c90855bc80b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|731cd8bad02c6f3e9f8a9a5b9786d3601944648f9137772fa6b0c90855bc80b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/lint_markdown_links.py"}, "region": {"startLine": 737}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120107, "scanner": "repobility-ast-engine", "fingerprint": "9dcf776675ed86dc6b8b313f14ae2dfe5b2d10ce8e63c18cca21f68aef965f8c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9dcf776675ed86dc6b8b313f14ae2dfe5b2d10ce8e63c18cca21f68aef965f8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/generate_result_tasks.py"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120094, "scanner": "repobility-ast-engine", "fingerprint": "0cee576e9def8bac5a4d4f614e6dc40b1de56ca917dad4a81e19452b60d28075", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0cee576e9def8bac5a4d4f614e6dc40b1de56ca917dad4a81e19452b60d28075"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/archive_artifacts.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120087, "scanner": "repobility-ast-engine", "fingerprint": "89a9dd94db51b96e5d062fc39f974b989bb1e3b3c6c790a9f0b4953337fa6aa0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89a9dd94db51b96e5d062fc39f974b989bb1e3b3c6c790a9f0b4953337fa6aa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/create_todo_tickets.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120086, "scanner": "repobility-ast-engine", "fingerprint": "836181b082e75b6c355d433d8c60d30031660c6c1997347083563370cd609eb8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|836181b082e75b6c355d433d8c60d30031660c6c1997347083563370cd609eb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 402}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120085, "scanner": "repobility-ast-engine", "fingerprint": "855faefb6fd082f003ca1110e1d7d2335da069e1fe7f2162de419f6cffeb31d3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|855faefb6fd082f003ca1110e1d7d2335da069e1fe7f2162de419f6cffeb31d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120084, "scanner": "repobility-ast-engine", "fingerprint": "52f8740385ce7eed74627509ae8edfb04481d9cb88509bfcaa0b11ea6125f6b5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|52f8740385ce7eed74627509ae8edfb04481d9cb88509bfcaa0b11ea6125f6b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 424}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120076, "scanner": "repobility-ast-engine", "fingerprint": "03ae1947a2630d84251d43f7ab29a85b1827ea8d7d7716b8771c59f2745a1706", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03ae1947a2630d84251d43f7ab29a85b1827ea8d7d7716b8771c59f2745a1706"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/evergreen_expansions2bash.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120067, "scanner": "repobility-ast-engine", "fingerprint": "2e844454cf5172b6e393c43f40f86fd40222ef7ac64edf108f28463b3f03e967", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e844454cf5172b6e393c43f40f86fd40222ef7ac64edf108f28463b3f03e967"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/compare_evergreen_versions.py"}, "region": {"startLine": 284}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120066, "scanner": "repobility-ast-engine", "fingerprint": "c23d2287776e3b0649aad5809571b9986451e9d4538728121d731fd25a0f6dc7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c23d2287776e3b0649aad5809571b9986451e9d4538728121d731fd25a0f6dc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/compare_evergreen_versions.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120065, "scanner": "repobility-ast-engine", "fingerprint": "5ce8c75fcabb459275fb88814b6bf0b6816c7e44c4974bd8528b93144d173c31", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ce8c75fcabb459275fb88814b6bf0b6816c7e44c4974bd8528b93144d173c31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/compare_evergreen_versions.py"}, "region": {"startLine": 727}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120064, "scanner": "repobility-ast-engine", "fingerprint": "09c9a7c27a92298e774bccfc5cb20e4a43080815b029254a13c9c5651a876a8a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09c9a7c27a92298e774bccfc5cb20e4a43080815b029254a13c9c5651a876a8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/compare_evergreen_versions.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120063, "scanner": "repobility-ast-engine", "fingerprint": "582dce4a723196caccbf19bf1f8ba6c41a0d031662661d0f4fa74e3542dc1be8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|582dce4a723196caccbf19bf1f8ba6c41a0d031662661d0f4fa74e3542dc1be8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/compare_evergreen_versions.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120062, "scanner": "repobility-ast-engine", "fingerprint": "3f6c7f9aa9a2d11fb73468a8f14009f2fb05e4ac6ed6aec512c932b58ed9e93d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f6c7f9aa9a2d11fb73468a8f14009f2fb05e4ac6ed6aec512c932b58ed9e93d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/compare_evergreen_versions.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 120061, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 120059, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Flask"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120058, "scanner": "repobility-docker", "fingerprint": "13127e0931cd66225d7c71dbd45469f315ad9cc3f904a95f5c166e7c70fdac6c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine@sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|13127e0931cd66225d7c71dbd45469f315ad9cc3f904a95f5c166e7c70fdac6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/zstandard/zstd/contrib/docker/Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120056, "scanner": "repobility-docker", "fingerprint": "458577243618b83935fef26228ad0bc7276a3cef83340d239232c258a932784e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/windows/servercore:ltsc2019", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|458577243618b83935fef26228ad0bc7276a3cef83340d239232c258a932784e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/toolchains/dockerfile/rbe_windows2019/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120055, "scanner": "repobility-docker", "fingerprint": "7b4b5e81498d22cb240b0944545801bba4580c42f565c2844b783f6b244c610e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-x86_64-linux-musl", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7b4b5e81498d22cb240b0944545801bba4580c42f565c2844b783f6b244c610e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_x86_64-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120054, "scanner": "repobility-docker", "fingerprint": "48c4677c0c14d8bc35ae0350f2a8c7980bb1e336845cfd490e82ed73062e2a88", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-x86_64-linux-gnu", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|48c4677c0c14d8bc35ae0350f2a8c7980bb1e336845cfd490e82ed73062e2a88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_x86_64-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120053, "scanner": "repobility-docker", "fingerprint": "8d12fdf4302fc406e970567b7ae2870c7944fef1fe2d7825841d82b0fe3166c7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-x86_64-darwin", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8d12fdf4302fc406e970567b7ae2870c7944fef1fe2d7825841d82b0fe3166c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_x86_64-darwin/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120052, "scanner": "repobility-docker", "fingerprint": "e5e70a0e5be16ce8005ef32ebef336e4ccb26d040b5040e0594d4ac9441d60eb", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-x86-mingw32", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e5e70a0e5be16ce8005ef32ebef336e4ccb26d040b5040e0594d4ac9441d60eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_x86-mingw32/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120051, "scanner": "repobility-docker", "fingerprint": "54db95c183307a0762f82d4c576e15a766864a61b72e77954baebe7d89a63811", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-x86-linux-musl", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|54db95c183307a0762f82d4c576e15a766864a61b72e77954baebe7d89a63811"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_x86-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120050, "scanner": "repobility-docker", "fingerprint": "07f21782699097e48a8f34a258ae5c6748ddb7593c455a5af2e5767a9a69c7ee", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-x86-linux-gnu", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|07f21782699097e48a8f34a258ae5c6748ddb7593c455a5af2e5767a9a69c7ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_x86-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120049, "scanner": "repobility-docker", "fingerprint": "77cb82a86265d4332ff3fcf8ea295bcb93c286c7a7f9fb8ea6226b1cc4e547bc", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-x64-mingw-ucrt", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|77cb82a86265d4332ff3fcf8ea295bcb93c286c7a7f9fb8ea6226b1cc4e547bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_x64-mingw-ucrt/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120048, "scanner": "repobility-docker", "fingerprint": "3dfb50adf6dbd1fe4ce41e39f6aa4a7b423784bf9ea10a5a5722c721f787a152", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-arm64-darwin", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3dfb50adf6dbd1fe4ce41e39f6aa4a7b423784bf9ea10a5a5722c721f787a152"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_arm64-darwin/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120047, "scanner": "repobility-docker", "fingerprint": "7d3b0e5e7ab15a1b698a28be703caead20f935e3523d77cd384067e4deb8f70a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-aarch64-linux-musl", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7d3b0e5e7ab15a1b698a28be703caead20f935e3523d77cd384067e4deb8f70a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_aarch64-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120046, "scanner": "repobility-docker", "fingerprint": "775d334a33b91b2cf9dfc1226c79b7f5b7bb857885f452cef691a961e74d27d9", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rake-compiler/rake-compiler-dock-image:1.9.1-mri-aarch64-linux-gnu", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|775d334a33b91b2cf9dfc1226c79b7f5b7bb857885f452cef691a961e74d27d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/third_party/rake-compiler-dock/rake_aarch64-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120045, "scanner": "repobility-docker", "fingerprint": "5b392e41854da3f925db5b496cbff4f35ce63a7f80034e060411fce2607565f3", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.9-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5b392e41854da3f925db5b496cbff4f35ce63a7f80034e060411fce2607565f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.server"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120039, "scanner": "repobility-docker", "fingerprint": "c529622e056b734bf850772b9915ee2219600671dec15278d0872fb6b57f0cbb", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.9-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c529622e056b734bf850772b9915ee2219600671dec15278d0872fb6b57f0cbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.client"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120033, "scanner": "repobility-docker", "fingerprint": "3ce81b0e6e02f6b08c267eb1b340ec84b2a07e1207f0d0108d14f4d4a74a6a86", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.9-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3ce81b0e6e02f6b08c267eb1b340ec84b2a07e1207f0d0108d14f4d4a74a6a86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.server"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120027, "scanner": "repobility-docker", "fingerprint": "63848dc96803b584f304c884a4a2613b7b26df612ed76730ea9b0fe64f828d71", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.9-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|63848dc96803b584f304c884a4a2613b7b26df612ed76730ea9b0fe64f828d71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.client"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120021, "scanner": "repobility-docker", "fingerprint": "e9fd839d8ae460cdb24cb9c97d76079b239e4c1c7e5c6337f4d67916ce3ac4d4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.9-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e9fd839d8ae460cdb24cb9c97d76079b239e4c1c7e5c6337f4d67916ce3ac4d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.server"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120015, "scanner": "repobility-docker", "fingerprint": "b8d477db8ded9df2a3ca333aeec91e815c8c8d5ec14b425911e72fa9dd3df500", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.9-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b8d477db8ded9df2a3ca333aeec91e815c8c8d5ec14b425911e72fa9dd3df500"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.client"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120009, "scanner": "repobility-docker", "fingerprint": "d9991a82a717addf325d7e01de18ac3cfc9e59dbfaf0664dc5067d36a2998f2b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d9991a82a717addf325d7e01de18ac3cfc9e59dbfaf0664dc5067d36a2998f2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/workload/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120004, "scanner": "repobility-docker", "fingerprint": "98fd59c6fd725333a4f16dc1fb27c5802e59acda34371eadff7de23a541448ad", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|98fd59c6fd725333a4f16dc1fb27c5802e59acda34371eadff7de23a541448ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/mongo_binaries/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120002, "scanner": "repobility-docker", "fingerprint": "4a7e7d4a6e31331a90054a86aaa230824932edae7f9814dd3394f036736f7fdd", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04@sha256:186072bba1b2f436cbb91ef2567abca677337cfc786c86e107d25b7072feef0c", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4a7e7d4a6e31331a90054a86aaa230824932edae7f9814dd3394f036736f7fdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/ubuntu24/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120001, "scanner": "repobility-docker", "fingerprint": "858f8cc31d6aaaf72fea230f5f7198f7a6a1c7d6ce768ebca9128bd3817e014c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04@sha256:ce4a593b4e323dcc3dd728e397e0a866a1bf516a1b7c31d6aa06991baec4f2e0", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|858f8cc31d6aaaf72fea230f5f7198f7a6a1c7d6ce768ebca9128bd3817e014c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/ubuntu22/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120000, "scanner": "repobility-docker", "fingerprint": "52e70fc63cbc80566966bad726a2ea2329f6ca0dfee0c297ed89a66792dcbe25", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|52e70fc63cbc80566966bad726a2ea2329f6ca0dfee0c297ed89a66792dcbe25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/ubuntu20/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119999, "scanner": "repobility-docker", "fingerprint": "a2223417e01b5b150b02dfce932b7b407e7a6f19b4cd3f54a5c5e804f0e847f4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a2223417e01b5b150b02dfce932b7b407e7a6f19b4cd3f54a5c5e804f0e847f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/ubuntu18/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119998, "scanner": "repobility-docker", "fingerprint": "dbcb0230dd6a2e0f3a937d191d5d15e5fe4b33deafc0eeb31259f9ff109a2288", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "opensuse/leap:15.2@sha256:dfa464ed7bc25fb77ad652d4e722cb0e78fc230425846be10e51dda1f43aa5c9", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dbcb0230dd6a2e0f3a937d191d5d15e5fe4b33deafc0eeb31259f9ff109a2288"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/suse/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119997, "scanner": "repobility-docker", "fingerprint": "2a7a9ed05289619c2138336a9c1a79f14b325488f2e545a69214fa1c5929a3a6", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "redhat/ubi9:9.3@sha256:66233eebd72bb5baa25190d4f55e1dc3fff3a9b77186c1f91a0abdb274452072", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2a7a9ed05289619c2138336a9c1a79f14b325488f2e545a69214fa1c5929a3a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/rhel93/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119996, "scanner": "repobility-docker", "fingerprint": "b7ffa137a7e5ff5bf093a4ec929e2b56f5f4421de0136ee2c756ce9e6eb3e112", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "redhat/ubi8:8.9@sha256:83068ea81dd02717b8e39b55cdeb2c1b2c9a3db260f01381b991755d44b15073", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b7ffa137a7e5ff5bf093a4ec929e2b56f5f4421de0136ee2c756ce9e6eb3e112"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/rhel89/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119995, "scanner": "repobility-docker", "fingerprint": "6169c0173d0c91de33de5394f7a0758ef03a9baed87a84de67bf338f1e609896", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "redhat/ubi10:10.0@sha256:158b70012c4898a0951abc5b4f98cefff6ec6bff3fb99957ff2f1793df7c681a", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6169c0173d0c91de33de5394f7a0758ef03a9baed87a84de67bf338f1e609896"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/rhel10/dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119994, "scanner": "repobility-docker", "fingerprint": "91e8b1a74c1fe1cd8a58a3280c9facb4ff95cd3e151b2a11670b306439752309", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:12@sha256:bc960ef50e6feed90686c593361df158517556ed1d2d98e5d1df3724024e0f49", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|91e8b1a74c1fe1cd8a58a3280c9facb4ff95cd3e151b2a11670b306439752309"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/debian12/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119993, "scanner": "repobility-docker", "fingerprint": "b8841b189fab509bd653fd5297d3bfb233aafa01b7c965f8afc9f314e753869b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:10@sha256:58ce6f1271ae1c8a2006ff7d3e54e9874d839f573d8009c20154ad0f2fb0a225", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b8841b189fab509bd653fd5297d3bfb233aafa01b7c965f8afc9f314e753869b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/debian10/dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119992, "scanner": "repobility-docker", "fingerprint": "4eeb17fea75b003c4a5e8ac5a85df8d8a3ea330d9ebe70278fdab6daa5426ba4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "amazonlinux:2023@sha256:162fc5b69e11e81023f83a1ab618b184927ff3002d0852432af3b6ae4a1b5304", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4eeb17fea75b003c4a5e8ac5a85df8d8a3ea330d9ebe70278fdab6daa5426ba4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/amazon_linux_2023/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 119991, "scanner": "repobility-docker", "fingerprint": "3f757ef6df48bd4a37fc35bb417c7161380d6a89f20881855a5bc3796b8470d5", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "amazonlinux:2@sha256:a9e1e216e0461552dd0dc6521d2712ba180dcabd4c9b43c47c3b21b857f755a1", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3f757ef6df48bd4a37fc35bb417c7161380d6a89f20881855a5bc3796b8470d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/remote_execution_container/amazon_linux_2/dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 119990, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR018", "level": "warning", "message": {"text": "Database dump or local database file is included in Docker build context"}, "properties": {"repobilityId": 119986, "scanner": "repobility-docker", "fingerprint": "655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like artifacts are reachable from the Docker build context and are not ignored.", "evidence": {"rule_id": "DKR018", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "database_artifacts": [{"path": "jstests/noPassthrough/query/external_data_source.bson", "size_mb": 0.0}]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 119984, "scanner": "repobility-agent-runtime", "fingerprint": "d67f393b7d3c32ccdb4960de90e9663ea9245511819e0bf83ab834e67e1c5f72", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d67f393b7d3c32ccdb4960de90e9663ea9245511819e0bf83ab834e67e1c5f72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongo_rg_builds/build_rg_manylinux2014.sh"}, "region": {"startLine": 73}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 119983, "scanner": "repobility-agent-runtime", "fingerprint": "eb127859f4185c14bc9efc23d9a465f810d2643c77a5c70a5dbd17e12fd450aa", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|eb127859f4185c14bc9efc23d9a465f810d2643c77a5c70a5dbd17e12fd450aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongo_rg_builds/build_rg_macos_universal.sh"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119957, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6aec4b1c0e17f307c3ea8eaef7f9c10f6a82740706b4d1acc9053f17265e072a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|6aec4b1c0e17f307c3ea8eaef7f9c10f6a82740706b4d1acc9053f17265e072a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/sharding/query/update/update_shard_key_pipeline_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119956, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b9562936f1a45982ec7c5083933caafb018c41c6471a0d9174b00aeb6804ffd6", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|b9562936f1a45982ec7c5083933caafb018c41c6471a0d9174b00aeb6804ffd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/sharding/migration_blocking_operation/coordinate_multi_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119955, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da46160b0912ff958289cecbe6dc8de0bb87748c8dd043451a48e7f1cb472cb8", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|da46160b0912ff958289cecbe6dc8de0bb87748c8dd043451a48e7f1cb472cb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/noPassthrough/timeseries/write/timeseries_use_after_meta_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119954, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71ae0d8dd95caeb6019bb7c6f87c2a59af24f63856c355c8ba1cc95505a1d860", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|71ae0d8dd95caeb6019bb7c6f87c2a59af24f63856c355c8ba1cc95505a1d860"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/noPassthrough/timeseries/updates_deletes/timeseries_direct_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119953, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8cb5e30a2bb2ecb914b8f3a45913fc9b055e252edf9eda174e8383304d57cbe", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|f8cb5e30a2bb2ecb914b8f3a45913fc9b055e252edf9eda174e8383304d57cbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/noPassthrough/timeseries/updates_deletes/intermediate_data_consistency_check_arbitrary_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119952, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcceef5d2fc6486e00609b8add7cc3f27031d0d852528971dd1d91d830799717", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|fcceef5d2fc6486e00609b8add7cc3f27031d0d852528971dd1d91d830799717"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/noPassthrough/timeseries/timeseries_buckets_oplog_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119951, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a69d74ed602f84b0ff98d10585ae76979b512143245267036cd90bfb21f4c4f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|4a69d74ed602f84b0ff98d10585ae76979b512143245267036cd90bfb21f4c4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/noPassthrough/query/interruptedAtShutdown_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119950, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27f9219b717b6d9a5e3b87ec48f50dec2d1f4c8b35776b2e48fc69de6c422fdf", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|27f9219b717b6d9a5e3b87ec48f50dec2d1f4c8b35776b2e48fc69de6c422fdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/noPassthrough/query/accumulator_bug_fix.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119949, "scanner": "repobility-ai-code-hygiene", "fingerprint": "427de46669233bff7dc6b1e8a6dbd6df5098d002a02b96e7fc78389567112bc0", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|427de46669233bff7dc6b1e8a6dbd6df5098d002a02b96e7fc78389567112bc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/noPassthrough/index_builds/hybrid_partial_index_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119948, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0a4d6a1de7f970050f43f09f8e835fc146bbc75dcfec45a973f3e3dfd69581e9", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|0a4d6a1de7f970050f43f09f8e835fc146bbc75dcfec45a973f3e3dfd69581e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/noPassthrough/ddl/clear_jumbo_flag_balancer_sees_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119947, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2a9d1743fdfa351665f4bfd487275c57bf2286f7fe9a576e453ed885c982a7d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|d2a9d1743fdfa351665f4bfd487275c57bf2286f7fe9a576e453ed885c982a7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/timeseries/write/timeseries_insert_after_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119946, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c0c9330d7da4dc94c98bf81f648f6606e210f9ed7f69862a729b157d6367819", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|2c0c9330d7da4dc94c98bf81f648f6606e210f9ed7f69862a729b157d6367819"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/timeseries/query/timeseries_find_and_modify_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119945, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c8ea4c31753b1cf5f4762f9389f6d1828a693ab5810213085bfbf34c52905557", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|c8ea4c31753b1cf5f4762f9389f6d1828a693ab5810213085bfbf34c52905557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/timeseries/query/timeseries_explain_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119944, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d667694316a52180b37fc14c862d90859e02cb884e5754e3f462bd56d61dd93", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8d667694316a52180b37fc14c862d90859e02cb884e5754e3f462bd56d61dd93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/query_settings/query_settings_lost_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119943, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5260a15dc31142fd919b6b5d35307b06b43f2d23b5d99da120b979c41c6c8482", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|5260a15dc31142fd919b6b5d35307b06b43f2d23b5d99da120b979c41c6c8482"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/internal_apply_oplog_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119942, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2302077c2074b91391656eede436e0d4615365fd286a19201f87a8b38d561545", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|2302077c2074b91391656eede436e0d4615365fd286a19201f87a8b38d561545"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/find_and_modify/find_and_modify_pipeline_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119941, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b973231a4e8364c6eac676e031fd22bc79472aa88d8a19d53d37d504aa43906f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|b973231a4e8364c6eac676e031fd22bc79472aa88d8a19d53d37d504aa43906f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/find_and_modify/find_and_modify_empty_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119940, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ccea0c4fc5aec79bed963b2891af8aac423b1b1fffed572e6d6e42d2d45b72dd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|ccea0c4fc5aec79bed963b2891af8aac423b1b1fffed572e6d6e42d2d45b72dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/find_and_modify/find_and_modify_concurrent_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119939, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b6b3e6b15bbf09fae779114c6cac354e7dcb9d678ccb66d78679b21d2368884e", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|b6b3e6b15bbf09fae779114c6cac354e7dcb9d678ccb66d78679b21d2368884e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/batch_write/batch_write_command_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119938, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73eb740a80ad3e2936e6519b3af8806d4b00d193385a334fce1f30f33cffb980", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|73eb740a80ad3e2936e6519b3af8806d4b00d193385a334fce1f30f33cffb980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/timeseries/timeseries_collmod_granularity_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119937, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a49be898a72e87d46cdf5af0f084b5bba60d69d08dd273f75552708c6ff158d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|5a49be898a72e87d46cdf5af0f084b5bba60d69d08dd273f75552708c6ff158d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/random_moveChunk/random_moveChunk_timeseries_findAndModify_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119936, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68f9ebc7a948a75ad70f135c91a767813c76f8a41cb253f26cf1350a1ada363a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "new", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|68f9ebc7a948a75ad70f135c91a767813c76f8a41cb253f26cf1350a1ada363a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/query/agg/agg_merge_when_matched_replace_with_new.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119935, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8734b8ed742f2343b45d24962a42c5a1e4c85131b623cc44859ae0b6ac8e0471", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "rewrite", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8734b8ed742f2343b45d24962a42c5a1e4c85131b623cc44859ae0b6ac8e0471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_updateDescription_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119934, "scanner": "repobility-ai-code-hygiene", "fingerprint": "141d7112285ba6aa6236a86ea6ab1293c55de6251e58507f39133d5c9f2208f3", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "rewrite", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|141d7112285ba6aa6236a86ea6ab1293c55de6251e58507f39133d5c9f2208f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_to_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119933, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60a99404cf638bb7969fed5552dd56ee09ef07388f7d6ad624f06381cce97fdb", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "rewrite", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|60a99404cf638bb7969fed5552dd56ee09ef07388f7d6ad624f06381cce97fdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_operation_type_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119932, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1801a9877a43dd7ef92ad70bbb79a87b8b18999da787e678e26e68b2aadb712b", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "rewrite", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|1801a9877a43dd7ef92ad70bbb79a87b8b18999da787e678e26e68b2aadb712b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_namespace_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119931, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8f2452279941286db6dec0977c411ad8cdba804600594a26331e4b750b70418", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "rewrite", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|b8f2452279941286db6dec0977c411ad8cdba804600594a26331e4b750b70418"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_fullDocument_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119930, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0260176ac27e7705f2c9801e263ccd2232b4626176233ad0f5ed80b22081eac6", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "rewrite", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|0260176ac27e7705f2c9801e263ccd2232b4626176233ad0f5ed80b22081eac6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_fullDocumentBeforeChange_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119929, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b1a0bd2402b6b6a759df414b326c87d0ea91d95edfd15a133456c01264e53f2", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "rewrite", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|6b1a0bd2402b6b6a759df414b326c87d0ea91d95edfd15a133456c01264e53f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_documentKey_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 119928, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c22df7875648427d8ea0578149d68061207cf0bb2cd00d0da1ec5b667d462a4", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "rewrite", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|2c22df7875648427d8ea0578149d68061207cf0bb2cd00d0da1ec5b667d462a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_basic_match_pushdown_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 119918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29c0265cce8107b92f2c7f5279683c9304d9f5e9f3552115f0680fe1dd26fbfe", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "new", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "jstests/core/query/find_and_modify/find_and_modify.js", "correlation_key": "fp|29c0265cce8107b92f2c7f5279683c9304d9f5e9f3552115f0680fe1dd26fbfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/find_and_modify/find_and_modify_new.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 119913, "scanner": "repobility-ai-code-hygiene", "fingerprint": "380f17e29194f78ebc38b85bd295288e68d03df1368e1938eda1ba64c75d3dbb", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "update", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "jstests/core/capped/capped.js", "correlation_key": "fp|380f17e29194f78ebc38b85bd295288e68d03df1368e1938eda1ba64c75d3dbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/capped/capped_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 119908, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08ae44a2f7d66f0696d29238e66fa98136d92d06bf01fc64ba68fe364ec98f1f", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "update", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "jstests/concurrency/fsm_workloads/query/explain/explain.js", "correlation_key": "fp|08ae44a2f7d66f0696d29238e66fa98136d92d06bf01fc64ba68fe364ec98f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/query/explain/explain_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 119892, "scanner": "repobility-threat-engine", "fingerprint": "4f0287c465be310d1732e09bf5fb6b1b9d1c603e14c4e397b6f23ac094b221f9", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "key: Random.randInt", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|75|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/query/map_reduce/map_reduce_inline.js"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 119891, "scanner": "repobility-threat-engine", "fingerprint": "d65450f25ecb765299bfabda3b1761ad42b2d3058c3b9a4ab797c97d13d5de7a", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "key: Random.randInt", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|63|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/query/map_reduce/map_reduce_drop.js"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 119888, "scanner": "repobility-threat-engine", "fingerprint": "2e8b1b5a452955d3b298610a4cfece81091e61eb8b6e76ca6c7235634896e7c8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2e8b1b5a452955d3b298610a4cfece81091e61eb8b6e76ca6c7235634896e7c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/crud/reindex/reindex.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 119886, "scanner": "repobility-threat-engine", "fingerprint": "29a2fe0d6a2c95ecca5e57d2ee8e5c986f3e88a6c3a6370aa6bd94304645c0f6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random();\n// print( \"password", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|29a2fe0d6a2c95ecca5e57d2ee8e5c986f3e88a6c3a6370aa6bd94304645c0f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/administrative/auth1.js"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 119885, "scanner": "repobility-threat-engine", "fingerprint": "d9af7cf1798064163ba293ed70de551b457281339a655c3c3d071c5ffb458ee3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "nOnce = Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d9af7cf1798064163ba293ed70de551b457281339a655c3c3d071c5ffb458ee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/compact/auto_compact.js"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 119884, "scanner": "repobility-threat-engine", "fingerprint": "e6fc2c14b01005bc82d8040728a51b2641ac1b7f690918a302ad9dd045336d42", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "keys(shardInfo.shards);\n                const randomIndex = Math.floor(Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e6fc2c14b01005bc82d8040728a51b2641ac1b7f690918a302ad9dd045336d42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/cleanup_orphaned_with_balancer.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 119876, "scanner": "repobility-threat-engine", "fingerprint": "ab15c216cfbe4be1319e6e7ce4b453318c6bdb32add984e4103073a9682c964a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (err) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ab15c216cfbe4be1319e6e7ce4b453318c6bdb32add984e4103073a9682c964a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/auth/logout_reconnect.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 119875, "scanner": "repobility-threat-engine", "fingerprint": "785a24ff4c77535e663c9ceb9f4e7bd490ddeee5722335d05ae17796dc1e35ec", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) {\n    }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|785a24ff4c77535e663c9ceb9f4e7bd490ddeee5722335d05ae17796dc1e35ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/aggregation/sources/group/group_by_system_variable.js"}, "region": {"startLine": 19}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 119874, "scanner": "repobility-threat-engine", "fingerprint": "6ee3afcb4bcd740df81267db6d6722c5a52272112ddbb496ba95147d99a64b26", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6ee3afcb4bcd740df81267db6d6722c5a52272112ddbb496ba95147d99a64b26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/aggregation/exec/agg_drop_index.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 119872, "scanner": "repobility-threat-engine", "fingerprint": "3d074183237166c5d6efe19f21addbf02d9e7c25689642b8a8f32063611333d5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3d074183237166c5d6efe19f21addbf02d9e7c25689642b8a8f32063611333d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/resmoke_tests_execute_bazel.sh"}, "region": {"startLine": 167}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 119869, "scanner": "repobility-threat-engine", "fingerprint": "2e72e0648ae256bc821413949afb94ed3ae50c1b3d9be48d9ea1b3f74dbb3242", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.9 bits) \u2014 may be placeholder or common string Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "PASSWORD=\"<redacted>}\"", "reason": "Low entropy value (3.9 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|password redacted", "duplicate_count": 1, "duplicate_rule_ids": ["SEC001"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["2e72e0648ae256bc821413949afb94ed3ae50c1b3d9be48d9ea1b3f74dbb3242", "48b01657a6e5fd7d91ade4b0d6486a57a71553985da630fd450e788f2f7254ca"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/write_sast_report_env_file.sh"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 119868, "scanner": "repobility-threat-engine", "fingerprint": "4c67f0d7d867c6864006b217a8f63130835ef7863821eed01b873e2e9f3d0945", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (2.9 bits) \u2014 may be placeholder or common string", "evidence": {"match": "passwd='<redacted>}'", "reason": "Low entropy value (2.9 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|passwd redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/functions/credentials_setup.sh"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 119860, "scanner": "repobility-threat-engine", "fingerprint": "3e36715d2ed1a6507d0f36fba6c90c22339320fa79eb6fd5ebe00ec47d26a388", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|23|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/spawnhost/extract_artifacts.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 119859, "scanner": "repobility-threat-engine", "fingerprint": "ced58f894320ac76c3ad6dee50446ef3981f77b006de8136fcbe9ab5ac3d9af7", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|evergreen/macos_notary.py|38|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/macos_notary.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 119858, "scanner": "repobility-threat-engine", "fingerprint": "b275ab88ee4306dff521fa928ddef31ca7944da38197296990a2a28c6b5d682d", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|100|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/setup_multiversion/download.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC037", "level": "warning", "message": {"text": "[SEC037] Uncontrolled Recursion \u2014 stack/depth exhaustion: Parsing arbitrary-depth user input (XML, JSON, YAML) without a depth limit, or recursive function over user-controlled structure. Attacker sends `{\"a\":{\"a\":{\"a\":...10000 levels...}}}` to blow the stack. Real CVEs: CVE-2019-16935 (Python xmlrpc), CVE-2020-25659 (PyYAML before 5.4). CWE-674/1325."}, "properties": {"repobilityId": 119817, "scanner": "repobility-threat-engine", "fingerprint": "87d210a5aec78723909f98d99214af19c1c6843f2fe99e2bee75bd8e7a0970f1", "category": "resource_exhaustion", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.safe_load(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC037", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|87d210a5aec78723909f98d99214af19c1c6843f2fe99e2bee75bd8e7a0970f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/apply_clang_tidy_fixes.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 119799, "scanner": "repobility-threat-engine", "fingerprint": "276bd8617e55b35f656f705bf4506a029821d99d89e20b9a0b421e283fddc393", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        with urllib.request.urlopen(url, timeout=30) as response:\n            stats = json.load", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|276bd8617e55b35f656f705bf4506a029821d99d89e20b9a0b421e283fddc393"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/download_historic_runtimes.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 119797, "scanner": "repobility-threat-engine", "fingerprint": "788e964376d4c8fe559aba285667a20fa049104f0c49fc3992a72f472c5aad10", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|788e964376d4c8fe559aba285667a20fa049104f0c49fc3992a72f472c5aad10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/archive_artifacts.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 119796, "scanner": "repobility-threat-engine", "fingerprint": "e44bf0d44873d5901b507c129085b5adc25f17df2929fe3b8311d935a6d0006d", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e44bf0d44873d5901b507c129085b5adc25f17df2929fe3b8311d935a6d0006d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/generate_common_bes_bazelrc.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 119795, "scanner": "repobility-threat-engine", "fingerprint": "b003010127389cd0f512b3e0fe4235d8e37f4faa1fc93342d050a61683f559a5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b003010127389cd0f512b3e0fe4235d8e37f4faa1fc93342d050a61683f559a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 119790, "scanner": "repobility-threat-engine", "fingerprint": "ca0aee68cef9c89314e73a814f2086e3e52ba3f8866dc8702751615abafb2238", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|77|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 119783, "scanner": "repobility-threat-engine", "fingerprint": "d4c1df3a6dfe694c79deb6a40a141ea8ed9c1bcea0205095bebf5e54768a5dfa", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|buildscripts/sbom/config.py|136|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/sbom/config.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 119782, "scanner": "repobility-threat-engine", "fingerprint": "60469929ff5919365ea8ec44f2e4a0c1585fbcca8c47b31c760108b01fe26d9d", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|80|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/local_rbe_container_url.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 119781, "scanner": "repobility-threat-engine", "fingerprint": "6e75a5b65a1bcde78571f27218d5553146f1d38fd9bb2ab672b99e2a5c3770f3", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|46|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/platforms/remote_execution_containers_generator.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 119775, "scanner": "repobility-threat-engine", "fingerprint": "6812b8ddbb3b99c7fa89aa94fa2d0a99d2b65504d01e10a8b305dc3776307b67", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n            [\"mongorestore\", \"--nsInclude\", f\"{self.config.database_name}.*\", \"--dro", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|71|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/database_instance.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 119774, "scanner": "repobility-threat-engine", "fingerprint": "38558cbe2fc21e10a473d8ff180fc91f7553f6e01fa39321f37904e593cd58a0", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(f\"{binary_path} export {CLUSTER}\", shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|117|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/engflow_auth/engflow_auth.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 119773, "scanner": "repobility-threat-engine", "fingerprint": "49659bd83be2b048cd81733f6cf07a3f314961c93bc3160e8f348ff4e016536f", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.check_output(cmd,shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|20|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/install_rules/pretty_printer_test_creator.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 119771, "scanner": "repobility-threat-engine", "fingerprint": "ec3cac33c597d7e25bf30c7c4a62add813a16c9959f901f531a690a27f68b6a4", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.chmod(gpgdir, 0o700)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|74|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/mongot_extension_signing_key/gpg_export_armored_key.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 119770, "scanner": "repobility-threat-engine", "fingerprint": "b0ba5e0fdcc1385873cf3cafa93adfb1734456af6ae9afd9c689b3538b14be57", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.chmod(args.install_dir, 0o755)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|15|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/install_rules/install_rules.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 119769, "scanner": "repobility-threat-engine", "fingerprint": "b21dfb61ffe18c99498f3d50f43c8812353e0ac172b5d0699a5be99098bc755a", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.chmod(gpgdir, 0o700)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|bazel/gpg_signer.py|79|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/gpg_signer.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_rg_s3_url_for` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=9, nested_bonus=6."}, "properties": {"repobilityId": 119753, "scanner": "repobility-threat-engine", "fingerprint": "05fd123dea53a678f8044bf56c56f8b435575606bb5a46d33432cd97e23a3332", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_rg_s3_url_for", "breakdown": {"if": 9, "nested_bonus": 6}, "complexity": 15, "correlation_key": "fp|05fd123dea53a678f8044bf56c56f8b435575606bb5a46d33432cd97e23a3332"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/auto_header/ensure_fd.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 119740, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120044, "scanner": "repobility-docker", "fingerprint": "9a2de55ea1a4bb60b142a465fbde567a7dd29c67f520ba9f4395c451ce0db494", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9a2de55ea1a4bb60b142a465fbde567a7dd29c67f520ba9f4395c451ce0db494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.server"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120043, "scanner": "repobility-docker", "fingerprint": "38cee14a13a1bdf71cce83f7f633c97059888b900eeb1eeb433d550da3096f54", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|38cee14a13a1bdf71cce83f7f633c97059888b900eeb1eeb433d550da3096f54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.server"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120041, "scanner": "repobility-docker", "fingerprint": "b5fc6bb519cfead19bdc450d6f3fbee947f853c2cc4bde77a21a8b814a8c5700", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b5fc6bb519cfead19bdc450d6f3fbee947f853c2cc4bde77a21a8b814a8c5700"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.server"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120040, "scanner": "repobility-docker", "fingerprint": "6897f81dc630e2a8b7bd8da3ac322100fff858637644d9a7a5f6ddf8d47f9f95", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|6897f81dc630e2a8b7bd8da3ac322100fff858637644d9a7a5f6ddf8d47f9f95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.server"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120038, "scanner": "repobility-docker", "fingerprint": "8426696c5ac2f0360663bccb017b3c0bc161ed8a63c0a09e76523895c086a286", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8426696c5ac2f0360663bccb017b3c0bc161ed8a63c0a09e76523895c086a286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.client"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120037, "scanner": "repobility-docker", "fingerprint": "ab4b002e5dda97189a06918787da1fbd8cc4777326e7840ef3b010fc0a3b2a18", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ab4b002e5dda97189a06918787da1fbd8cc4777326e7840ef3b010fc0a3b2a18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.client"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120035, "scanner": "repobility-docker", "fingerprint": "2348b90abd4e01e52847543e6f5ec8c85a2f7b5ab3c05dd9ea364b371061bbf6", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2348b90abd4e01e52847543e6f5ec8c85a2f7b5ab3c05dd9ea364b371061bbf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.client"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120034, "scanner": "repobility-docker", "fingerprint": "7d27f06948cc8a5790c0c40da9f729b304748df0e602d8ac2dc42e09d6f944de", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|7d27f06948cc8a5790c0c40da9f729b304748df0e602d8ac2dc42e09d6f944de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.client"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120032, "scanner": "repobility-docker", "fingerprint": "0c50f3965d4de0730687b37d6f3f6caae0517fdb5f30b6e7afc811c6fee12fdb", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0c50f3965d4de0730687b37d6f3f6caae0517fdb5f30b6e7afc811c6fee12fdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.server"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120031, "scanner": "repobility-docker", "fingerprint": "7b8521f4ad0e02575b74f9570b2e09b9d4bafea0d58f88823aa1f483a5f1f6db", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|7b8521f4ad0e02575b74f9570b2e09b9d4bafea0d58f88823aa1f483a5f1f6db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.server"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120029, "scanner": "repobility-docker", "fingerprint": "fd74fff3fb24ee0afd74d685d23108aef2d3849ceb909db2ec328abaf7d8a9c6", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fd74fff3fb24ee0afd74d685d23108aef2d3849ceb909db2ec328abaf7d8a9c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.server"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120028, "scanner": "repobility-docker", "fingerprint": "b7df7eb236d9fd3bfadd46b1b04d668e1001582f46b24c1ccd6a3247951a4a7e", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b7df7eb236d9fd3bfadd46b1b04d668e1001582f46b24c1ccd6a3247951a4a7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.server"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120026, "scanner": "repobility-docker", "fingerprint": "fafb1c6a3297bc2a517809bb9722df2798343f5369b1d4a9b8461432a7e60c52", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fafb1c6a3297bc2a517809bb9722df2798343f5369b1d4a9b8461432a7e60c52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.client"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120025, "scanner": "repobility-docker", "fingerprint": "d1a112662540d579b8727a017d8ebcfae9881a015cb0146eb788d05fb637386a", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d1a112662540d579b8727a017d8ebcfae9881a015cb0146eb788d05fb637386a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.client"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120023, "scanner": "repobility-docker", "fingerprint": "209ff7bd2a85bfa51d3b9152382b1d69e5e71e963f316c6f83ed9bdb5c06112c", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|209ff7bd2a85bfa51d3b9152382b1d69e5e71e963f316c6f83ed9bdb5c06112c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.client"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120022, "scanner": "repobility-docker", "fingerprint": "edff51f4dbbf91e21405c928e2bff4af31f565a48af2da20b9f424daf49e8823", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|edff51f4dbbf91e21405c928e2bff4af31f565a48af2da20b9f424daf49e8823"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.client"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120020, "scanner": "repobility-docker", "fingerprint": "a8fa44118fa11fde899b93cf8db4e6016ffc715017a2210f6859198818cba090", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a8fa44118fa11fde899b93cf8db4e6016ffc715017a2210f6859198818cba090"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.server"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120019, "scanner": "repobility-docker", "fingerprint": "3bf4d3b08d2be58cf7f090b319cb6225ddd21b87024ffae258be880a4fdf0470", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|3bf4d3b08d2be58cf7f090b319cb6225ddd21b87024ffae258be880a4fdf0470"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.server"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120017, "scanner": "repobility-docker", "fingerprint": "bb3383c86641b8e1a90d30b6631e032d20bac20ee18a6def897b6d5d0184bfcd", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|bb3383c86641b8e1a90d30b6631e032d20bac20ee18a6def897b6d5d0184bfcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.server"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120016, "scanner": "repobility-docker", "fingerprint": "0386b0ef0cb02a9edf0a48821725dffafbbe0f94271a006d7e4ed19f7a9c8201", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0386b0ef0cb02a9edf0a48821725dffafbbe0f94271a006d7e4ed19f7a9c8201"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.server"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120014, "scanner": "repobility-docker", "fingerprint": "e14c3314546905c624799c4c2fd7936a28e2eb6dc578d9d8d7e01b78d658dede", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e14c3314546905c624799c4c2fd7936a28e2eb6dc578d9d8d7e01b78d658dede"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.client"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120013, "scanner": "repobility-docker", "fingerprint": "db4f1460445c8cb494ca2a3322b2235239a4255945ea04c18c8a77e1cef3e753", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|db4f1460445c8cb494ca2a3322b2235239a4255945ea04c18c8a77e1cef3e753"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.client"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120011, "scanner": "repobility-docker", "fingerprint": "d85feb1674b5389a0ee1830a5a17254bfdcc16a36183ed15f0cce42311f880f7", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d85feb1674b5389a0ee1830a5a17254bfdcc16a36183ed15f0cce42311f880f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.client"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120010, "scanner": "repobility-docker", "fingerprint": "42e227de61230ec3e314429f7c169c91f105de091e52e41a03ab29dbe8d40a99", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|42e227de61230ec3e314429f7c169c91f105de091e52e41a03ab29dbe8d40a99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.client"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 120008, "scanner": "repobility-docker", "fingerprint": "cbc1e960b8b406d9ea2488831edff24ff07f34ef9c4ab5c499799d3b0613bc98", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|cbc1e960b8b406d9ea2488831edff24ff07f34ef9c4ab5c499799d3b0613bc98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/workload/Dockerfile"}, "region": {"startLine": 96}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 120007, "scanner": "repobility-docker", "fingerprint": "1fe109c6ae69677f4f37e756adc282cc53d7a549485e284e230529c50de35a9d", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|1fe109c6ae69677f4f37e756adc282cc53d7a549485e284e230529c50de35a9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/workload/Dockerfile"}, "region": {"startLine": 42}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120006, "scanner": "repobility-docker", "fingerprint": "6de3f893f310a1e3ba755d2fbbe5cf09810b947544d00f394d7532307b1b6c0a", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|6de3f893f310a1e3ba755d2fbbe5cf09810b947544d00f394d7532307b1b6c0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/workload/Dockerfile"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120005, "scanner": "repobility-docker", "fingerprint": "e2eefbde531f10235971f01e1cb93956483892342292f2f626cd1a726139118c", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e2eefbde531f10235971f01e1cb93956483892342292f2f626cd1a726139118c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/workload/Dockerfile"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120003, "scanner": "repobility-docker", "fingerprint": "0836ce6d2276bf36be7a5a01fb20b43694d69571fb93bd74e79f377849fe33be", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0836ce6d2276bf36be7a5a01fb20b43694d69571fb93bd74e79f377849fe33be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/mongo_binaries/Dockerfile"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 119989, "scanner": "repobility-docker", "fingerprint": "df34be3b434ce14eda9ce8a70662f890e64dd9e2bbeee4f86cbfff22c23a6c99", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|df34be3b434ce14eda9ce8a70662f890e64dd9e2bbeee4f86cbfff22c23a6c99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 134}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 119988, "scanner": "repobility-docker", "fingerprint": "02eda06e408cf01016db71df0e44e25dfaac889c6a30f48018c4913f522db0f4", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|02eda06e408cf01016db71df0e44e25dfaac889c6a30f48018c4913f522db0f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 119982, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6ab8bd8ea4a2384207673ae2bba769380474b93250e0f28ae5143abab8ca7c41", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "FLETagQueryInterface", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "src/mongo/crypto/fle_tags.h", "correlation_key": "fp|6ab8bd8ea4a2384207673ae2bba769380474b93250e0f28ae5143abab8ca7c41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/db/query/fle/server_rewrite.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 119981, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60fe3e447792186d40d7876d36b39d2a5dce2df856f851333f41c90580f94e9b", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "CanonicalQuery", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "src/mongo/db/exec/classic/delete_stage.h", "correlation_key": "fp|60fe3e447792186d40d7876d36b39d2a5dce2df856f851333f41c90580f94e9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/db/query/write_ops/canonical_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 119980, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08e38fda32bf4b53e660129573560a85596e59ed7b93496ed53c2b3e93b72a6b", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "Buffer", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "src/mongo/bson/column/bsoncolumn.h", "correlation_key": "fp|08e38fda32bf4b53e660129573560a85596e59ed7b93496ed53c2b3e93b72a6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/bson/bson_validate_old.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 119979, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5d3a231b8c66fb908753ed7c7e022099fdf11c05dea2a44a7397f063997d72a1", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "BSONObj", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "src/mongo/base/error_extra_info.h", "correlation_key": "fp|5d3a231b8c66fb908753ed7c7e022099fdf11c05dea2a44a7397f063997d72a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/bson/bson_validate_old.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 119978, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bf53f144f6475301760d65e652e3b422be0bdb792ebbd6d4dd9a12463753002", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "All", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "src/mongo/db/exec/document_value/document_value_test.cpp", "correlation_key": "fp|0bf53f144f6475301760d65e652e3b422be0bdb792ebbd6d4dd9a12463753002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/dbtests/query_stage_update.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 119977, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51a131e5e10bd077dc1395fb7ffe4db2fd897df22343b42ecb255daed437867e", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "$config", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "jstests/concurrency/fsm_example.js", "correlation_key": "fp|51a131e5e10bd077dc1395fb7ffe4db2fd897df22343b42ecb255daed437867e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/query/agg/agg_merge_when_matched_replace_with_new.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119976, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c44067896f646edc3c0ddb51e8b2b62c2c2df676787483dd048bb5234fc5b36b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/replicaset_transition_to_and_from_csrs.py", "duplicate_line": 314, "correlation_key": "fp|c44067896f646edc3c0ddb51e8b2b62c2c2df676787483dd048bb5234fc5b36b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/stepdown.py"}, "region": {"startLine": 308}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119975, "scanner": "repobility-ai-code-hygiene", "fingerprint": "83798b9194103376d56d1fd917b6c0c5148a28c6486630a94e8bde03fd60ac8f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/maintenance.py", "duplicate_line": 43, "correlation_key": "fp|83798b9194103376d56d1fd917b6c0c5148a28c6486630a94e8bde03fd60ac8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/stepdown.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119974, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7a822db4e05370b4dd07a1d359ccca7ddb965dbf7881bad21e6f00b7403bd4a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/continuous_initial_sync.py", "duplicate_line": 35, "correlation_key": "fp|7a822db4e05370b4dd07a1d359ccca7ddb965dbf7881bad21e6f00b7403bd4a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/stepdown.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119973, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0e0efee6dbc101147c122013887650e518ba1cde60ed125bcc5bb5d254779178", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/continuous_initial_sync.py", "duplicate_line": 179, "correlation_key": "fp|0e0efee6dbc101147c122013887650e518ba1cde60ed125bcc5bb5d254779178"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/rotate_execution_control_params.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119972, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7adf7adaffcf7882d9fc89471dee25c890eecbf07de975b3f487c2e1a9700b26", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/fuzz_runtime_parameters.py", "duplicate_line": 236, "correlation_key": "fp|7adf7adaffcf7882d9fc89471dee25c890eecbf07de975b3f487c2e1a9700b26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/rotate_execution_control_params.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119971, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d17cb671e0e42a63bcf6bfa2834ac896d84c981979d69ed03b17741a09a471b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/maintenance.py", "duplicate_line": 43, "correlation_key": "fp|d17cb671e0e42a63bcf6bfa2834ac896d84c981979d69ed03b17741a09a471b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/replicaset_transition_to_and_from_csrs.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119970, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a77fa0f94a909940a70f8964270490e0b195619709c703b29b39834e1ed7264f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/continuous_initial_sync.py", "duplicate_line": 35, "correlation_key": "fp|a77fa0f94a909940a70f8964270490e0b195619709c703b29b39834e1ed7264f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/replicaset_transition_to_and_from_csrs.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119969, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cf73b35762abfd5de9fe9d25cfe5e02534bf10c4b6a4f3ecc9dc2000d816a80d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/drop_config_cache_collections.py", "duplicate_line": 35, "correlation_key": "fp|cf73b35762abfd5de9fe9d25cfe5e02534bf10c4b6a4f3ecc9dc2000d816a80d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/replicaset_transition_to_and_from_csrs.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119968, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e4b0fb2214cb2ac976a8e7e1537b7a3f314caaaf64c9508a5a11afb8561f721c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/continuous_initial_sync.py", "duplicate_line": 35, "correlation_key": "fp|e4b0fb2214cb2ac976a8e7e1537b7a3f314caaaf64c9508a5a11afb8561f721c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/maintenance.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119967, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1748eb7edec2f134da79a5e62521c8f3228c55131e17abfab6429793c7978dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/drop_config_cache_collections.py", "duplicate_line": 35, "correlation_key": "fp|b1748eb7edec2f134da79a5e62521c8f3228c55131e17abfab6429793c7978dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/maintenance.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119966, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d12ce30f9bc19a12c880c9548ba81c6ca139800c5b1ebc7cc924ae26786fe88", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/continuous_initial_sync.py", "duplicate_line": 179, "correlation_key": "fp|1d12ce30f9bc19a12c880c9548ba81c6ca139800c5b1ebc7cc924ae26786fe88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/fuzz_runtime_parameters.py"}, "region": {"startLine": 266}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119965, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78180cefca5a17518a4f7a4f3cbda790072b4df12611f728cbd61132a5b54e3f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/continuous_initial_sync.py", "duplicate_line": 35, "correlation_key": "fp|78180cefca5a17518a4f7a4f3cbda790072b4df12611f728cbd61132a5b54e3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/drop_sessions_collection.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119964, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d98b2ff5f3568d69d0aad8fc4ef4ddd0d540876774fc2d6046508ec7ca032b07", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/drop_config_cache_collections.py", "duplicate_line": 35, "correlation_key": "fp|d98b2ff5f3568d69d0aad8fc4ef4ddd0d540876774fc2d6046508ec7ca032b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/drop_sessions_collection.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119963, "scanner": "repobility-ai-code-hygiene", "fingerprint": "69aa7cb7eb85d113893a7f9429ff0adaca6209ae4bc1737322b921197e7bc99d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/resmokelib/testing/hooks/continuous_initial_sync.py", "duplicate_line": 35, "correlation_key": "fp|69aa7cb7eb85d113893a7f9429ff0adaca6209ae4bc1737322b921197e7bc99d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/drop_config_cache_collections.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119962, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9be10058c2c218ccde789f7d23c4ccef2cd8f15a10aec2527770554ec6739023", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/packager.py", "duplicate_line": 431, "correlation_key": "fp|9be10058c2c218ccde789f7d23c4ccef2cd8f15a10aec2527770554ec6739023"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/packager_enterprise.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119961, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a92476825afe649045c64d0d2d4eacf2992355ac018c4743201bd219420f2989", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/idl/idl/ast.py", "duplicate_line": 119, "correlation_key": "fp|a92476825afe649045c64d0d2d4eacf2992355ac018c4743201bd219420f2989"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/idl/syntax.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119960, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1358d1b91e87ddaf277137f64d72e50530d96f78b251ed0c85f63827a95a1009", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "buildscripts/evergreen_activate_gen_tasks.py", "duplicate_line": 10, "correlation_key": "fp|1358d1b91e87ddaf277137f64d72e50530d96f78b251ed0c85f63827a95a1009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/evergreen_activate_result_tasks.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119959, "scanner": "repobility-ai-code-hygiene", "fingerprint": "540c7934b20caed72dd6648626083694e7df1861150e385aa9f4dd10f255d9d7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bazel/format/rules_lint_format_wrapper.py", "duplicate_line": 16, "correlation_key": "fp|540c7934b20caed72dd6648626083694e7df1861150e385aa9f4dd10f255d9d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/lint.py"}, "region": {"startLine": 384}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 119958, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0df1c8a4c8a265f28ae2d35530a896cde323c17a3f78f257464ea70fca36aba6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bazel/gpg_signer.py", "duplicate_line": 12, "correlation_key": "fp|0df1c8a4c8a265f28ae2d35530a896cde323c17a3f78f257464ea70fca36aba6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/mongot_extension_signing_key/gpg_export_armored_key.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119927, "scanner": "repobility-ai-code-hygiene", "fingerprint": "897b65beffd58d0caa9c81f2e44256b353fa5241c9bd1381008ed895acc5883e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|897b65beffd58d0caa9c81f2e44256b353fa5241c9bd1381008ed895acc5883e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/timeseries/write/timeseries_insert_after_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119926, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2d2177da332a6ab3dfa95358d6b24c0740db19a22937ed75c114c8679638f84", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d2d2177da332a6ab3dfa95358d6b24c0740db19a22937ed75c114c8679638f84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/timeseries/write/timeseries_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119925, "scanner": "repobility-ai-code-hygiene", "fingerprint": "54e5629d38c14d25eac4c21d8094749781ad8a103592ddf070c4d41746491c59", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|54e5629d38c14d25eac4c21d8094749781ad8a103592ddf070c4d41746491c59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/timeseries/query/timeseries_find_and_modify_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119924, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f26893f406de8d0c7a9238ffe1318b5b5e76776fbdc5991e47495e5cf3929220", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f26893f406de8d0c7a9238ffe1318b5b5e76776fbdc5991e47495e5cf3929220"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/timeseries/query/timeseries_explain_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119923, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e84bace610c1793ba72b7681172d297a1e8beeeaa0f50ce1cf3a52315d56ab3", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|5e84bace610c1793ba72b7681172d297a1e8beeeaa0f50ce1cf3a52315d56ab3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/update/collation_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119922, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de2f8388947faf37c2b434619ffe99d5fa55d8e9d275c54038a6fb5b617a2e79", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|de2f8388947faf37c2b434619ffe99d5fa55d8e9d275c54038a6fb5b617a2e79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/query_settings/query_settings_lost_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119921, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb5027526fd9bebfc3e01934534e937b8a575a92398468f2e1688fdc3d4be6b5", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|cb5027526fd9bebfc3e01934534e937b8a575a92398468f2e1688fdc3d4be6b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/find_and_modify/find_and_modify_pipeline_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119920, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd4ddac6a0f979d41933bb06868cdba1f9377ed2f7829db5a9e985e0e28a3676", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|dd4ddac6a0f979d41933bb06868cdba1f9377ed2f7829db5a9e985e0e28a3676"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/find_and_modify/find_and_modify_empty_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119919, "scanner": "repobility-ai-code-hygiene", "fingerprint": "28acf77fc411b8a271ba92e3d562f753bf6f0298b38ce5dd6459358fa506ed6e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|28acf77fc411b8a271ba92e3d562f753bf6f0298b38ce5dd6459358fa506ed6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/find_and_modify/find_and_modify_concurrent_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb24613cbc6cbbd353c3ed35a9f83152bdf1ad9f4c95a5d33931525636a64ef8", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|bb24613cbc6cbbd353c3ed35a9f83152bdf1ad9f4c95a5d33931525636a64ef8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/batch_write/batch_write_command_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58d4a9cf6fd2510da62fa4563c48d5ba3c9820d960dec5bb9765500b1059c482", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|58d4a9cf6fd2510da62fa4563c48d5ba3c9820d960dec5bb9765500b1059c482"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/query/internal_apply_oplog_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac3fa74a671996666dc2baa8e473e7f85195b9c5fa111932dfb0bf8fe0e65cad", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ac3fa74a671996666dc2baa8e473e7f85195b9c5fa111932dfb0bf8fe0e65cad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/index/wildcard/wildcard_index_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119914, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d99c0063a5b51373963ece86651a83cfa4e4fd6f1a00b1614b652998a0d941a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|3d99c0063a5b51373963ece86651a83cfa4e4fd6f1a00b1614b652998a0d941a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/index/geo/geo_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119912, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd2d0641492f49a2bf21b2ccd0ea8e21d87d07f2f690014901e8fd4144cb0b38", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|bd2d0641492f49a2bf21b2ccd0ea8e21d87d07f2f690014901e8fd4144cb0b38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/administrative/profile/profile_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119911, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9fde04297d57216dd39847ef9484b9d364367df654b49e639b55fa5580344472", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9fde04297d57216dd39847ef9484b9d364367df654b49e639b55fa5580344472"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/timeseries/timeseries_collmod_granularity_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119910, "scanner": "repobility-ai-code-hygiene", "fingerprint": "36d98c481bc3b99cf30cd197e211dd86444aaadc88721dfdebd7ca7e74e76f53", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|36d98c481bc3b99cf30cd197e211dd86444aaadc88721dfdebd7ca7e74e76f53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/random_moveChunk/random_moveChunk_timeseries_findAndModify_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119909, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97d97cb806173eeecab4bce5be4ec0fc71ffc74829f08cdea328177c91441812", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|97d97cb806173eeecab4bce5be4ec0fc71ffc74829f08cdea328177c91441812"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/query/findAndModify/findAndModify_update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec8a230d47210884ecd7301407226ae7925cbac9b73e6b03bd218c407108d2ee", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ec8a230d47210884ecd7301407226ae7925cbac9b73e6b03bd218c407108d2ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/query/agg/agg_merge_when_matched_replace_with_new.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119906, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8605f4b048545d67b108afe901a48b06007ce80a0864741ce4a9a954c38f1489", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8605f4b048545d67b108afe901a48b06007ce80a0864741ce4a9a954c38f1489"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_updateDescription_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119905, "scanner": "repobility-ai-code-hygiene", "fingerprint": "01ab535dc9f62ec874cf0287e88efec50883ab31131bf06a568eeaea642facb3", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|01ab535dc9f62ec874cf0287e88efec50883ab31131bf06a568eeaea642facb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_to_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119904, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03bd6685e5b860619558c1ccaf960fcce256bec71da7ec3b414a23202bd15d62", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|03bd6685e5b860619558c1ccaf960fcce256bec71da7ec3b414a23202bd15d62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_operation_type_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b72808df1d4710ff81471b627bea84490df8590910c1c5f472ca0cefe08a5720", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b72808df1d4710ff81471b627bea84490df8590910c1c5f472ca0cefe08a5720"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_namespace_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b3eec4021d092d5f99ddb2e35bca5a7b1019275167902583d094f2f406d9235", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4b3eec4021d092d5f99ddb2e35bca5a7b1019275167902583d094f2f406d9235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_fullDocumentBeforeChange_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dfc953657d24ac93aa52e3c6daf6b4d39399b0fe80ea9856b308e7054da065d6", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|dfc953657d24ac93aa52e3c6daf6b4d39399b0fe80ea9856b308e7054da065d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_fullDocument_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "136243029f1bab00013c6c4e4944a855f457af5776ef26d2fb42b2c785378bac", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|136243029f1bab00013c6c4e4944a855f457af5776ef26d2fb42b2c785378bac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_match_pushdown_documentKey_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b58411ef0251a8d8fcf74e3908025d269a63d646e1fbeaab10f1a4255f265b3c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b58411ef0251a8d8fcf74e3908025d269a63d646e1fbeaab10f1a4255f265b3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/oplog_rewrite/change_stream_basic_match_pushdown_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 119898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe027f6cae7923df6a89db9a12462038e83eafe1add899e42b5b1fab5139e51d", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|fe027f6cae7923df6a89db9a12462038e83eafe1add899e42b5b1fab5139e51d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/aggregation/sources/graphLookup/graphlookup_rewrite.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 119846, "scanner": "repobility-threat-engine", "fingerprint": "437003d90564797528abac62c9516fe1409cf936e739a0f5f9e4bd523a747370", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"constexpr char \" + stringname + \"[] = {\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|437003d90564797528abac62c9516fe1409cf936e739a0f5f9e4bd523a747370"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/jstoh.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 119845, "scanner": "repobility-threat-engine", "fingerprint": "2af5f801d60b6ee073fa1b10160f6a5e83cbe2885c7f475456f25625da1c9505", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "raise RuntimeError(\n        \"The compile-variant \"\n        + build_variant_name\n        + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2af5f801d60b6ee073fa1b10160f6a5e83cbe2885c7f475456f25625da1c9505"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/download_sys_perf_binaries.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 119844, "scanner": "repobility-threat-engine", "fingerprint": "d71d9bf3dc26e7a7731a0d3fcb74c4012c3388b43e4f7c2c4598cc0e4fa16211", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Explain did not contain the expected stage \"\n                + str(query.expected_stage)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d71d9bf3dc26e7a7731a0d3fcb74c4012c3388b43e4f7c2c4598cc0e4fa16211"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/workload_execution.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `ensure_rg` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, if=5, ternary=2."}, "properties": {"repobilityId": 119754, "scanner": "repobility-threat-engine", "fingerprint": "e5fbe9ddb5402dc2a21163034e5defa9984c463e3e2519c38d7dd3131c8475e3", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "ensure_rg", "breakdown": {"if": 5, "except": 1, "ternary": 2}, "complexity": 8, "correlation_key": "fp|e5fbe9ddb5402dc2a21163034e5defa9984c463e3e2519c38d7dd3131c8475e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/auto_header/ensure_fd.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 119987, "scanner": "repobility-docker", "fingerprint": "76eda08a6c729601ce3398da3104dfbdac5a26d24bda21e5e98829c0a953d4bc", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$BASE_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|76eda08a6c729601ce3398da3104dfbdac5a26d24bda21e5e98829c0a953d4bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 119897, "scanner": "repobility-threat-engine", "fingerprint": "0a8b3c5a518a9cdd659fdd0b464d2bf4180e3ef7aeea526b02fc592daf044124", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0a8b3c5a518a9cdd659fdd0b464d2bf4180e3ef7aeea526b02fc592daf044124", "aggregated_count": 1}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 119896, "scanner": "repobility-threat-engine", "fingerprint": "b42e1b843aa346637e5ec9f623dbd74a51ab0e15184ffd4845fc285e460b2e09", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b42e1b843aa346637e5ec9f623dbd74a51ab0e15184ffd4845fc285e460b2e09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/index/fts/fts_diacriticsensitive.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 119895, "scanner": "repobility-threat-engine", "fingerprint": "4fea4e5b9cb5ea3adfcd4b96534d8bc5e22c2603d5536124e27824e90121a98f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4fea4e5b9cb5ea3adfcd4b96534d8bc5e22c2603d5536124e27824e90121a98f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/index/fts/fts_diacritic_and_casesensitive.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 119894, "scanner": "repobility-threat-engine", "fingerprint": "d1a288ec91af148ee8241a200de3d02d71a8695776707c12b8f4a300e813eab1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1a288ec91af148ee8241a200de3d02d71a8695776707c12b8f4a300e813eab1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/index/fts/fts_diacritic_and_caseinsensitive.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED089", "level": "none", "message": {"text": "[MINED089] Js Always False If: if (false) \u2014 branch never taken. Dead code / disabled feature."}, "properties": {"repobilityId": 119893, "scanner": "repobility-threat-engine", "fingerprint": "22eeed67119939742dc402ff64275bb4ee85f7d820c0da6db9f05dbf5d71ba2b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-always-false-if", "owasp": null, "cwe_ids": ["CWE-561"], "languages": ["javascript", "typescript", "tsx", "jsx", "python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348146+00:00", "triaged_in_corpus": 12, "observations_count": 536, "ai_coder_pattern_id": 141}, "scanner": "repobility-threat-engine", "correlation_key": "fp|22eeed67119939742dc402ff64275bb4ee85f7d820c0da6db9f05dbf5d71ba2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/core/administrative/apply_ops/apply_ops_dups.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC022", "level": "none", "message": {"text": "[SEC022] Database URL With Embedded Credential (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 119880, "scanner": "repobility-threat-engine", "fingerprint": "68bc7c58880aebcf773c4c698d3a795bad982c382df3ec9a5e59c624e3df2265", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|68bc7c58880aebcf773c4c698d3a795bad982c382df3ec9a5e59c624e3df2265"}}}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 119870, "scanner": "repobility-threat-engine", "fingerprint": "d7a4179d7783c17d429d54e0bf6c831c06dca7e5e3dcfbc072784858793957d0", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d7a4179d7783c17d429d54e0bf6c831c06dca7e5e3dcfbc072784858793957d0"}}}, {"ruleId": "MINED013", "level": "none", "message": {"text": "[MINED013] Password In Url (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 119867, "scanner": "repobility-threat-engine", "fingerprint": "292cb94921f918c8a91b3502aefa533f649530aa809f9c0c5908c2a120b1dbc5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|292cb94921f918c8a91b3502aefa533f649530aa809f9c0c5908c2a120b1dbc5", "aggregated_count": 9}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 119863, "scanner": "repobility-threat-engine", "fingerprint": "a534d2dd017a7561d6f289afbf6ca0bb1a277e24006fd70919399be04a5d8572", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a534d2dd017a7561d6f289afbf6ca0bb1a277e24006fd70919399be04a5d8572"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/generate_sast_report.sh"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 119862, "scanner": "repobility-threat-engine", "fingerprint": "ebcb38d178f651a92a30cf17ff8c5083a3cb2f2546810611d19bfb34210e7637", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ebcb38d178f651a92a30cf17ff8c5083a3cb2f2546810611d19bfb34210e7637"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/devcontainer_cli_setup.sh"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 119861, "scanner": "repobility-threat-engine", "fingerprint": "8dca3c5eb1c935cb0d53bb0706702bbfaca0c0c93a7f0c54ba07c8dffa6dab94", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8dca3c5eb1c935cb0d53bb0706702bbfaca0c0c93a7f0c54ba07c8dffa6dab94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/sbom/install_endorctl.sh"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 119853, "scanner": "repobility-threat-engine", "fingerprint": "85968dc703e3eeca891e42bdd2c1de52ad531fd18aa07a170b8aad04c25b80d1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85968dc703e3eeca891e42bdd2c1de52ad531fd18aa07a170b8aad04c25b80d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/monitor_mongo_fork_10gen.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 119852, "scanner": "repobility-threat-engine", "fingerprint": "43273d88ca65bc45e629523b09caf8e2b3d735588fe48354aaf5b07ee800a97b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|43273d88ca65bc45e629523b09caf8e2b3d735588fe48354aaf5b07ee800a97b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongo_toolchain.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 119847, "scanner": "repobility-threat-engine", "fingerprint": "248663b3a69eefa4028b33fe1ada25fb2fce0c6890a44759bc24f21cb84d2969", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|248663b3a69eefa4028b33fe1ada25fb2fce0c6890a44759bc24f21cb84d2969"}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 119843, "scanner": "repobility-threat-engine", "fingerprint": "0fb47d3dbd4b29b147b0535f7b07aa2033e0eed6d443542678798270db5c11ce", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0fb47d3dbd4b29b147b0535f7b07aa2033e0eed6d443542678798270db5c11ce", "aggregated_count": 8}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 119842, "scanner": "repobility-threat-engine", "fingerprint": "b969110c7e5c7c2c07b666dfd3c1a5bb807c8013df53cab5fe8c247420e1613a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b969110c7e5c7c2c07b666dfd3c1a5bb807c8013df53cab5fe8c247420e1613a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/data_generator.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 119841, "scanner": "repobility-threat-engine", "fingerprint": "9cdab79c9eb975021b980c8c6321bd8a08a1decba616cdff86869bee9b81a26b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9cdab79c9eb975021b980c8c6321bd8a08a1decba616cdff86869bee9b81a26b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/cost_estimator.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 119840, "scanner": "repobility-threat-engine", "fingerprint": "d9226a3e7bd843a64f05ac972d891093ff055ba0385f4c0bf19b7125b6656dab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9226a3e7bd843a64f05ac972d891093ff055ba0385f4c0bf19b7125b6656dab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/config.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED012", "level": "none", "message": {"text": "[MINED012] Curl Pipe Bash (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 119839, "scanner": "repobility-threat-engine", "fingerprint": "8786be8a409eb63c165af6ee6969acf872c54b7cdd53948f18f3b1ba6b8c478f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8786be8a409eb63c165af6ee6969acf872c54b7cdd53948f18f3b1ba6b8c478f", "aggregated_count": 1}}}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 119834, "scanner": "repobility-threat-engine", "fingerprint": "f87ed9b6811675c97d18c0024fde96dcf647cce402a76a98ff5bf685ee8d2ef2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f87ed9b6811675c97d18c0024fde96dcf647cce402a76a98ff5bf685ee8d2ef2", "aggregated_count": 1}}}, {"ruleId": "MINED076", "level": "none", "message": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "properties": {"repobilityId": 119830, "scanner": "repobility-threat-engine", "fingerprint": "3152e612b01fe6affd37bc4dd2611be56113553ceb47b0db18be52230cda77a9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "catch-and-reraise-noop", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348079+00:00", "triaged_in_corpus": 10, "observations_count": 8333, "ai_coder_pattern_id": 45}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3152e612b01fe6affd37bc4dd2611be56113553ceb47b0db18be52230cda77a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/codeowners/validate_codeowners.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 119829, "scanner": "repobility-threat-engine", "fingerprint": "e38733c4955085407fcbf593207c0902635133481b01f78cad989fb38cfd9cc0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e38733c4955085407fcbf593207c0902635133481b01f78cad989fb38cfd9cc0", "aggregated_count": 8}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 119828, "scanner": "repobility-threat-engine", "fingerprint": "284aaff818b243793ef3fee957131ed90dc63ac38782b1d96beb35ae16d81e4d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|284aaff818b243793ef3fee957131ed90dc63ac38782b1d96beb35ae16d81e4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/collect_resource_info.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 119827, "scanner": "repobility-threat-engine", "fingerprint": "b6316dfe8cf63b4d1a05f4a98d0535e1947ea9a7f18a6a678b7d86466e6426de", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b6316dfe8cf63b4d1a05f4a98d0535e1947ea9a7f18a6a678b7d86466e6426de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/client/github.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 119826, "scanner": "repobility-threat-engine", "fingerprint": "c3387cc380e4879629b81724b1e47f482a610aeeea3ff487a92a5b7499927462", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3387cc380e4879629b81724b1e47f482a610aeeea3ff487a92a5b7499927462"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/codeowners/check_github_codeowner_errors.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 119825, "scanner": "repobility-threat-engine", "fingerprint": "5c912f67859a6f819840fe5c45b50ef3e99c8e995d67db5fa05aad857aa68177", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5c912f67859a6f819840fe5c45b50ef3e99c8e995d67db5fa05aad857aa68177"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 119821, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 119820, "scanner": "repobility-threat-engine", "fingerprint": "e0127b2658a6bac58f58aa44a505d708b7e212d45ed5fed2ed05fa348ac92e87", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"Error obtaining installation token\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|2|print error obtaining installation token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/monitor_mongo_fork_10gen.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 119819, "scanner": "repobility-threat-engine", "fingerprint": "df1a9f41d321a20e474a9c085c0a32889d49344ccabf98e74393e4fd3e66f06b", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "LOGGER.error(\"No GitHub token provided, cannot proceed with CODEOWNERS error check.\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|23|logger.error no github token provided cannot proceed with codeowners error check."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/codeowners/check_github_codeowner_errors.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 119816, "scanner": "repobility-threat-engine", "fingerprint": "d1f955ddae044cc0b8b6149234532c3998b835c371fe9b57587b36b1dccb89db", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d1f955ddae044cc0b8b6149234532c3998b835c371fe9b57587b36b1dccb89db", "aggregated_count": 5}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 119815, "scanner": "repobility-threat-engine", "fingerprint": "c876bfa59934861d95fef237956f98192e215a5ea1cd5dad695e0b13a375c38a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c876bfa59934861d95fef237956f98192e215a5ea1cd5dad695e0b13a375c38a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/multiversion/multiversion_service.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 119814, "scanner": "repobility-threat-engine", "fingerprint": "649c13ef33e575ae91205a3440c4ae096b490a01d3431fc2547c59bc1d23853c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|649c13ef33e575ae91205a3440c4ae096b490a01d3431fc2547c59bc1d23853c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/ce_generate_data.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 119813, "scanner": "repobility-threat-engine", "fingerprint": "89b22d9fbc632397298ac09f5c83395e116a81281b735d863a0a4f61c19d6b18", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|89b22d9fbc632397298ac09f5c83395e116a81281b735d863a0a4f61c19d6b18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/wrapper_util.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED021", "level": "none", "message": {"text": "[MINED021] Path Traversal Os Join (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 119812, "scanner": "repobility-threat-engine", "fingerprint": "fbf78b5692d2330f519dc602dca84d330a6cc9a7c3e6d01afb5bef56d7e681c8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|fbf78b5692d2330f519dc602dca84d330a6cc9a7c3e6d01afb5bef56d7e681c8", "aggregated_count": 4}}}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 119808, "scanner": "repobility-threat-engine", "fingerprint": "2eaab8f590234775531b0af5c0b5d781dabb04b06006b4e2a5ef6e77992ce9f7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2eaab8f590234775531b0af5c0b5d781dabb04b06006b4e2a5ef6e77992ce9f7", "aggregated_count": 8}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 119804, "scanner": "repobility-threat-engine", "fingerprint": "7ba0de7cbc900d1bd1eb5161f1f723af267e6bf4756c814f4f8a36c4ca0e52a2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7ba0de7cbc900d1bd1eb5161f1f723af267e6bf4756c814f4f8a36c4ca0e52a2", "aggregated_count": 6}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 119803, "scanner": "repobility-threat-engine", "fingerprint": "b026f6d66468a51f8b53b7116ac39b5d9b67be08c9774c5ef00d17bda428bfc4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b026f6d66468a51f8b53b7116ac39b5d9b67be08c9774c5ef00d17bda428bfc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/write_wrapper_hook_bazelrc.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 119802, "scanner": "repobility-threat-engine", "fingerprint": "7a056055693eb9b353572dcda8df6aca0f88280801a01cee89262cc15199a688", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7a056055693eb9b353572dcda8df6aca0f88280801a01cee89262cc15199a688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/generate_common_bes_bazelrc.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 119801, "scanner": "repobility-threat-engine", "fingerprint": "1d1bd572e5aa60051303ffc3cb1fd50bb718e98543b6ffdb5177dc460e33b737", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d1bd572e5aa60051303ffc3cb1fd50bb718e98543b6ffdb5177dc460e33b737"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/flag_sync.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 119800, "scanner": "repobility-threat-engine", "fingerprint": "869f13e976c040c5c9ceb72e142bd4a2ffb0c8a6d5697d16a0d0a6b6abcc20e2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|869f13e976c040c5c9ceb72e142bd4a2ffb0c8a6d5697d16a0d0a6b6abcc20e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/rules_rust/win_allocator_shim.rs"}, "region": {"startLine": 30}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 119798, "scanner": "repobility-threat-engine", "fingerprint": "93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3"}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 119789, "scanner": "repobility-threat-engine", "fingerprint": "ce08a859483a58642a7ce01bd3edaf0cc012fd68707f8e106471cb721016dfd9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce08a859483a58642a7ce01bd3edaf0cc012fd68707f8e106471cb721016dfd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/platforms/remote_execution_containers_generator.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 119788, "scanner": "repobility-threat-engine", "fingerprint": "4434170c810fa43bf20566276ceaa9e55e65938a7f2140721f4fd2599ad87936", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4434170c810fa43bf20566276ceaa9e55e65938a7f2140721f4fd2599ad87936"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 119784, "scanner": "repobility-threat-engine", "fingerprint": "f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29"}}}, {"ruleId": "MINED034", "level": "none", "message": {"text": "[MINED034] Python Subprocess Shell True (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 119780, "scanner": "repobility-threat-engine", "fingerprint": "ceddd33b1d1708cc238e123022773f239c475e4021c48c09b2cfa7e43fc239e4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ceddd33b1d1708cc238e123022773f239c475e4021c48c09b2cfa7e43fc239e4", "aggregated_count": 4}}}, {"ruleId": "SEC005", "level": "none", "message": {"text": "[SEC005] Command Injection Risk (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 119776, "scanner": "repobility-threat-engine", "fingerprint": "7eef1f8e462acfd0bd8fd50ca87ea5d7aa8f026b4fea05cd7eb9360e05d117b2", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7eef1f8e462acfd0bd8fd50ca87ea5d7aa8f026b4fea05cd7eb9360e05d117b2"}}}, {"ruleId": "SEC119", "level": "none", "message": {"text": "[SEC119] World-writable / world-readable file permissions (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 119772, "scanner": "repobility-threat-engine", "fingerprint": "3647c3ff80bd7fbe96d1229383c4aecf5b6184c5e64d6ebf9ed28b591e27e8da", "category": "security", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3647c3ff80bd7fbe96d1229383c4aecf5b6184c5e64d6ebf9ed28b591e27e8da"}}}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 119768, "scanner": "repobility-threat-engine", "fingerprint": "bf6ffef179164d4a1f0566d9d004d607c8277a98d50286dbd0a0e459403d5c48", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bf6ffef179164d4a1f0566d9d004d607c8277a98d50286dbd0a0e459403d5c48"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 35 more): Same pattern found in 35 additional files. Review if needed."}, "properties": {"repobilityId": 119764, "scanner": "repobility-threat-engine", "fingerprint": "40305e59db871118d2c9bfe39ee44ad32afc425a867e231d06a654f8ac176765", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 35 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|40305e59db871118d2c9bfe39ee44ad32afc425a867e231d06a654f8ac176765", "aggregated_count": 35}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 119763, "scanner": "repobility-threat-engine", "fingerprint": "687a886b9325cfb67db778b829e609e247184f6e3f77be78414d96854e1cda17", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|687a886b9325cfb67db778b829e609e247184f6e3f77be78414d96854e1cda17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 119762, "scanner": "repobility-threat-engine", "fingerprint": "3a6dd7395e947307a24cbd23e4a8ca9fb96afcd7d45165392df627658859694b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a6dd7395e947307a24cbd23e4a8ca9fb96afcd7d45165392df627658859694b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/install_rules/install_rules.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 119761, "scanner": "repobility-threat-engine", "fingerprint": "b4c8bcd95c2e9fc120efefe65051fbc3ef9e762729605a74f4c7fbc18830ebef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b4c8bcd95c2e9fc120efefe65051fbc3ef9e762729605a74f4c7fbc18830ebef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/auto_header/gen_all_headers.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 119760, "scanner": "repobility-threat-engine", "fingerprint": "b57b69684d0f06f4b1cbb892f2a669d8cd9f6f77f1b48aa75aeeac9e602c2ec0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b57b69684d0f06f4b1cbb892f2a669d8cd9f6f77f1b48aa75aeeac9e602c2ec0", "aggregated_count": 15}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 146 more): Same pattern found in 146 additional files. Review if needed."}, "properties": {"repobilityId": 119756, "scanner": "repobility-threat-engine", "fingerprint": "58b06639d86fcc213416954c7ea8f00fd0a7078fb348da42580e55bd71c77701", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 146 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_rg_s3_url_for", "breakdown": {"if": 9, "nested_bonus": 6}, "aggregated": true, "complexity": 15, "correlation_key": "fp|58b06639d86fcc213416954c7ea8f00fd0a7078fb348da42580e55bd71c77701", "aggregated_count": 146}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 119752, "scanner": "repobility-threat-engine", "fingerprint": "0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 119751, "scanner": "repobility-threat-engine", "fingerprint": "42e98870acd85ce38ec64a25d25cb0868f95238d87cf2b6b465217d597f6e441", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|42e98870acd85ce38ec64a25d25cb0868f95238d87cf2b6b465217d597f6e441"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etc/format_sample.cpp"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 119750, "scanner": "repobility-threat-engine", "fingerprint": "4752799ec1cdc868ffee7c8b90282093de746cbc633f6c02dcfc3da03944fbda", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4752799ec1cdc868ffee7c8b90282093de746cbc633f6c02dcfc3da03944fbda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/utils/evergreen_git.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 119749, "scanner": "repobility-threat-engine", "fingerprint": "73909b55bbc82cd42f19ab8d7cc3a1f90b5d46c441820ab4fb66b34179a5d865", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73909b55bbc82cd42f19ab8d7cc3a1f90b5d46c441820ab4fb66b34179a5d865"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/s3_artifact_utils.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 65 more): Same pattern found in 65 additional files. Review if needed."}, "properties": {"repobilityId": 119748, "scanner": "repobility-threat-engine", "fingerprint": "979cf059fc8bb05c709482a2c345b1525c176954f813263a1a72fd5c4e3c59c8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 65 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 65 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|979cf059fc8bb05c709482a2c345b1525c176954f813263a1a72fd5c4e3c59c8"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 119744, "scanner": "repobility-threat-engine", "fingerprint": "d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa"}}}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120215, "scanner": "repobility-supply-chain", "fingerprint": "65bf0860cf8d26909f53888b73d304bc4970c752e69df7d743f4959e4ae9100a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65bf0860cf8d26909f53888b73d304bc4970c752e69df7d743f4959e4ae9100a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/mongo_binaries/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120214, "scanner": "repobility-supply-chain", "fingerprint": "447f4bb740820ebe4054e5fd02739087e0bf56e6d0df47f2f165a089722dd04f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|447f4bb740820ebe4054e5fd02739087e0bf56e6d0df47f2f165a089722dd04f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/antithesis/base_images/workload/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `eslint-plugin-mongodb` pulled from URL/Git: `dependencies.eslint-plugin-mongodb` = `file:buildscripts/eslint-plugin-mongodb` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 120213, "scanner": "repobility-supply-chain", "fingerprint": "25b39398ca7c859e3e090b19a8bd7ccc743551c55dbed35ccae4ed3befdf8a5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25b39398ca7c859e3e090b19a8bd7ccc743551c55dbed35ccae4ed3befdf8a5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Handler `test_missing_pr_number_raises_error` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120212, "scanner": "repobility-route-auth", "fingerprint": "f4ded1eb7807ff94bd9d2e37bcbec9299befd61ccec697d9fd71dc0c8222e5af", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f4ded1eb7807ff94bd9d2e37bcbec9299befd61ccec697d9fd71dc0c8222e5af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_generate_and_check_perf_results.py"}, "region": {"startLine": 758}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Handler `test_override_not_checked_when_not_merge_queue` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120211, "scanner": "repobility-route-auth", "fingerprint": "11628c54bb0b850d5d0d49606bd8473ab83b680cc0458cf215ba9f292ab61fc4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|11628c54bb0b850d5d0d49606bd8473ab83b680cc0458cf215ba9f292ab61fc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_generate_and_check_perf_results.py"}, "region": {"startLine": 718}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Handler `test_no_override_comment_fails` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120210, "scanner": "repobility-route-auth", "fingerprint": "94234dbcfe6208ad9dfb14fe45108dfb3a3a32d3c2acfa9fb78de0444d61f24f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|94234dbcfe6208ad9dfb14fe45108dfb3a3a32d3c2acfa9fb78de0444d61f24f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_generate_and_check_perf_results.py"}, "region": {"startLine": 661}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Handler `test_override_comment_from_unauthorized_user_fails` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120209, "scanner": "repobility-route-auth", "fingerprint": "eaee53fe2269918132d1483b859bb7e49e4d4afe2a21227ac5b7182ce0f521ce", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|eaee53fe2269918132d1483b859bb7e49e4d4afe2a21227ac5b7182ce0f521ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_generate_and_check_perf_results.py"}, "region": {"startLine": 604}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Handler `test_override_comment_allows_failure_commit_comment` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120208, "scanner": "repobility-route-auth", "fingerprint": "24ff851cc5cae2ee0bfaa4312a7b8923306c2e0eeb74cb0bb3a1efb3f8f813af", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|24ff851cc5cae2ee0bfaa4312a7b8923306c2e0eeb74cb0bb3a1efb3f8f813af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_generate_and_check_perf_results.py"}, "region": {"startLine": 548}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Handler `test_override_comment_allows_failure_review_comment` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120207, "scanner": "repobility-route-auth", "fingerprint": "4ffe9d73085ba89ae1cf9df0afed329afb7567e7865eacf9b5fd852c380a57f8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4ffe9d73085ba89ae1cf9df0afed329afb7567e7865eacf9b5fd852c380a57f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_generate_and_check_perf_results.py"}, "region": {"startLine": 492}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.generate_and_check_perf_results._config has no auth: Handler `test_override_comment_allows_failure_issue_comment` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120206, "scanner": "repobility-route-auth", "fingerprint": "55f6e5a8b130184a18a2829c137c181fd0bc9942a7ceb5f7243f66a572dd9718", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|55f6e5a8b130184a18a2829c137c181fd0bc9942a7ceb5f7243f66a572dd9718"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_generate_and_check_perf_results.py"}, "region": {"startLine": 436}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.interface.Hook has no auth: Handler `setUp` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120205, "scanner": "repobility-route-auth", "fingerprint": "aba7afabbd5d010ba907c729d39f265cf0c6eca2fec9d8a93d6cfe1d50213077", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|aba7afabbd5d010ba907c729d39f265cf0c6eca2fec9d8a93d6cfe1d50213077"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_generate_and_check_perf_results.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.fixtures.replicaset.ReplicaSetFixture has no auth: Handler `test_pause_throws_error` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120204, "scanner": "repobility-route-auth", "fingerprint": "0513695e30f20a73cb335c87bd2d0258683fca0429539df8d0ab34694c50f03a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|0513695e30f20a73cb335c87bd2d0258683fca0429539df8d0ab34694c50f03a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_stepdown.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH threading.Condition has no auth: Handler `test_waiting_for_action_permitted_is_interruptible` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120203, "scanner": "repobility-route-auth", "fingerprint": "c1caa550009ce7428a06db888feefbded3733dce2b31d0a849cb1c33f740483e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|c1caa550009ce7428a06db888feefbded3733dce2b31d0a849cb1c33f740483e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_lifecycle.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH threading.Condition has no auth: Handler `test_thread_waits_until_permitted_file_exists` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120202, "scanner": "repobility-route-auth", "fingerprint": "499a1463f6b9cf7dd7c67c8dfa101e4b4a03953f74a12dbf67aab49c17cf4aab", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|499a1463f6b9cf7dd7c67c8dfa101e4b4a03953f74a12dbf67aab49c17cf4aab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_lifecycle.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH os.path has no auth: Handler `test_action_permitted_if_permitted_file_exists` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120201, "scanner": "repobility-route-auth", "fingerprint": "3d217c7bdc1322768fb05d79a9c099f2d8ff4b6f10563c84ab27e4c12241fcdd", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|3d217c7bdc1322768fb05d79a9c099f2d8ff4b6f10563c84ab27e4c12241fcdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_lifecycle.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH os.remove has no auth: Handler `test_files_cleaned_up_after_test_finishes` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120200, "scanner": "repobility-route-auth", "fingerprint": "702ad63c604a434e2aee2e476e64ed962c1edd2feacfce8137c52e19980722fb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|702ad63c604a434e2aee2e476e64ed962c1edd2feacfce8137c52e19980722fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_lifecycle.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH threading.Condition has no auth: Handler `test_waiting_for_action_permitted_is_interruptible` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120199, "scanner": "repobility-route-auth", "fingerprint": "e79b3ba86a56910001afd69fda2d3082e5836e7235dcc7911aa3904d2b747584", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e79b3ba86a56910001afd69fda2d3082e5836e7235dcc7911aa3904d2b747584"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_lifecycle.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.fuzz_runtime_parameters.time.time has no auth: Handler `test_custom_fuzz_value_assignment_dispatches_to_special_handler` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120198, "scanner": "repobility-route-auth", "fingerprint": "96cb5e9bf3153858985f269fdf74847458fd1c319bb1240d1fa333d88d41dcb3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|96cb5e9bf3153858985f269fdf74847458fd1c319bb1240d1fa333d88d41dcb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_runtime_parameter_fuzzing.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH buildscripts.resmokelib.testing.hooks.fuzz_runtime_parameters.time.time has no auth: Handler `test_frequency_respected` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120197, "scanner": "repobility-route-auth", "fingerprint": "5a331cec6c72285c1afc9ad45a3debc4d2140a4adc59562651ed168ca43556eb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|5a331cec6c72285c1afc9ad45a3debc4d2140a4adc59562651ed168ca43556eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/hooks/test_runtime_parameter_fuzzing.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_queue_elem_created_for_test_name` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120196, "scanner": "repobility-route-auth", "fingerprint": "45973d0f1e64e644e195c42c0a90cafdf2cfe5c17ea945cd02dc7c23b8352c04", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|45973d0f1e64e644e195c42c0a90cafdf2cfe5c17ea945cd02dc7c23b8352c04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/test_executor.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_multiple_suites_matching_multiple_test_kinds` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120195, "scanner": "repobility-route-auth", "fingerprint": "124c82c07d152a273e3f46115b4922a7c09e07af6b426b0f9419f0134d71679b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|124c82c07d152a273e3f46115b4922a7c09e07af6b426b0f9419f0134d71679b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/test_suitesconfig.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_multiple_suites_matching_single_test_kind` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120194, "scanner": "repobility-route-auth", "fingerprint": "d9157c080ac5d0c339839f1d6b53921b2c46cb72c8129a5b478c3f2a9bc59716", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d9157c080ac5d0c339839f1d6b53921b2c46cb72c8129a5b478c3f2a9bc59716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/test_suitesconfig.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_no_suites_matching_test_kind` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 120193, "scanner": "repobility-route-auth", "fingerprint": "78ab105b795b62cdefaeea97cc52367ffc22b54a23dc1e4e58356b348dfa00ec", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|78ab105b795b62cdefaeea97cc52367ffc22b54a23dc1e4e58356b348dfa00ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/test_suitesconfig.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_ixscan_w_filters_w_diff_num_leaves`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120172, "scanner": "repobility-ast-engine", "fingerprint": "f5da716b07abd491f13c4c6451b277e3539d773848bca26111e2a0ec8007acaf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5da716b07abd491f13c4c6451b277e3539d773848bca26111e2a0ec8007acaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 625}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_collscan_w_filters_w_diff_num_leaves`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120171, "scanner": "repobility-ast-engine", "fingerprint": "5123e5464de9eda0aa8691397bc70de194d2ab6eaa9f41193b7d0b4569a7ee9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5123e5464de9eda0aa8691397bc70de194d2ab6eaa9f41193b7d0b4569a7ee9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 586}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_fetch_w_filters_w_diff_num_leaves`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120170, "scanner": "repobility-ast-engine", "fingerprint": "99f8495e83067ced4776ed9d17521a0a5edc469e81d9eabe30bd9d143b567145", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99f8495e83067ced4776ed9d17521a0a5edc469e81d9eabe30bd9d143b567145"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 549}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_index_scans_w_diff_num_fields`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120169, "scanner": "repobility-ast-engine", "fingerprint": "8aa55347d065980303147579b90e6b1e09a5a547ceb690634c74cf2c6b8a99b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8aa55347d065980303147579b90e6b1e09a5a547ceb690634c74cf2c6b8a99b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 517}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_fetches`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120168, "scanner": "repobility-ast-engine", "fingerprint": "3f77d5c4f164894bf5d4c7cb5956efe18f48147a491ceaa476bdcf286e99ae01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f77d5c4f164894bf5d4c7cb5956efe18f48147a491ceaa476bdcf286e99ae01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 486}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_fetches`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120167, "scanner": "repobility-ast-engine", "fingerprint": "a7b41017af50e24cd3ea277cd7900a706bcdd74ec64be0c1aa18e3fb8352eea1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7b41017af50e24cd3ea277cd7900a706bcdd74ec64be0c1aa18e3fb8352eea1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 478}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_hash_intersections`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120166, "scanner": "repobility-ast-engine", "fingerprint": "aa3f6d71e81a56deb93fb1753923a0ee22dee54dbd0956a6821b80dc4dfc5eb6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa3f6d71e81a56deb93fb1753923a0ee22dee54dbd0956a6821b80dc4dfc5eb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 447}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_sort_intersections`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120165, "scanner": "repobility-ast-engine", "fingerprint": "b0bbcb7a5d432e0eb383e1071785cc29bf0f048c149c2c6fe5e80eaf9be58f59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0bbcb7a5d432e0eb383e1071785cc29bf0f048c149c2c6fe5e80eaf9be58f59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 412}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_merge_sorts`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120164, "scanner": "repobility-ast-engine", "fingerprint": "af1859216636b8d2b3b077deb8cd229bafae31bac8a29a0224e7c204d41b2cae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af1859216636b8d2b3b077deb8cd229bafae31bac8a29a0224e7c204d41b2cae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_sorts`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120163, "scanner": "repobility-ast-engine", "fingerprint": "0c10a74fb4b3f0acea70b3494435342cfd75905f3d6f7d2fc1f7d7f2c88fc231", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c10a74fb4b3f0acea70b3494435342cfd75905f3d6f7d2fc1f7d7f2c88fc231"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 316}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_sorts`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120162, "scanner": "repobility-ast-engine", "fingerprint": "145e5638f17b348f400f858069e8bba9dcd1ddea2572b5789baa62197de84821", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|145e5638f17b348f400f858069e8bba9dcd1ddea2572b5789baa62197de84821"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_projections`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120161, "scanner": "repobility-ast-engine", "fingerprint": "535f6a448b793980b7c3d1d680647f69419aee604d779b1d1de90b454e3d64d1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|535f6a448b793980b7c3d1d680647f69419aee604d779b1d1de90b454e3d64d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_projections`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120160, "scanner": "repobility-ast-engine", "fingerprint": "84a547c34c18adb5f21140d1971e4ed1579b89ca9d0964bb13787f8014ca4abf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84a547c34c18adb5f21140d1971e4ed1579b89ca9d0964bb13787f8014ca4abf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_projections`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120159, "scanner": "repobility-ast-engine", "fingerprint": "25381965858f63c836df9cc9697a0c627d8de90dcd234890de56dbe65413d1e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|25381965858f63c836df9cc9697a0c627d8de90dcd234890de56dbe65413d1e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_skips`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120158, "scanner": "repobility-ast-engine", "fingerprint": "b2e661bb1778c5733159c2b97787f2a0e63ea585809fdf1035de86a5df5ca220", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2e661bb1778c5733159c2b97787f2a0e63ea585809fdf1035de86a5df5ca220"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_collection_scans`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120157, "scanner": "repobility-ast-engine", "fingerprint": "60046cca316780db99692a041d57b0e4ca4265e6a70bedba309a03f03bc8dace", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60046cca316780db99692a041d57b0e4ca4265e6a70bedba309a03f03bc8dace"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_collection_scans`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120156, "scanner": "repobility-ast-engine", "fingerprint": "75d80d7283ba2dcf9ce4280b043525e9ddbd964bda3b2567ec9b12f96dae6f1a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75d80d7283ba2dcf9ce4280b043525e9ddbd964bda3b2567ec9b12f96dae6f1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_index_seeks`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120155, "scanner": "repobility-ast-engine", "fingerprint": "c6d883f843301757bbf2b065af49475be4c979b105c836cc8bbd3830be555c10", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6d883f843301757bbf2b065af49475be4c979b105c836cc8bbd3830be555c10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_index_seeks`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120154, "scanner": "repobility-ast-engine", "fingerprint": "d9fc6487463a998e96d00344c1b0dbaf658dee359cc77739409d607bd846b822", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9fc6487463a998e96d00344c1b0dbaf658dee359cc77739409d607bd846b822"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_index_seeks`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120153, "scanner": "repobility-ast-engine", "fingerprint": "9bcb9552138ebfa83f4376539ce13c2bdf4f22b34aea0bed5a2363b40f9daeee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9bcb9552138ebfa83f4376539ce13c2bdf4f22b34aea0bed5a2363b40f9daeee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `execute_index_seeks`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 120152, "scanner": "repobility-ast-engine", "fingerprint": "879ac374ff1b947f3db54ebbdb0c2c040be00ece204a6a623d28d3b1ebec5c75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|879ac374ff1b947f3db54ebbdb0c2c040be00ece204a6a623d28d3b1ebec5c75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/start.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_flags: Test function `test_flags` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120146, "scanner": "repobility-ast-engine", "fingerprint": "ebfb657f0ab3c7fd744a0cfe70778d5a400f4def6bfe47ed28efdb7b79f9aed5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebfb657f0ab3c7fd744a0cfe70778d5a400f4def6bfe47ed28efdb7b79f9aed5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/ciconfig/evergreen.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_first_phase_returns_without_reexec_when_no_install_needed: Test function `test_first_phase_returns_without_reexec_when_no_install_needed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120142, "scanner": "repobility-ast-engine", "fingerprint": "30902db768350e914d68cd912e70e179e0da16c9dc79a959e43d762d98b14032", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30902db768350e914d68cd912e70e179e0da16c9dc79a959e43d762d98b14032"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/install_modules_test.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_second_phase_only_reapplies_python_path: Test function `test_second_phase_only_reapplies_python_path` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120141, "scanner": "repobility-ast-engine", "fingerprint": "6984253ae0361b6ad780c53668d09c3eb093d29f1c5197d1566d0b263284297b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6984253ae0361b6ad780c53668d09c3eb093d29f1c5197d1566d0b263284297b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/install_modules_test.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fix_dry_run_keeps_generated_yaml_check_only: Test function `test_fix_dry_run_keeps_generated_yaml_check_only` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120140, "scanner": "repobility-ast-engine", "fingerprint": "8befdd159b417c89fe782d10a999daa3cd6db7a7bbfc4bb210789d11037c1d26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8befdd159b417c89fe782d10a999daa3cd6db7a7bbfc4bb210789d11037c1d26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/lint_test.py"}, "region": {"startLine": 565}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fix_mode_runs_generated_yaml_writer: Test function `test_fix_mode_runs_generated_yaml_writer` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120139, "scanner": "repobility-ast-engine", "fingerprint": "96f3f57129b3f553e93d7a7368d5a0cfc69e2afeb8a1d07ea9c8368abba83996", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96f3f57129b3f553e93d7a7368d5a0cfc69e2afeb8a1d07ea9c8368abba83996"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/lint_test.py"}, "region": {"startLine": 556}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_check_mode_runs_generated_yaml_check: Test function `test_check_mode_runs_generated_yaml_check` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120138, "scanner": "repobility-ast-engine", "fingerprint": "c4eb17f9e4bef3237d2ed43ea15b2662ca58c60d87610a5fc1d91475af1479d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4eb17f9e4bef3237d2ed43ea15b2662ca58c60d87610a5fc1d91475af1479d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/lint_test.py"}, "region": {"startLine": 544}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_runner_interface: Test function `test_runner_interface` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120137, "scanner": "repobility-ast-engine", "fingerprint": "b53774fe9d256ae33b6d3cf657ed37a97bfcdd0a2db6c369d2f84ea675dcf297", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b53774fe9d256ae33b6d3cf657ed37a97bfcdd0a2db6c369d2f84ea675dcf297"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/plus_interface.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_ensure_compiledb_exists_builds_install_wiredtiger_too: Test function `test_ensure_compiledb_exists_builds_install_wiredtiger_too` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120133, "scanner": "repobility-ast-engine", "fingerprint": "776f04a3cc8b44e4a498ef8d1dd0dfdf6f0978e68709d3823b40adf0b1bed492", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|776f04a3cc8b44e4a498ef8d1dd0dfdf6f0978e68709d3823b40adf0b1bed492"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_selection_rejects_non_standard_compile_commands_json: Test function `test_selection_rejects_non_standard_compile_commands_json` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120132, "scanner": "repobility-ast-engine", "fingerprint": "dc53679b72eab254ad2fabb7ca597e77b6357743167d1ff58aa1c66734af2534", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc53679b72eab254ad2fabb7ca597e77b6357743167d1ff58aa1c66734af2534"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rejects_entries_with_both_command_and_arguments: Test function `test_rejects_entries_with_both_command_and_arguments` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120131, "scanner": "repobility-ast-engine", "fingerprint": "d36ee1c7230c09d0d92c6d9fc3d186f05f5044a45c46616464028b9b621bbe93", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d36ee1c7230c09d0d92c6d9fc3d186f05f5044a45c46616464028b9b621bbe93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rejects_non_standard_keys: Test function `test_rejects_non_standard_keys` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120130, "scanner": "repobility-ast-engine", "fingerprint": "f4a75fe02d37baad01d066f48cf677d3065ee223edbf7850bbd39da996706bb3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4a75fe02d37baad01d066f48cf677d3065ee223edbf7850bbd39da996706bb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_accepts_standard_command_entry: Test function `test_accepts_standard_command_entry` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120129, "scanner": "repobility-ast-engine", "fingerprint": "4e012033760f07e2ddf7f38182b11da442c31fa3b5d6575db1d4e1c9126574e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e012033760f07e2ddf7f38182b11da442c31fa3b5d6575db1d4e1c9126574e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_accepts_standard_arguments_entry: Test function `test_accepts_standard_arguments_entry` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120128, "scanner": "repobility-ast-engine", "fingerprint": "b3a887ef5ff2ba408fcd7c0ba20746e16164566c9056dc9ab776699da194414e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3a887ef5ff2ba408fcd7c0ba20746e16164566c9056dc9ab776699da194414e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_clang_tidy_setup_rejects_missing_plugin: Test function `test_validate_clang_tidy_setup_rejects_missing_plugin` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120127, "scanner": "repobility-ast-engine", "fingerprint": "6ed24c58ee32a779bdecdb7eea7d301ce03195d1b0ba8e15bb6eb2baab7ec9bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ed24c58ee32a779bdecdb7eea7d301ce03195d1b0ba8e15bb6eb2baab7ec9bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_clang_tidy_setup_rejects_missing_config: Test function `test_validate_clang_tidy_setup_rejects_missing_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120126, "scanner": "repobility-ast-engine", "fingerprint": "efc1dedb56b9f9f65da61b06eb05a152b2e500b1d2d9482b3bf52b488b6ea1ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efc1dedb56b9f9f65da61b06eb05a152b2e500b1d2d9482b3bf52b488b6ea1ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_clang_tidy_setup_accepts_expected_files: Test function `test_validate_clang_tidy_setup_accepts_expected_files` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120125, "scanner": "repobility-ast-engine", "fingerprint": "64b62dea785ee0f188c0ccacdb1e36203eff578c66fb9463505ff7c840300063", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64b62dea785ee0f188c0ccacdb1e36203eff578c66fb9463505ff7c840300063"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_clang_tidy_setup_skips_unsupported_platforms: Test function `test_validate_clang_tidy_setup_skips_unsupported_platforms` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120124, "scanner": "repobility-ast-engine", "fingerprint": "a634e5bfd3b82a25e47edc82659e961057d3e1ee8635c26adb6fc9dee11b45dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a634e5bfd3b82a25e47edc82659e961057d3e1ee8635c26adb6fc9dee11b45dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/validate_compile_commands_test.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_output_path` used but never assigned in __init__: Method `get_paths` of class `GoldenTestApp` reads `self.get_output_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120106, "scanner": "repobility-ast-engine", "fingerprint": "50bf84181e2366849160965d9c9cfe374373439a6368783bd6885a9ff9b3c498", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50bf84181e2366849160965d9c9cfe374373439a6368783bd6885a9ff9b3c498"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_outputs` used but never assigned in __init__: Method `get_latest_or_matching_output` of class `GoldenTestApp` reads `self.get_outputs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120105, "scanner": "repobility-ast-engine", "fingerprint": "f913bb40170242fea776068ae5978ca40f0d9c4c9e5bd27458a91b548afeb5ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f913bb40170242fea776068ae5978ca40f0d9c4c9e5bd27458a91b548afeb5ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_latest_output` used but never assigned in __init__: Method `get_latest_or_matching_output` of class `GoldenTestApp` reads `self.get_latest_output`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120104, "scanner": "repobility-ast-engine", "fingerprint": "85f287e9ff20c500ec7c0572861b54c6c5c4eb6f74e476666bc1453446139e5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|85f287e9ff20c500ec7c0572861b54c6c5c4eb6f74e476666bc1453446139e5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.vprint` used but never assigned in __init__: Method `get_latest_output` of class `GoldenTestApp` reads `self.vprint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120103, "scanner": "repobility-ast-engine", "fingerprint": "889ae2c13bdcd50e5924edf406180c1306c8a636a094260d7b0189fdaa5ddb9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|889ae2c13bdcd50e5924edf406180c1306c8a636a094260d7b0189fdaa5ddb9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 207}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_outputs` used but never assigned in __init__: Method `get_latest_output` of class `GoldenTestApp` reads `self.get_outputs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120102, "scanner": "repobility-ast-engine", "fingerprint": "057a51e7f9d7a6b70734dca3a3b3ca5d70b8506a53dbfa0b9e3c77a5c4b56804", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|057a51e7f9d7a6b70734dca3a3b3ca5d70b8506a53dbfa0b9e3c77a5c4b56804"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.vprint` used but never assigned in __init__: Method `get_latest_output` of class `GoldenTestApp` reads `self.vprint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120101, "scanner": "repobility-ast-engine", "fingerprint": "36612e137614ad54567a46d6dccbc016d61ed1e4e4ea8a76d11da4af0afbccba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36612e137614ad54567a46d6dccbc016d61ed1e4e4ea8a76d11da4af0afbccba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_output_path` used but never assigned in __init__: Method `get_outputs` of class `GoldenTestApp` reads `self.get_output_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120100, "scanner": "repobility-ast-engine", "fingerprint": "a79f901a0c877459781dcd7bb0ebdfe2bf4ccfe4dab8ff3df552c7f746d7a0ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a79f901a0c877459781dcd7bb0ebdfe2bf4ccfe4dab8ff3df552c7f746d7a0ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.vprint` used but never assigned in __init__: Method `get_outputs` of class `GoldenTestApp` reads `self.vprint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120099, "scanner": "repobility-ast-engine", "fingerprint": "fbab92f01d0498c3a69e4d4ac1d7814d09ad14d40545a9fb35aa505f4ac9264c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fbab92f01d0498c3a69e4d4ac1d7814d09ad14d40545a9fb35aa505f4ac9264c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.vprint` used but never assigned in __init__: Method `load_config` of class `GoldenTestApp` reads `self.vprint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120098, "scanner": "repobility-ast-engine", "fingerprint": "34e41cc97ff982415ce44b948e33ce4a875731be207f0a0d4dfb1a78a7553877", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34e41cc97ff982415ce44b948e33ce4a875731be207f0a0d4dfb1a78a7553877"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.vprint` used but never assigned in __init__: Method `get_git_root` of class `GoldenTestApp` reads `self.vprint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120097, "scanner": "repobility-ast-engine", "fingerprint": "01ffd963103466914e6f9c2b26a5471ff19de48e59c41ebec5bf84c7332ca33d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01ffd963103466914e6f9c2b26a5471ff19de48e59c41ebec5bf84c7332ca33d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.vprint` used but never assigned in __init__: Method `get_git_root` of class `GoldenTestApp` reads `self.vprint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120096, "scanner": "repobility-ast-engine", "fingerprint": "13c751a0cf5e007bd6dc5c34e1e25c3ac14e19f70696737f8351409a70a9201b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13c751a0cf5e007bd6dc5c34e1e25c3ac14e19f70696737f8351409a70a9201b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.load_config` used but never assigned in __init__: Method `init_config` of class `GoldenTestApp` reads `self.load_config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120095, "scanner": "repobility-ast-engine", "fingerprint": "c076c4225247a24af4b20d1f1d016cf6301c2a76ffa437210b2af6636d943181", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c076c4225247a24af4b20d1f1d016cf6301c2a76ffa437210b2af6636d943181"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/golden_test.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.generate_build_id_mapping` used but never assigned in __init__: Method `run` of class `Mapper` reads `self.generate_build_id_mapping`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120093, "scanner": "repobility-ast-engine", "fingerprint": "9369ef5e80968f593724cbcf0ea510b40908b8a9327c3777dc67a9dd1209307c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9369ef5e80968f593724cbcf0ea510b40908b8a9327c3777dc67a9dd1209307c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/debugsymb_mapper.py"}, "region": {"startLine": 463}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.unpack` used but never assigned in __init__: Method `generate_build_id_mapping` of class `Mapper` reads `self.unpack`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120092, "scanner": "repobility-ast-engine", "fingerprint": "8cc17ed24ab735f5908db7c5538b89c4d5fc9bf91fa501a11bc12256afde61b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cc17ed24ab735f5908db7c5538b89c4d5fc9bf91fa501a11bc12256afde61b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/debugsymb_mapper.py"}, "region": {"startLine": 358}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.download` used but never assigned in __init__: Method `generate_build_id_mapping` of class `Mapper` reads `self.download`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120091, "scanner": "repobility-ast-engine", "fingerprint": "2ef401d90c8038c8c3218d4a15547cb21968a2267944098519a7631046ef9f21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ef401d90c8038c8c3218d4a15547cb21968a2267944098519a7631046ef9f21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/debugsymb_mapper.py"}, "region": {"startLine": 357}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.cleanup` used but never assigned in __init__: Method `__exit__` of class `Mapper` reads `self.cleanup`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120090, "scanner": "repobility-ast-engine", "fingerprint": "0e9d7288bb5ab55b34849d1cfbe8c2497621d04951712fca1d11e1dcbc15ecaf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e9d7288bb5ab55b34849d1cfbe8c2497621d04951712fca1d11e1dcbc15ecaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/debugsymb_mapper.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_mongodb_version` used but never assigned in __init__: Method `get_bin_version` of class `CmdOutputExtractor` reads `self._get_mongodb_version`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120089, "scanner": "repobility-ast-engine", "fingerprint": "d8516acd93b5d31c04656a71dac1c4982b2fa60d57db5058c17126d2dfda03de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8516acd93b5d31c04656a71dac1c4982b2fa60d57db5058c17126d2dfda03de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/debugsymb_mapper.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._extract_build_id` used but never assigned in __init__: Method `get_build_id` of class `CmdOutputExtractor` reads `self._extract_build_id`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120088, "scanner": "repobility-ast-engine", "fingerprint": "2a02575e5cc10586159807319f0b013a28bba408956359bb03e4e052b8ac1088", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a02575e5cc10586159807319f0b013a28bba408956359bb03e4e052b8ac1088"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/debugsymb_mapper.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.unpack` used but never assigned in __init__: Method `get_dbg_file` of class `PathResolver` reads `self.unpack`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120083, "scanner": "repobility-ast-engine", "fingerprint": "b54db8c239baf7e57d334e9a99540c3a52d42317da76428eae5b57392d32a0ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b54db8c239baf7e57d334e9a99540c3a52d42317da76428eae5b57392d32a0ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 423}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_to_cache` used but never assigned in __init__: Method `get_dbg_file` of class `PathResolver` reads `self.add_to_cache`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120082, "scanner": "repobility-ast-engine", "fingerprint": "8723c9c1d79aceefb4e9918985baed1193aba8fe2594665ecf5e6079b34c0d68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8723c9c1d79aceefb4e9918985baed1193aba8fe2594665ecf5e6079b34c0d68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 411}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.download` used but never assigned in __init__: Method `get_dbg_file` of class `PathResolver` reads `self.download`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120081, "scanner": "repobility-ast-engine", "fingerprint": "b90895e0bdce1c48a9ad950fba37613192c8276d3fe9310d7c47105a624deaf6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b90895e0bdce1c48a9ad950fba37613192c8276d3fe9310d7c47105a624deaf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 418}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_from_cache` used but never assigned in __init__: Method `get_dbg_file` of class `PathResolver` reads `self.get_from_cache`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120080, "scanner": "repobility-ast-engine", "fingerprint": "d7357a3a7e0b67ec578086ae8d273168000d70f86968eafbca89f6881c3ef625", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7357a3a7e0b67ec578086ae8d273168000d70f86968eafbca89f6881c3ef625"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 384}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_file_from_service` used but never assigned in __init__: Method `download` of class `PathResolver` reads `self.get_file_from_service`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120079, "scanner": "repobility-ast-engine", "fingerprint": "f2db98f9fa76b77c9211e1f1452682b25ce9a79a6873186622d73f91d48ab57f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2db98f9fa76b77c9211e1f1452682b25ce9a79a6873186622d73f91d48ab57f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.url_to_filename` used but never assigned in __init__: Method `download` of class `PathResolver` reads `self.url_to_filename`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120078, "scanner": "repobility-ast-engine", "fingerprint": "5bdcc748f83d2f75e5539b08f450b1532e5e515207088c78b3d445d1459c3c0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5bdcc748f83d2f75e5539b08f450b1532e5e515207088c78b3d445d1459c3c0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 351}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_from_s3` used but never assigned in __init__: Method `get_dbg_file` of class `S3BuildidDbgFileResolver` reads `self._get_from_s3`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120077, "scanner": "repobility-ast-engine", "fingerprint": "cc3a2c6e466a8886e429b1db800763d0f19b3170292a25d038b8f6adf8490f41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc3a2c6e466a8886e429b1db800763d0f19b3170292a25d038b8f6adf8490f41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongosymb.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_uninstall_is_complete: Test function `test_uninstall_is_complete` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120075, "scanner": "repobility-ast-engine", "fingerprint": "094ce80ba3afcf3ada9fb892712b1a941114619e11eefd661d08200d3fc8198e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|094ce80ba3afcf3ada9fb892712b1a941114619e11eefd661d08200d3fc8198e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/package_test_internal.py"}, "region": {"startLine": 577}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_uninstall: Test function `test_uninstall` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120074, "scanner": "repobility-ast-engine", "fingerprint": "57b4b40ecccf7ee47ebd1892f82274b3408a1cd15ffbeca1ccf87a0556fb34cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57b4b40ecccf7ee47ebd1892f82274b3408a1cd15ffbeca1ccf87a0556fb34cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/package_test_internal.py"}, "region": {"startLine": 557}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_install_compass: Test function `test_install_compass` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120073, "scanner": "repobility-ast-engine", "fingerprint": "ab9ffed73a469fbcf211f285938b54eb2aefe659cff72f923a69e8bac575587f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab9ffed73a469fbcf211f285938b54eb2aefe659cff72f923a69e8bac575587f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/package_test_internal.py"}, "region": {"startLine": 540}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_stop: Test function `test_stop` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120072, "scanner": "repobility-ast-engine", "fingerprint": "42d49dba0ac0f8010e2bef43668067da5bea7c457245c74d23e70e9f193dbf8b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42d49dba0ac0f8010e2bef43668067da5bea7c457245c74d23e70e9f193dbf8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/package_test_internal.py"}, "region": {"startLine": 529}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_restart: Test function `test_restart` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120071, "scanner": "repobility-ast-engine", "fingerprint": "6232f820c6e5a5525a8bf4445231c0a071f6aea15d699a107320def8704f5d24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6232f820c6e5a5525a8bf4445231c0a071f6aea15d699a107320def8704f5d24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/package_test_internal.py"}, "region": {"startLine": 518}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_ulimits_correct: Test function `test_ulimits_correct` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120070, "scanner": "repobility-ast-engine", "fingerprint": "eeb4a1a4ad7a0e663695d1f3e0fb60fbbd9475f957767b97f5659d556643577c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eeb4a1a4ad7a0e663695d1f3e0fb60fbbd9475f957767b97f5659d556643577c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/package_test_internal.py"}, "region": {"startLine": 491}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_install_is_complete: Test function `test_install_is_complete` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120069, "scanner": "repobility-ast-engine", "fingerprint": "35bbfaecb344ae2491d4cafdedd7cd71e38abd5d29fd3ad46d0d18aad72319cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35bbfaecb344ae2491d4cafdedd7cd71e38abd5d29fd3ad46d0d18aad72319cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/package_test_internal.py"}, "region": {"startLine": 426}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_start: Test function `test_start` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120068, "scanner": "repobility-ast-engine", "fingerprint": "f7255704f35f2fecaa98e287c9f5d3750085a24949a4c85e46953d754e62cfb1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7255704f35f2fecaa98e287c9f5d3750085a24949a4c85e46953d754e62cfb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/package_test_internal.py"}, "region": {"startLine": 416}}}]}, {"ruleId": "JRN004", "level": "error", "message": {"text": "Consent is collected in UI without visible backend audit persistence"}, "properties": {"repobilityId": 120060, "scanner": "repobility-journey-contract", "fingerprint": "702bf975dbf3afc16f8963c5b0702b1f9bde0d58293672c45cc5bc4f23368309", "category": "auth", "severity": "high", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Frontend consent wording was found, but backend consent/audit metadata was not visible.", "evidence": {"rule_id": "JRN004", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "correlation_key": "code|auth|jstests/libs/replsettest.js|832|jrn004", "backend_consent_model": false, "backend_audit_signal_count": 5}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/libs/replsettest.js"}, "region": {"startLine": 832}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 120057, "scanner": "repobility-docker", "fingerprint": "b69286761d3905b9960eb6dcfcdd6025314d12325f48e9c3e12721717e2ab6d4", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b69286761d3905b9960eb6dcfcdd6025314d12325f48e9c3e12721717e2ab6d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/zstandard/zstd/contrib/docker/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 120042, "scanner": "repobility-docker", "fingerprint": "5b20e958f996a76879606d4b7cfb00f0ab27e761e22e406bbb20e2153749a0ab", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5b20e958f996a76879606d4b7cfb00f0ab27e761e22e406bbb20e2153749a0ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.server"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 120036, "scanner": "repobility-docker", "fingerprint": "5dbd20faee9a39c29bfb865e99c2f590eb69afb02aa647e7e07860cb41917f4a", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5dbd20faee9a39c29bfb865e99c2f590eb69afb02aa647e7e07860cb41917f4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/xds/Dockerfile.client"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 120030, "scanner": "repobility-docker", "fingerprint": "d84e829760bbf6c2c746d0b3ddb5c47b69c09e2a4f6aa54360289ad05add5f2c", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d84e829760bbf6c2c746d0b3ddb5c47b69c09e2a4f6aa54360289ad05add5f2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.server"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 120024, "scanner": "repobility-docker", "fingerprint": "34adf7f2d95d616bb464d8b7fba1f84c464a7067401145726532cc9d50c625a3", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|34adf7f2d95d616bb464d8b7fba1f84c464a7067401145726532cc9d50c625a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/observability/Dockerfile.client"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 120018, "scanner": "repobility-docker", "fingerprint": "ec2e81b4e0f545d8fa3f74e60cc07199addb79deed7c8dcfb65ef2b5aee17fa5", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ec2e81b4e0f545d8fa3f74e60cc07199addb79deed7c8dcfb65ef2b5aee17fa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.server"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 120012, "scanner": "repobility-docker", "fingerprint": "d5397f68bbb82ae2cd2e6a52d9b8b2f5a6f1998f3fc15cbc0d4e5e5b9954ad90", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d5397f68bbb82ae2cd2e6a52d9b8b2f5a6f1998f3fc15cbc0d4e5e5b9954ad90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third_party/grpc/dist/examples/cpp/csm/Dockerfile.client"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR015", "level": "error", "message": {"text": "Docker build context is very large"}, "properties": {"repobilityId": 119985, "scanner": "repobility-docker", "fingerprint": "b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Estimated Docker build context exceeds Repobility's size or file-count threshold.", "evidence": {"capped": true, "rule_id": "DKR015", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "largest_paths": [{"path": "src/third_party/IntelRDFPMathLib20U1/TESTS/readtest.in", "size_mb": 9.1}, {"path": "src/third_party/IntelRDFPMathLib20U1/TESTS/readtest.in.OLD", "size_mb": 9.1}, {"path": "src/third_party/wiredtiger/test/3rdparty/sqlite3/sqlite3.c", "size_mb": 8.9}, {"path": "src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid_binarydecimal.c", "size_mb": 6.3}, {"path": "src/third_party/timelib/dist/timezonedb.h", "size_mb": 6.2}], "included_files": 50000, "context_size_mb": 584.9, "correlation_key": "fp|b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 119883, "scanner": "repobility-threat-engine", "fingerprint": "148de2a58225f4c1ff7e8f98ba6d982beb4c0b20bb4fa5a9c880ae4653646bfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(jsTestName", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|148de2a58225f4c1ff7e8f98ba6d982beb4c0b20bb4fa5a9c880ae4653646bfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/timeseries/timeseries_reads_setFCV.js"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 119882, "scanner": "repobility-threat-engine", "fingerprint": "6d0393cd4afaf84e17f95783520b943571ea4c8c6abab8a846ed406009265916", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(jsTestName", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6d0393cd4afaf84e17f95783520b943571ea4c8c6abab8a846ed406009265916"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/timeseries/timeseries_create_drop_setFCV.js"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 119881, "scanner": "repobility-threat-engine", "fingerprint": "0fda87a3697d87e38ec647de7895850102c3129dd5a9b4e6612520b95f4cafb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(RegExp", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0fda87a3697d87e38ec647de7895850102c3129dd5a9b4e6612520b95f4cafb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/change_streams/change_streams_namespace_match_expressions.js"}, "region": {"startLine": 101}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 119873, "scanner": "repobility-threat-engine", "fingerprint": "4ffa8afdc3f93ed55e7fc35ad859ebc48b909dffc42fa362b07bfb989846a6d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(home_dir)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4ffa8afdc3f93ed55e7fc35ad859ebc48b909dffc42fa362b07bfb989846a6d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/spawnhost/extract_artifacts.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 119871, "scanner": "repobility-threat-engine", "fingerprint": "9e34944c9d97f629cb40fef6f798f83a38198a925a556d920a4e0feddd486045", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9e34944c9d97f629cb40fef6f798f83a38198a925a556d920a4e0feddd486045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/macos_notary.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 119857, "scanner": "repobility-threat-engine", "fingerprint": "5c7e391b98dcafe858751e5476f81f6e4f8a65e237620931880a1a252b68a047", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|62|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/selinux_run_test.sh"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 119856, "scanner": "repobility-threat-engine", "fingerprint": "0073aeb1fa6dbd29c497ef837849a514e9a7b9d74e6504461f430cc84f6023e6", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|26|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/powercycle_check_host.sh"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 119855, "scanner": "repobility-threat-engine", "fingerprint": "2a6c194ea9715b1c0c1d4feaa71854b330470f5895520fd99c6decd731436d74", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|18|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/powercycle/powercycle_constants.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED104", "level": "error", "message": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "properties": {"repobilityId": 119854, "scanner": "repobility-threat-engine", "fingerprint": "d09a54d772a763cda431305730390418258c15251027a8dc2217132ed08f99f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "chmod-777", "owasp": "A05:2021", "cwe_ids": ["CWE-732", "CWE-276"], "languages": ["shell", "bash", "dockerfile"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 0, "observations_count": 0, "ai_coder_pattern_id": 47}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d09a54d772a763cda431305730390418258c15251027a8dc2217132ed08f99f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mount_drives.sh"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 119849, "scanner": "repobility-threat-engine", "fingerprint": "9a63078e75029d129add8878bd1556a0cd0b268bc9b8da7869fa479731e50855", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(\n        r\"Package operations: (\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|71|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/pip_requirements.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 119848, "scanner": "repobility-threat-engine", "fingerprint": "9c4513d89ebc3574ab6f5e5df3906d6149106ae008ec43444354a9ad41e3549b", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"Thread (?P<pthread_id>0x[0-9a-f]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|51|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/gdb/mongo_utils.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 119838, "scanner": "repobility-threat-engine", "fingerprint": "ee4332397cb6027923e77560cf790dff1357a8d1a81e9fdca3ededd8a720f4fa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ee4332397cb6027923e77560cf790dff1357a8d1a81e9fdca3ededd8a720f4fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongo_rg_builds/build_rg_manylinux2014.sh"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 119837, "scanner": "repobility-threat-engine", "fingerprint": "7e6b197de61cdd0235357144e632907f1e8126a3af0cec3b4d0f1ebe2ff52c80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7e6b197de61cdd0235357144e632907f1e8126a3af0cec3b4d0f1ebe2ff52c80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongo_rg_builds/build_rg_macos_universal.sh"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 119836, "scanner": "repobility-threat-engine", "fingerprint": "3116849d6e30661dc643b1473537a6645496bc3eb5fd6b3bd7a16e61fbfce2b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3116849d6e30661dc643b1473537a6645496bc3eb5fd6b3bd7a16e61fbfce2b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/build_cargo_bazel_ppc64le.sh"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 119833, "scanner": "repobility-threat-engine", "fingerprint": "569cca8369622f132b25b04b720f0a4bc85f6779620d83c6cb2037e0fd3ccc4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|569cca8369622f132b25b04b720f0a4bc85f6779620d83c6cb2037e0fd3ccc4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/pyrightlint.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 119832, "scanner": "repobility-threat-engine", "fingerprint": "cd63e17e066a7a088b070506c1422103b6b666070b0df6b63a717164398c9754", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd63e17e066a7a088b070506c1422103b6b666070b0df6b63a717164398c9754"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/poetry_lock_check.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 119831, "scanner": "repobility-threat-engine", "fingerprint": "eca0ef6ca4d1052904cfe8eafdae6d9a6bcbd9460f81a18124815da96e9f4d28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eca0ef6ca4d1052904cfe8eafdae6d9a6bcbd9460f81a18124815da96e9f4d28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/engflow_auth/engflow_auth.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 119824, "scanner": "repobility-threat-engine", "fingerprint": "2436a2a2f3981a1c4a4d9c244ffafb8f5154f8bf33f97d4b799fdb595726066c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2436a2a2f3981a1c4a4d9c244ffafb8f5154f8bf33f97d4b799fdb595726066c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/collect_resource_info.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 119823, "scanner": "repobility-threat-engine", "fingerprint": "b52b6ba927c641ae2c3767569aab56fa89733c42400ae4142e2971aae99e629a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b52b6ba927c641ae2c3767569aab56fa89733c42400ae4142e2971aae99e629a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/client/github.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 119822, "scanner": "repobility-threat-engine", "fingerprint": "420ba73f66f29e511689adbae641d8b26745272f564424eba599018c2946abd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|420ba73f66f29e511689adbae641d8b26745272f564424eba599018c2946abd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/codeowners/check_github_codeowner_errors.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 119818, "scanner": "repobility-threat-engine", "fingerprint": "994b7a3615f885e25e9b3f6f5bad061deaadad0df54b2fd87c7c6fb54ae5fdbb", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(\"When a client sets authenticationRestrictions on a user, authorization privileges are revoked", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|21|print when a client sets authenticationrestrictions on a user authorization privileges are revoked"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/auth/authentication_restrictions.js"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 119811, "scanner": "repobility-threat-engine", "fingerprint": "a9961d5ff49b68677f90958f45600304f6405db4ee715e011d6a9d785a7657e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a9961d5ff49b68677f90958f45600304f6405db4ee715e011d6a9d785a7657e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/mongo_rapidyaml_builds/build_rapidyaml_macos.sh"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 119810, "scanner": "repobility-threat-engine", "fingerprint": "a24ae208995605c21baceb2ee38aeca24fd311a33165b25ebb14ec6ff864b9ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a24ae208995605c21baceb2ee38aeca24fd311a33165b25ebb14ec6ff864b9ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/linter/runner.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 119809, "scanner": "repobility-threat-engine", "fingerprint": "a036856c35406b5c3f649da12507203ec9cfcc7e4f887a5c95b41d6b2d48010a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a036856c35406b5c3f649da12507203ec9cfcc7e4f887a5c95b41d6b2d48010a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/install_modules.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 119807, "scanner": "repobility-threat-engine", "fingerprint": "c6cfd154549e077ac578d257b180292e80b5de57bdf6bcf55eff6028ecb8b314", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c6cfd154549e077ac578d257b180292e80b5de57bdf6bcf55eff6028ecb8b314"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/write_wrapper_hook_bazelrc.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 119806, "scanner": "repobility-threat-engine", "fingerprint": "0675714a432c96ce45ba29a50fe7111e5efaf8046a1730f175df2afbcc0ab502", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0675714a432c96ce45ba29a50fe7111e5efaf8046a1730f175df2afbcc0ab502"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/install_modules.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 119805, "scanner": "repobility-threat-engine", "fingerprint": "46d5d17382ff5f32bdec9e6b86e6cc4c4ca0a50cc816affc3074293778032180", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|46d5d17382ff5f32bdec9e6b86e6cc4c4ca0a50cc816affc3074293778032180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/wrapper_hook/generate_common_bes_bazelrc.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 119794, "scanner": "repobility-threat-engine", "fingerprint": "143ee2d4a576aafa80383875320c42a85d9895836a0ed39ce52185cbdb8fb839", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|143ee2d4a576aafa80383875320c42a85d9895836a0ed39ce52185cbdb8fb839"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 119787, "scanner": "repobility-threat-engine", "fingerprint": "755d05b460ec4a6e467421d281a89e0dfac47b96be7fb81873ed60f18fca8180", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(l", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|755d05b460ec4a6e467421d281a89e0dfac47b96be7fb81873ed60f18fca8180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/sbom/config.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 119786, "scanner": "repobility-threat-engine", "fingerprint": "65dd96be9cb6bc99fb451d52b6bad8e1b5cf9c384e4c6af6ebeb4614bf4e61a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(code", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|65dd96be9cb6bc99fb451d52b6bad8e1b5cf9c384e4c6af6ebeb4614bf4e61a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/local_rbe_container_url.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 119785, "scanner": "repobility-threat-engine", "fingerprint": "f95ac66578ee953b4bc74ce3db61308ded50f42c9195ecc2fbd64cb2dc9d1a91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(code", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f95ac66578ee953b4bc74ce3db61308ded50f42c9195ecc2fbd64cb2dc9d1a91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/platforms/remote_execution_containers_generator.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 119779, "scanner": "repobility-threat-engine", "fingerprint": "f6277b5d2951195de5e296930d339fd8c6cbc0137710a68f60a73e1075dff30a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6277b5d2951195de5e296930d339fd8c6cbc0137710a68f60a73e1075dff30a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/database_instance.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 119778, "scanner": "repobility-threat-engine", "fingerprint": "e7f909420f5e55868f299a6be25906cd69a937ce781b8bac918736324f68ed26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7f909420f5e55868f299a6be25906cd69a937ce781b8bac918736324f68ed26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/engflow_auth/engflow_auth.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 119777, "scanner": "repobility-threat-engine", "fingerprint": "7e695168583a82838f5370321d58979d5403b1dbfcbccab1910b69c26658529a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7e695168583a82838f5370321d58979d5403b1dbfcbccab1910b69c26658529a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/install_rules/pretty_printer_test_creator.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 119767, "scanner": "repobility-threat-engine", "fingerprint": "3bf4dc5d6b4ecf88b0687c678e57a65b99e09fe2fef56350c9904b61c0241015", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(args.input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|12|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/clang_tidy_config_gen.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 119766, "scanner": "repobility-threat-engine", "fingerprint": "8d54e73c9d366d30ba741a53f0aeae69513f7fc0621decf8869111bcebe19af7", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(item) as input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|82|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/apply_clang_tidy_fixes.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 119765, "scanner": "repobility-threat-engine", "fingerprint": "591d222bdf378f24bc623b0151bff5fa9d6305bd26fda2a7e95b4155816823e7", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|16|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/config/generate_config_header.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 119759, "scanner": "repobility-threat-engine", "fingerprint": "2dc00132799cbec2f93458e9bbf9e1159a7ebcea24b36cc86752fb5df43f394d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2dc00132799cbec2f93458e9bbf9e1159a7ebcea24b36cc86752fb5df43f394d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 119758, "scanner": "repobility-threat-engine", "fingerprint": "25a7c2b12a90f499cbaf2d6d7633ba0b6a6de5353951ac2167a0d238712c74eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|25a7c2b12a90f499cbaf2d6d7633ba0b6a6de5353951ac2167a0d238712c74eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/install_rules/install_rules.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 119757, "scanner": "repobility-threat-engine", "fingerprint": "11dd900718caa508881832282f3b666678352068d76c0261ae7dd4a2d223ebd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|11dd900718caa508881832282f3b666678352068d76c0261ae7dd4a2d223ebd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/auto_header/gen_all_headers.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `_gen_labels_from_fd` has cognitive complexity 37 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, continue=1, elif=2, else=2, except=2, if=8, nested_bonus=18, while=2."}, "properties": {"repobilityId": 119755, "scanner": "repobility-threat-engine", "fingerprint": "988488a434ca333e36c596a3b6766e9a3e4bc90dd9739dc17532fa6085e6e63b", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 37 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_gen_labels_from_fd", "breakdown": {"if": 8, "elif": 2, "else": 2, "break": 2, "while": 2, "except": 2, "continue": 1, "nested_bonus": 18}, "complexity": 37, "correlation_key": "fp|988488a434ca333e36c596a3b6766e9a3e4bc90dd9739dc17532fa6085e6e63b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/auto_header/gen_all_headers.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 119747, "scanner": "repobility-threat-engine", "fingerprint": "d5758e8616f6a449c0b66b4cb3741e8016919a4a2febc0a29e4bae38a50ecdc7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "defined.update(dep_sym[\"defined\"])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d5758e8616f6a449c0b66b4cb3741e8016919a4a2febc0a29e4bae38a50ecdc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/symbol_checker/symbol_checker.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 119746, "scanner": "repobility-threat-engine", "fingerprint": "2cf3397e81a8e4ee9b37e901d8c53cb811d7ac0d4bebc39d03ad86ddf3f239c2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "h_existing.update(chunk)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2cf3397e81a8e4ee9b37e901d8c53cb811d7ac0d4bebc39d03ad86ddf3f239c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/auto_header/gen_all_headers.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 119745, "scanner": "repobility-threat-engine", "fingerprint": "0f32accbadd759725b09996aa3ae411a39caee1b9707682039ccf6845e76ae3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "sha256_hash.update(chunk)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0f32accbadd759725b09996aa3ae411a39caee1b9707682039ccf6845e76ae3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/s3_artifact_utils.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 119743, "scanner": "repobility-threat-engine", "fingerprint": "9df5469d768c732ea5ef3a13bfe6b0f3d0df7542e4d61dbc348ae55208f15182", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(\n                url=url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9df5469d768c732ea5ef3a13bfe6b0f3d0df7542e4d61dbc348ae55208f15182"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/codeowners/check_github_codeowner_errors.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 119742, "scanner": "repobility-threat-engine", "fingerprint": "e5796b6762dc19ea021c00eec9f23573ec8fe6a95aaf7345eebed4c0cd0a2cb3", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e5796b6762dc19ea021c00eec9f23573ec8fe6a95aaf7345eebed4c0cd0a2cb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/download_historic_runtimes.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 119741, "scanner": "repobility-threat-engine", "fingerprint": "7b58130decb1e8cb5984d2b221ecc8b1eb1621ebf6d0af237f3ff8c3e4fd6168", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7b58130decb1e8cb5984d2b221ecc8b1eb1621ebf6d0af237f3ff8c3e4fd6168"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/s3_artifact_utils.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120192, "scanner": "repobility-ast-engine", "fingerprint": "a218df26cbbf13d370ac3cbfba1fc96b5ab0c931b4ba48f8cdc70d7e6326bc51", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a218df26cbbf13d370ac3cbfba1fc96b5ab0c931b4ba48f8cdc70d7e6326bc51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mongo/db/query/benchmark/data_generator/datagen/util.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120185, "scanner": "repobility-ast-engine", "fingerprint": "2f05adefdc233d212e48984b875cb7adc6ed8988e99c040195c2f34ff7654553", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f05adefdc233d212e48984b875cb7adc6ed8988e99c040195c2f34ff7654553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/hooks/generate_and_check_perf_results.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120183, "scanner": "repobility-ast-engine", "fingerprint": "a2d577b35809253af1085e8f2c9a6df2e599d5836e74d375cd6fe6c25dbf8cbd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2d577b35809253af1085e8f2c9a6df2e599d5836e74d375cd6fe6c25dbf8cbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/testing/job.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120182, "scanner": "repobility-ast-engine", "fingerprint": "eaea17e710aa2f5e6eb07c9881aef79c0ee9fd669624eb0c018d8e9bb8f8ab21", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eaea17e710aa2f5e6eb07c9881aef79c0ee9fd669624eb0c018d8e9bb8f8ab21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/utils/archival.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120181, "scanner": "repobility-ast-engine", "fingerprint": "145ace991529aa495fadd9439c2d09b55cb803bc41647818201dc26aca2e0e08", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|145ace991529aa495fadd9439c2d09b55cb803bc41647818201dc26aca2e0e08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmokelib/utils/jscomment.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120180, "scanner": "repobility-ast-engine", "fingerprint": "cf6a446e8832d4a0bb031708274daf8abf6710f312c637982c7b9a27ab7670e0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf6a446e8832d4a0bb031708274daf8abf6710f312c637982c7b9a27ab7670e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/idl/generator.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120179, "scanner": "repobility-ast-engine", "fingerprint": "9c603e1e12d1af3350bacb86e667174ecc3e4a6c39d01b1998c94713962950bc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c603e1e12d1af3350bacb86e667174ecc3e4a6c39d01b1998c94713962950bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/idl/binder.py"}, "region": {"startLine": 339}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120178, "scanner": "repobility-ast-engine", "fingerprint": "41065bcebf17ceaa701f1acc54db3a3767c18c3f5fef9c3bc395a714ffc706be", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41065bcebf17ceaa701f1acc54db3a3767c18c3f5fef9c3bc395a714ffc706be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/idl/binder.py"}, "region": {"startLine": 581}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120177, "scanner": "repobility-ast-engine", "fingerprint": "bc3f633c04319c4eeea0a94e902a3364721f890914eb5a2bf6d47f564bb21c5b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc3f633c04319c4eeea0a94e902a3364721f890914eb5a2bf6d47f564bb21c5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/idl/syntax.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120176, "scanner": "repobility-ast-engine", "fingerprint": "85c0ab49d558bd95a834d153a077f7196dd295e807157e6e06420512780dd97a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|85c0ab49d558bd95a834d153a077f7196dd295e807157e6e06420512780dd97a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/idl/struct_types.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120175, "scanner": "repobility-ast-engine", "fingerprint": "7cd3798ea61177c727443224d74a3470794482b27bbcc1d1b7c7829b7be17e57", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7cd3798ea61177c727443224d74a3470794482b27bbcc1d1b7c7829b7be17e57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/idl/parser.py"}, "region": {"startLine": 588}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120174, "scanner": "repobility-ast-engine", "fingerprint": "a1c98bb47775afa759a7b270478ac19b06d3780eab73b0ceaf83bc746c998c4f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1c98bb47775afa759a7b270478ac19b06d3780eab73b0ceaf83bc746c998c4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/resmokelib/testing/test_job.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120173, "scanner": "repobility-ast-engine", "fingerprint": "6a2c84176a4320438af38eda6da796c33addeecfd5bcb4d5819d90b7c86461f8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a2c84176a4320438af38eda6da796c33addeecfd5bcb4d5819d90b7c86461f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/parameters_extractor_classic.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `collections` used but not imported: The file uses `collections.something(...)` but never imports `collections`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120151, "scanner": "repobility-ast-engine", "fingerprint": "3a3cc28d5e49a9a3ebb386b09b317b403a2cbb037de1cff601b58784489e0fa5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a3cc28d5e49a9a3ebb386b09b317b403a2cbb037de1cff601b58784489e0fa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/cost_model/ce_generate_data.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120150, "scanner": "repobility-ast-engine", "fingerprint": "559eabf814b6fc0c2c6c4d03e100aa52d544a8df0cb353f6fa99fc3bcbb4c50a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|559eabf814b6fc0c2c6c4d03e100aa52d544a8df0cb353f6fa99fc3bcbb4c50a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/tests/test_simple_report.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120149, "scanner": "repobility-ast-engine", "fingerprint": "dbb3448599a5cab97d79514628b6b1b5c7e6c56b3308f9acdc1449f4b0ddcc87", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dbb3448599a5cab97d79514628b6b1b5c7e6c56b3308f9acdc1449f4b0ddcc87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/idl_check_compatibility.py"}, "region": {"startLine": 1220}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `logging` used but not imported: The file uses `logging.something(...)` but never imports `logging`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120148, "scanner": "repobility-ast-engine", "fingerprint": "a41c83436acb1be512f438631d244d7d1d88e649d54acf2c24f073aaccba448b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a41c83436acb1be512f438631d244d7d1d88e649d54acf2c24f073aaccba448b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/idl/gen_dts.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120147, "scanner": "repobility-ast-engine", "fingerprint": "529ac8b967885442eaa2bef0edebcb969a90856686d0dedd838107f1d5483d8b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|529ac8b967885442eaa2bef0edebcb969a90856686d0dedd838107f1d5483d8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/util/teststats.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120145, "scanner": "repobility-ast-engine", "fingerprint": "6a444181a2841ad53e9fa2713c3713c488399e4924b4da8f6c09a0ce08578e8a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a444181a2841ad53e9fa2713c3713c488399e4924b4da8f6c09a0ce08578e8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/sbom/generate_sbom.py"}, "region": {"startLine": 1216}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120144, "scanner": "repobility-ast-engine", "fingerprint": "1cc384908d6f41d7c45e25d957b2439b85cfce8e9162e551e182c395e1ece4e9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1cc384908d6f41d7c45e25d957b2439b85cfce8e9162e551e182c395e1ece4e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/timeouts/timeout_service.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `bisect` used but not imported: The file uses `bisect.something(...)` but never imports `bisect`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120143, "scanner": "repobility-ast-engine", "fingerprint": "b920f0c548e07319f4d95426492a11f75abbb742a01db76163467e2b4bafac35", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b920f0c548e07319f4d95426492a11f75abbb742a01db76163467e2b4bafac35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/auto_header/gen_all_headers.py"}, "region": {"startLine": 295}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120135, "scanner": "repobility-ast-engine", "fingerprint": "e0ca40687003d7aedd18d7fe2d3ad59e4acfe59eee2ab4946e6eeccd9be8fa3b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0ca40687003d7aedd18d7fe2d3ad59e4acfe59eee2ab4946e6eeccd9be8fa3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120134, "scanner": "repobility-ast-engine", "fingerprint": "09ae1062e6a2143014fca608b3b0d2c119e527c4017d3cf900dfff6c84d00e9b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09ae1062e6a2143014fca608b3b0d2c119e527c4017d3cf900dfff6c84d00e9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/bazelisk.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120120, "scanner": "repobility-ast-engine", "fingerprint": "a75a8382a03b79c92e2da41c096e00344574661b885b7e81c16385e245824754", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a75a8382a03b79c92e2da41c096e00344574661b885b7e81c16385e245824754"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/resmoke_tests_runtime_validate.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120117, "scanner": "repobility-ast-engine", "fingerprint": "e7c0d91cb51dd3a3cb3e8156258f813afbd3f87bce9d0dc1d3ef33a105d1800f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7c0d91cb51dd3a3cb3e8156258f813afbd3f87bce9d0dc1d3ef33a105d1800f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/jepsen_report.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 119890, "scanner": "repobility-threat-engine", "fingerprint": "663bdf50ffbc3cb56313816388bececd02871090744ea63462924586c395fe44", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|663bdf50ffbc3cb56313816388bececd02871090744ea63462924586c395fe44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/txns/multi_statement_transaction/multi_statement_transaction_all_commands_same_session.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 119889, "scanner": "repobility-threat-engine", "fingerprint": "4fd76b0e1b77a50c228cbb684d270ffa85db4bcad9315e7fdf5ce56400e2f820", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4fd76b0e1b77a50c228cbb684d270ffa85db4bcad9315e7fdf5ce56400e2f820"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/query/exchange_producer.js"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED035", "level": "error", "message": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "properties": {"repobilityId": 119887, "scanner": "repobility-threat-engine", "fingerprint": "3827c5c843eafa5602aefca5f06af52b7920369636dd973d6f2045b385f8f12f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-new-function", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347980+00:00", "triaged_in_corpus": 20, "observations_count": 2547, "ai_coder_pattern_id": 104}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3827c5c843eafa5602aefca5f06af52b7920369636dd973d6f2045b385f8f12f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/concurrency/fsm_workloads/crud/indexed_insert/indexed_insert_heterogeneous.js"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 119879, "scanner": "repobility-threat-engine", "fingerprint": "6d71e8518225f11f2806ea42f52c5ea7d69465e4bee8a9b477e53cd6bbca1cb9", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "mongodb://admin:password@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|6|mongodb://admin:password"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/auth/repl_auth_shell_mechanism.js"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 119878, "scanner": "repobility-threat-engine", "fingerprint": "8e37d9e858130fdd23f0baafe28c8a8cbf5e9541220a587850bd2cc7bf430325", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "mongodb://user:password@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|3|mongodb://user:password"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/auth/mongoURIAuth.js"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 119877, "scanner": "repobility-threat-engine", "fingerprint": "d391e6c80d01fdaeb4d8ff15487686719a92a33ae12a4af78d6cb859b57dcd65", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "mongodb://admin:pass@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|3|mongodb://admin:pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jstests/auth/deleted_recreated_user_base.js"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 119866, "scanner": "repobility-threat-engine", "fingerprint": "92b081621b28f0d8f45377026e010339b0fa4347347ba927f546682979042516", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|92b081621b28f0d8f45377026e010339b0fa4347347ba927f546682979042516"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/jepsen_docker/setup.sh"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 119865, "scanner": "repobility-threat-engine", "fingerprint": "ded1045ab9245cef70a98b3987e884469db13306f65d2bdf0b89d5e973d89f6c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ded1045ab9245cef70a98b3987e884469db13306f65d2bdf0b89d5e973d89f6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/do_jepsen_setup/install_jepsen.sh"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 119864, "scanner": "repobility-threat-engine", "fingerprint": "6c19ba77577c31a76ec688f3daffee3634541140aab07868e7dded851242bedf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c19ba77577c31a76ec688f3daffee3634541140aab07868e7dded851242bedf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "evergreen/do_jepsen_setup/build_libfaketime.sh"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 119851, "scanner": "repobility-threat-engine", "fingerprint": "fa64ee4004a903461938e1f2c5659afc27e0ce8e42d2ab2f7d9316535eab1319", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fa64ee4004a903461938e1f2c5659afc27e0ce8e42d2ab2f7d9316535eab1319"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/libdeps/find_symbols.c"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED007", "level": "error", "message": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"repobilityId": 119850, "scanner": "repobility-threat-engine", "fingerprint": "3f0c1f2ae20ca388be0b03c831621751b13d28092ad505b199419501a5fb751c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f0c1f2ae20ca388be0b03c831621751b13d28092ad505b199419501a5fb751c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/gdb/mongo_utils.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED102", "level": "error", "message": {"text": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command injection. An attacker controlling any interpolated value can execute arbitrary shell commands."}, "properties": {"repobilityId": 119835, "scanner": "repobility-threat-engine", "fingerprint": "0f8801a2ab1d96d022ecd4c4ef5db1f9b1f32443704372aec6a4faeeb4a1da1a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "shell-injection-format", "owasp": "A03:2021", "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 1, "observations_count": 175, "ai_coder_pattern_id": 11}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0f8801a2ab1d96d022ecd4c4ef5db1f9b1f32443704372aec6a4faeeb4a1da1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildscripts/bazel_rules_mongo/engflow_auth/engflow_auth.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 119793, "scanner": "repobility-threat-engine", "fingerprint": "ce2db94c1360dca2a4fb69dfb8ee102847ea1c2cad8977ce58f5802dcedb896b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce2db94c1360dca2a4fb69dfb8ee102847ea1c2cad8977ce58f5802dcedb896b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 119792, "scanner": "repobility-threat-engine", "fingerprint": "79bdaa57cc6b9e2e4b0bf50081685662b511e8dd9dc4d8fd3b3c071eaab70720", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|77|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 119791, "scanner": "repobility-threat-engine", "fingerprint": "ae824b552e4449ac11572c6feff20eeb7ea6268783cdaab7dd04a2ae1273f6ad", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(fh, Loader=_YamlLoader)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ae824b552e4449ac11572c6feff20eeb7ea6268783cdaab7dd04a2ae1273f6ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bazel/resmoke/derive_suite_selectors.py"}, "region": {"startLine": 77}}}]}]}]}