{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED051", "name": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong.", "shortDescription": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC025", "name": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand externa", "shortDescription": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure a"}, "fullDescription": {"text": "Set XmlResolver = null on XmlDocument before Load. On XmlReader, pass XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null }. Prefer XDocument / XElement which don't expand external entities by default."}, "properties": {"scanner": "repobility-threat-engine", "category": "xxe", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/github-script` pinned to mutable ref `@v7`", "shortDescription": {"text": "Action `actions/github-script` pinned to mutable ref `@v7`"}, "fullDescription": {"text": "`uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `platform` used but not imported", "shortDescription": {"text": "Missing import: `platform` used but not imported"}, "fullDescription": {"text": "The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1046"}, "properties": {"repository": "Alex4SSB/ADB-Explorer", "repoUrl": "https://github.com/Alex4SSB/ADB-Explorer", "branch": "master"}, "results": [{"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 102879, "scanner": "repobility-threat-engine", "fingerprint": "cf77b9c6689ebfd42f0a47f52a5661f5b397feb85436476ea37dbd0248edf963", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n        catch (Exception)\n        {\n            return null;\n        }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cf77b9c6689ebfd42f0a47f52a5661f5b397feb85436476ea37dbd0248edf963"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/AppInfra/Security.cs"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 102878, "scanner": "repobility-threat-engine", "fingerprint": "1627ba06394968299675b9a9be8e01e95f895a7a01c5e2e07e53aacf1ece5824", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n        catch (Exception)\n        {\n            return null;\n        }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1627ba06394968299675b9a9be8e01e95f895a7a01c5e2e07e53aacf1ece5824"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/AppInfra/Network.cs"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 102877, "scanner": "repobility-threat-engine", "fingerprint": "b7aba71c3005d1a24b4820edec840b1248836f385659f438861663dc03305e68", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n            catch (Exception)\n            {\n                return null;\n            }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b7aba71c3005d1a24b4820edec840b1248836f385659f438861663dc03305e68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/AppInfra/LowLevel/FileDescriptor.cs"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102872, "scanner": "repobility-ast-engine", "fingerprint": "01605b7571770bc55716708a703b82004703753b588350e1ef5ffd1ef4fa4861", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01605b7571770bc55716708a703b82004703753b588350e1ef5ffd1ef4fa4861"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102871, "scanner": "repobility-ast-engine", "fingerprint": "ed099ce482689ed3aca00a7546de545c1a9b947aeb1b0a723a8e2f0c6504a7c9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed099ce482689ed3aca00a7546de545c1a9b947aeb1b0a723a8e2f0c6504a7c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 370}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102870, "scanner": "repobility-ast-engine", "fingerprint": "473c029802d9280caf89263ad7e53053e0c51e7c4818b95a98cb610bcee295c3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|473c029802d9280caf89263ad7e53053e0c51e7c4818b95a98cb610bcee295c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 320}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102869, "scanner": "repobility-ast-engine", "fingerprint": "220ec02e6bc190c3a64d5de252644a57b81211abf2fd9314af4bf7287bb69b0a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|220ec02e6bc190c3a64d5de252644a57b81211abf2fd9314af4bf7287bb69b0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 273}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102868, "scanner": "repobility-ast-engine", "fingerprint": "91b0192dc39f008d05582dc0c02b73eed07b2e97f60a6d65b971f84ee8f0448e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|91b0192dc39f008d05582dc0c02b73eed07b2e97f60a6d65b971f84ee8f0448e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102867, "scanner": "repobility-ast-engine", "fingerprint": "31137d7d93edc18dfc290a117a2c02ee2d0dc02bf4a6aefad7a57978ff7c58fa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31137d7d93edc18dfc290a117a2c02ee2d0dc02bf4a6aefad7a57978ff7c58fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102866, "scanner": "repobility-ast-engine", "fingerprint": "fa4a76cecc20a7bd6a256816b8a7419330977b671ae526f9fbed65f8698df692", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa4a76cecc20a7bd6a256816b8a7419330977b671ae526f9fbed65f8698df692"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102865, "scanner": "repobility-ast-engine", "fingerprint": "c627391dfc096277f31ecc690bc31a19899e904360f4930b74ad55888f6dad06", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c627391dfc096277f31ecc690bc31a19899e904360f4930b74ad55888f6dad06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102864, "scanner": "repobility-ast-engine", "fingerprint": "baa18fe86045f4ed0f175c2bb5cd400dd94d2ec84ebb1c0fb06e8961ff328004", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|baa18fe86045f4ed0f175c2bb5cd400dd94d2ec84ebb1c0fb06e8961ff328004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 102863, "scanner": "repobility-ast-engine", "fingerprint": "37b0ab82fcc91194b96aab331631d52fbbadeb74b818678542d37f068766763c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37b0ab82fcc91194b96aab331631d52fbbadeb74b818678542d37f068766763c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102861, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b021488eb9a037d53cf32f9994c9a53a014a249b5386f09ecef6a0e38c1484d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ADB Explorer/Services/FileOperation/FileChangeModifiedOperation.cs", "duplicate_line": 30, "correlation_key": "fp|5b021488eb9a037d53cf32f9994c9a53a014a249b5386f09ecef6a0e38c1484d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/FileOperation/PackageInstallOperation.cs"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102860, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca5596301917d6bcb93468fae3e9e7202c06bde77d685fe6ad31a0dd7473e73f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ADB Explorer/Services/FileOperation/FileChangeModifiedOperation.cs", "duplicate_line": 30, "correlation_key": "fp|ca5596301917d6bcb93468fae3e9e7202c06bde77d685fe6ad31a0dd7473e73f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/FileOperation/FileRenameOperation.cs"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102859, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f45445d0a4b38bb7d10f9fdf9f810b308866a42b05eab1bc332400480c5d226c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ADB Explorer/Services/FileOperation/FileMoveOperation.cs", "duplicate_line": 66, "correlation_key": "fp|f45445d0a4b38bb7d10f9fdf9f810b308866a42b05eab1bc332400480c5d226c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/FileOperation/FileRenameOperation.cs"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102858, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33951009a7c30749e6a71aa5034ab5e6aeff7335448ac5e5d0a93e3c7f61d95e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ADB Explorer/Services/FileOperation/FileChangeModifiedOperation.cs", "duplicate_line": 39, "correlation_key": "fp|33951009a7c30749e6a71aa5034ab5e6aeff7335448ac5e5d0a93e3c7f61d95e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/FileOperation/FileMoveOperation.cs"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 102882, "scanner": "repobility-threat-engine", "fingerprint": "beed04219e782e7b75277f720a434443d95bcb9722e28244d010d4bef703a7f4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|beed04219e782e7b75277f720a434443d95bcb9722e28244d010d4bef703a7f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/FileOpSnackbarService.cs"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 102881, "scanner": "repobility-threat-engine", "fingerprint": "e46b7cc46c6306031928cb4c374d49e37f65538f3c78408d28c2ad1451127a04", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e46b7cc46c6306031928cb4c374d49e37f65538f3c78408d28c2ad1451127a04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/ApplicationHostService.cs"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 102883, "scanner": "repobility-threat-engine", "fingerprint": "f1afbac3ddc31b78e1454ec3225e71f7485babc4f4a8aac67a579e096208134c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "File.Delete(oldFile);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f1afbac3ddc31b78e1454ec3225e71f7485babc4f4a8aac67a579e096208134c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/SettingsService.cs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 102880, "scanner": "repobility-threat-engine", "fingerprint": "4ff323bc335fe3a95f1711c443d1870b070aa8fd88bf8487f72d586192056158", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ff323bc335fe3a95f1711c443d1870b070aa8fd88bf8487f72d586192056158"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Services/AppInfra/Security.cs"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC025", "level": "error", "message": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure and SSRF via XXE."}, "properties": {"repobilityId": 102876, "scanner": "repobility-threat-engine", "fingerprint": "9c0926152fa7fab82899fa8410d869054d49277797e3284e5e8b0c70c1bbde91", "category": "xxe", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "XmlReader.Create(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC025", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9c0926152fa7fab82899fa8410d869054d49277797e3284e5e8b0c70c1bbde91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ADB Explorer/Helpers/Attachable/TextHelper.cs"}, "region": {"startLine": 278}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 102875, "scanner": "repobility-supply-chain", "fingerprint": "faafb5e6e550fc39a284c210f5c35d7c80c8eb3e6624a500afc723a19374d648", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|faafb5e6e550fc39a284c210f5c35d7c80c8eb3e6624a500afc723a19374d648"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/monthly-adb-version-check.yml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 102874, "scanner": "repobility-supply-chain", "fingerprint": "fe32887eaa4cb6bb984642872801b7d2f376943b09a402b348324f5ca7d10736", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe32887eaa4cb6bb984642872801b7d2f376943b09a402b348324f5ca7d10736"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/monthly-adb-version-check.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 102873, "scanner": "repobility-supply-chain", "fingerprint": "29b568a8dfbbb66604d16efc596491fbd077e76c7a7074591d5c219ebe4b61fe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|29b568a8dfbbb66604d16efc596491fbd077e76c7a7074591d5c219ebe4b61fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/monthly-adb-version-check.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 102857, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `platform` used but not imported"}, "properties": {"repobilityId": 102862, "scanner": "repobility-ast-engine", "fingerprint": "c59321c02376a676d095d749bd75750fb3319221ee17fcf5de39bdb8d0aa411c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c59321c02376a676d095d749bd75750fb3319221ee17fcf5de39bdb8d0aa411c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_adb_download.py"}, "region": {"startLine": 626}}}]}]}]}