{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DEPCUR-GHA", "name": "GitHub Action `actions/checkout@v2` is 4 major version(s) behind (latest v6.0.3)", "shortDescription": {"text": "GitHub Action `actions/checkout@v2` is 4 major version(s) behind (latest v6.0.3)"}, "fullDescription": {"text": "`uses: actions/checkout@v2` is 4 major version(s) behind the latest published release v6.0.3. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-mj87-hwqh-73pj", "name": "python-multipart: GHSA-mj87-hwqh-73pj", "shortDescription": {"text": "python-multipart: GHSA-mj87-hwqh-73pj"}, "fullDescription": {"text": "python-multipart affected by Denial of Service via large multipart preamble or epilogue data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x284-j5p8-9c5p", "name": "pypdf: GHSA-x284-j5p8-9c5p", "shortDescription": {"text": "pypdf: GHSA-x284-j5p8-9c5p"}, "fullDescription": {"text": "pypdf: Manipulated FlateDecode image dimensions can exhaust RAM"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jj6c-8h6c-hppx", "name": "pypdf: GHSA-jj6c-8h6c-hppx", "shortDescription": {"text": "pypdf: GHSA-jj6c-8h6c-hppx"}, "fullDescription": {"text": "pypdf has long runtimes for wrong size values in cross-reference and object streams"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7gw9-cf7v-778f", "name": "pypdf: GHSA-7gw9-cf7v-778f", "shortDescription": {"text": "pypdf: GHSA-7gw9-cf7v-778f"}, "fullDescription": {"text": "pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4pxv-j86v-mhcw", "name": "pypdf: GHSA-4pxv-j86v-mhcw", "shortDescription": {"text": "pypdf: GHSA-4pxv-j86v-mhcw"}, "fullDescription": {"text": "pypdf: Possible long runtimes for wrong size values in incremental mode"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3crg-w4f6-42mx", "name": "pypdf: GHSA-3crg-w4f6-42mx", "shortDescription": {"text": "pypdf: GHSA-3crg-w4f6-42mx"}, "fullDescription": {"text": "pypdf: Manipulated XMP metadata entity declarations can exhaust RAM"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-65pc-fj4g-8rjx", "name": "idna: GHSA-65pc-fj4g-8rjx", "shortDescription": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "fullDescription": {"text": "Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w2fm-2cpv-w7v5", "name": "aiohttp: GHSA-w2fm-2cpv-w7v5", "shortDescription": {"text": "aiohttp: GHSA-w2fm-2cpv-w7v5"}, "fullDescription": {"text": "aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p998-jp59-783m", "name": "aiohttp: GHSA-p998-jp59-783m", "shortDescription": {"text": "aiohttp: GHSA-p998-jp59-783m"}, "fullDescription": {"text": "AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-m5qp-6w8w-w647", "name": "aiohttp: GHSA-m5qp-6w8w-w647", "shortDescription": {"text": "aiohttp: GHSA-m5qp-6w8w-w647"}, "fullDescription": {"text": "AIOHTTP has a Multipart Header Size Bypass"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jj3x-wxrx-4x23", "name": "aiohttp: GHSA-jj3x-wxrx-4x23", "shortDescription": {"text": "aiohttp: GHSA-jj3x-wxrx-4x23"}, "fullDescription": {"text": "AIOHTTP vulnerable to DoS when bypassing asserts"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-g84x-mcqj-x9qq", "name": "aiohttp: GHSA-g84x-mcqj-x9qq", "shortDescription": {"text": "aiohttp: GHSA-g84x-mcqj-x9qq"}, "fullDescription": {"text": "AIOHTTP vulnerable to DoS through chunked messages"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c427-h43c-vf67", "name": "aiohttp: GHSA-c427-h43c-vf67", "shortDescription": {"text": "aiohttp: GHSA-c427-h43c-vf67"}, "fullDescription": {"text": "AIOHTTP accepts duplicate Host headers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8495-4g3g-x7pr", "name": "aiohttp: GHSA-8495-4g3g-x7pr", "shortDescription": {"text": "aiohttp: GHSA-8495-4g3g-x7pr"}, "fullDescription": {"text": "aiohttp allows request smuggling due to incorrect parsing of chunk extensions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6jhg-hg63-jvvf", "name": "aiohttp: GHSA-6jhg-hg63-jvvf", "shortDescription": {"text": "aiohttp: GHSA-6jhg-hg63-jvvf"}, "fullDescription": {"text": "AIOHTTP vulnerable to  denial of service through large payloads"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8ffj-4hx4-9pgf", "name": "lightrag-hku: GHSA-8ffj-4hx4-9pgf", "shortDescription": {"text": "lightrag-hku: GHSA-8ffj-4hx4-9pgf"}, "fullDescription": {"text": "lightrag-hku: JWT Algorithm Confusion Vulnerability "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `attach_public_media_urls` has cognitive complexity 20 (SonarSource scale)", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `attach_public_media_urls` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, an"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 20."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `tqdm` has no version pin", "shortDescription": {"text": "requirements.txt: `tqdm` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `vision_model_func` (list)", "shortDescription": {"text": "Mutable default argument in `vision_model_func` (list)"}, "fullDescription": {"text": "`def vision_model_func(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "GHSA-mwh4-6h8g-pg8w", "name": "aiohttp: GHSA-mwh4-6h8g-pg8w", "shortDescription": {"text": "aiohttp: GHSA-mwh4-6h8g-pg8w"}, "fullDescription": {"text": "AIOHTTP has HTTP response splitting via \\r in reason phrase"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mqqc-3gqh-h2x8", "name": "aiohttp: GHSA-mqqc-3gqh-h2x8", "shortDescription": {"text": "aiohttp: GHSA-mqqc-3gqh-h2x8"}, "fullDescription": {"text": "AIOHTTP has unicode match groups in regexes for ASCII protocol elements"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hcc4-c3v8-rx92", "name": "aiohttp: GHSA-hcc4-c3v8-rx92", "shortDescription": {"text": "aiohttp: GHSA-hcc4-c3v8-rx92"}, "fullDescription": {"text": "AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fh55-r93g-j68g", "name": "aiohttp: GHSA-fh55-r93g-j68g", "shortDescription": {"text": "aiohttp: GHSA-fh55-r93g-j68g"}, "fullDescription": {"text": "AIOHTTP Vulnerable to Cookie Parser Warning Storm"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-966j-vmvw-g2g9", "name": "aiohttp: GHSA-966j-vmvw-g2g9", "shortDescription": {"text": "aiohttp: GHSA-966j-vmvw-g2g9"}, "fullDescription": {"text": "AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9548-qrrj-x5pj", "name": "aiohttp: GHSA-9548-qrrj-x5pj", "shortDescription": {"text": "aiohttp: GHSA-9548-qrrj-x5pj"}, "fullDescription": {"text": " AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-69f9-5gxw-wvc2", "name": "aiohttp: GHSA-69f9-5gxw-wvc2", "shortDescription": {"text": "aiohttp: GHSA-69f9-5gxw-wvc2"}, "fullDescription": {"text": "AIOHTTP's unicode processing of header values could cause parsing discrepancies"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-63hf-3vf5-4wqf", "name": "aiohttp: GHSA-63hf-3vf5-4wqf", "shortDescription": {"text": "aiohttp: GHSA-63hf-3vf5-4wqf"}, "fullDescription": {"text": "AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-54jq-c3m8-4m76", "name": "aiohttp: GHSA-54jq-c3m8-4m76", "shortDescription": {"text": "aiohttp: GHSA-54jq-c3m8-4m76"}, "fullDescription": {"text": "AIOHTTP vulnerable to brute-force leak of internal static \ufb01le path components"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3wq7-rqq7-wx6j", "name": "aiohttp: GHSA-3wq7-rqq7-wx6j", "shortDescription": {"text": "aiohttp: GHSA-3wq7-rqq7-wx6j"}, "fullDescription": {"text": "AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2vrm-gr82-f7m5", "name": "aiohttp: GHSA-2vrm-gr82-f7m5", "shortDescription": {"text": "aiohttp: GHSA-2vrm-gr82-f7m5"}, "fullDescription": {"text": "AIOHTTP has CRLF injection through multipart part content type header construction"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2020-151", "name": "uvicorn: PYSEC-2020-151", "shortDescription": {"text": "uvicorn: PYSEC-2020-151"}, "fullDescription": {"text": "Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2020-150", "name": "uvicorn: PYSEC-2020-150", "shortDescription": {"text": "uvicorn: PYSEC-2020-150"}, "fullDescription": {"text": "This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file)."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cx63-2mw6-8hw5", "name": "setuptools: GHSA-cx63-2mw6-8hw5", "shortDescription": {"text": "setuptools: GHSA-cx63-2mw6-8hw5"}, "fullDescription": {"text": "setuptools vulnerable to Command Injection via package URL"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-49", "name": "setuptools: PYSEC-2025-49", "shortDescription": {"text": "setuptools: PYSEC-2025-49"}, "fullDescription": {"text": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2022-43012", "name": "setuptools: PYSEC-2022-43012", "shortDescription": {"text": "setuptools: PYSEC-2022-43012"}, "fullDescription": {"text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wp53-j4wj-2cfg", "name": "python-multipart: GHSA-wp53-j4wj-2cfg", "shortDescription": {"text": "python-multipart: GHSA-wp53-j4wj-2cfg"}, "fullDescription": {"text": "Python-Multipart has Arbitrary File Write via Non-Default Configuration"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pp6c-gr5w-3c5g", "name": "python-multipart: GHSA-pp6c-gr5w-3c5g", "shortDescription": {"text": "python-multipart: GHSA-pp6c-gr5w-3c5g"}, "fullDescription": {"text": "python-multipart has Denial of Service via unbounded multipart part headers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-59g5-xgcq-4qw3", "name": "python-multipart: GHSA-59g5-xgcq-4qw3", "shortDescription": {"text": "python-multipart: GHSA-59g5-xgcq-4qw3"}, "fullDescription": {"text": "Denial of service (DoS) via deformation `multipart/form-data` boundary"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7gcm-g887-7qv7", "name": "protobuf: GHSA-7gcm-g887-7qv7", "shortDescription": {"text": "protobuf: GHSA-7gcm-g887-7qv7"}, "fullDescription": {"text": "protobuf affected by a JSON recursion depth bypass"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6mq8-rvhq-8wgg", "name": "aiohttp: GHSA-6mq8-rvhq-8wgg", "shortDescription": {"text": "aiohttp: GHSA-6mq8-rvhq-8wgg"}, "fullDescription": {"text": "AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mcww-4hxq-hfr3", "name": "lightrag-hku: GHSA-mcww-4hxq-hfr3", "shortDescription": {"text": "lightrag-hku: GHSA-mcww-4hxq-hfr3"}, "fullDescription": {"text": "LightRAG: Hardcoded JWT Signing Secret Allows Authentication Bypass"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-python` pinned to mutable ref `@v5`", "shortDescription": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "fullDescription": {"text": "`uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_get_parser_rejects_unknown_parser", "shortDescription": {"text": "Phantom test coverage: test_get_parser_rejects_unknown_parser"}, "fullDescription": {"text": "Test function `test_get_parser_rejects_unknown_parser` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/mgedmin/check-manifest` pinned to mutable rev `0.49`", "shortDescription": {"text": "pre-commit hook `https://github.com/mgedmin/check-manifest` pinned to mutable rev `0.49`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/mgedmin/check-manifest` at `rev: 0.49`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.logger` used but never assigned in __init__", "shortDescription": {"text": "`self.logger` used but never assigned in __init__"}, "fullDescription": {"text": "Method `evaluate_rag_results` of class `LLMAnswerEvaluator` reads `self.logger`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `queue` used but not imported", "shortDescription": {"text": "Missing import: `queue` used but not imported"}, "fullDescription": {"text": "The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/136"}, "properties": {"repository": "HKUDS/RAG-Anything", "repoUrl": "https://github.com/HKUDS/RAG-Anything.git", "branch": "main"}, "results": [{"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v2` is 4 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 53007, "scanner": "repobility-dependency-currency", "fingerprint": "9bc8fc5726eca8fb4ff88c287d873d0e2539388c556a5478b03d6ad6e91d490d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|9bc8fc5726eca8fb4ff88c287d873d0e2539388c556a5478b03d6ad6e91d490d", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linting.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 53006, "scanner": "repobility-dependency-currency", "fingerprint": "3d58fb9952acb0d87affb095e634dad2e21b378a9bb7328240ce25bcc19636e5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|3d58fb9952acb0d87affb095e634dad2e21b378a9bb7328240ce25bcc19636e5", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 53005, "scanner": "repobility-dependency-currency", "fingerprint": "e6722757ca5c0b4289d5b191afbc24d89cff625a3cad2dd5300daed8e1c797ea", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|e6722757ca5c0b4289d5b191afbc24d89cff625a3cad2dd5300daed8e1c797ea", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "GHSA-mj87-hwqh-73pj", "level": "warning", "message": {"text": "python-multipart: GHSA-mj87-hwqh-73pj"}, "properties": {"repobilityId": 52570, "scanner": "osv-scanner", "fingerprint": "5c103e2c20e60596c3c5b0b5c7a052b881764fcb5e056f6fdc4babf1073ea3f7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40347"], "package": "python-multipart", "rule_id": "GHSA-mj87-hwqh-73pj", "scanner": "osv-scanner", "correlation_key": "vuln|python-multipart|CVE-2026-40347|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x284-j5p8-9c5p", "level": "warning", "message": {"text": "pypdf: GHSA-x284-j5p8-9c5p"}, "properties": {"repobilityId": 52563, "scanner": "osv-scanner", "fingerprint": "27f78c7cb1b5a129889159ad7e243bc9324d941cbf9554ca48242cfb746355b3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41314"], "package": "pypdf", "rule_id": "GHSA-x284-j5p8-9c5p", "scanner": "osv-scanner", "correlation_key": "vuln|pypdf|CVE-2026-41314|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jj6c-8h6c-hppx", "level": "warning", "message": {"text": "pypdf: GHSA-jj6c-8h6c-hppx"}, "properties": {"repobilityId": 52554, "scanner": "osv-scanner", "fingerprint": "1a2326ec87f340ea022c95b81e52212fc747cf2ce1f48d7523de02641eac77f3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41168"], "package": "pypdf", "rule_id": "GHSA-jj6c-8h6c-hppx", "scanner": "osv-scanner", "correlation_key": "vuln|pypdf|CVE-2026-41168|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7gw9-cf7v-778f", "level": "warning", "message": {"text": "pypdf: GHSA-7gw9-cf7v-778f"}, "properties": {"repobilityId": 52551, "scanner": "osv-scanner", "fingerprint": "802ddd9febb34aeb0b5d135164438e62a3fb285ca6b538d6961e9e7f48199c05", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41312"], "package": "pypdf", "rule_id": "GHSA-7gw9-cf7v-778f", "scanner": "osv-scanner", "correlation_key": "vuln|pypdf|CVE-2026-41312|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4pxv-j86v-mhcw", "level": "warning", "message": {"text": "pypdf: GHSA-4pxv-j86v-mhcw"}, "properties": {"repobilityId": 52549, "scanner": "osv-scanner", "fingerprint": "0dccccdc7963b2c14a912e714f1d2b5ec263b9cee1771ba6a02e72282845004e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41313"], "package": "pypdf", "rule_id": "GHSA-4pxv-j86v-mhcw", "scanner": "osv-scanner", "correlation_key": "vuln|pypdf|CVE-2026-41313|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3crg-w4f6-42mx", "level": "warning", "message": {"text": "pypdf: GHSA-3crg-w4f6-42mx"}, "properties": {"repobilityId": 52548, "scanner": "osv-scanner", "fingerprint": "0df5c20b6d74147ff3cdc10428823deb0743af452751b2b5fe79d338058def92", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40260"], "package": "pypdf", "rule_id": "GHSA-3crg-w4f6-42mx", "scanner": "osv-scanner", "correlation_key": "vuln|pypdf|CVE-2026-40260|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65pc-fj4g-8rjx", "level": "warning", "message": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "properties": {"repobilityId": 52522, "scanner": "osv-scanner", "fingerprint": "096ad1adcda9b23f165f1175fd8691f1cfd4f580557aea52903b73ec76fbc472", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45409"], "package": "idna", "rule_id": "GHSA-65pc-fj4g-8rjx", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w2fm-2cpv-w7v5", "level": "warning", "message": {"text": "aiohttp: GHSA-w2fm-2cpv-w7v5"}, "properties": {"repobilityId": 52521, "scanner": "osv-scanner", "fingerprint": "942f4e784268d8dcaae532fec1e6c26e03f9b2226dd94b0eb1079d617eb61421", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-22815"], "package": "aiohttp", "rule_id": "GHSA-w2fm-2cpv-w7v5", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-22815|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p998-jp59-783m", "level": "warning", "message": {"text": "aiohttp: GHSA-p998-jp59-783m"}, "properties": {"repobilityId": 52520, "scanner": "osv-scanner", "fingerprint": "1b64213bb4cb4a69fb30c631bc3d1e9701fb4339e7c72ebdc53b12fd643ca5f8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34515"], "package": "aiohttp", "rule_id": "GHSA-p998-jp59-783m", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34515|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m5qp-6w8w-w647", "level": "warning", "message": {"text": "aiohttp: GHSA-m5qp-6w8w-w647"}, "properties": {"repobilityId": 52517, "scanner": "osv-scanner", "fingerprint": "1d46f19702f090bf7866a2e5fa449476009cab6e614e12370a93ef0d9ce5f74a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34516"], "package": "aiohttp", "rule_id": "GHSA-m5qp-6w8w-w647", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34516|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jj3x-wxrx-4x23", "level": "warning", "message": {"text": "aiohttp: GHSA-jj3x-wxrx-4x23"}, "properties": {"repobilityId": 52516, "scanner": "osv-scanner", "fingerprint": "576b76db13ad7feec8f1cf5e602e2c27a0bf5076a963d2dc1e1be983e6c466ea", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69227"], "package": "aiohttp", "rule_id": "GHSA-jj3x-wxrx-4x23", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-69227|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g84x-mcqj-x9qq", "level": "warning", "message": {"text": "aiohttp: GHSA-g84x-mcqj-x9qq"}, "properties": {"repobilityId": 52514, "scanner": "osv-scanner", "fingerprint": "e69ad8d550ea0df984977fa185a15915d0483bf19d01492dfcd46e25baac2033", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69229"], "package": "aiohttp", "rule_id": "GHSA-g84x-mcqj-x9qq", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-69229|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c427-h43c-vf67", "level": "warning", "message": {"text": "aiohttp: GHSA-c427-h43c-vf67"}, "properties": {"repobilityId": 52512, "scanner": "osv-scanner", "fingerprint": "f91fa8d4fd30e8097ef30bb8d908a38372ec87756091b175dec721c8c7020a36", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34525"], "package": "aiohttp", "rule_id": "GHSA-c427-h43c-vf67", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34525|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8495-4g3g-x7pr", "level": "warning", "message": {"text": "aiohttp: GHSA-8495-4g3g-x7pr"}, "properties": {"repobilityId": 52509, "scanner": "osv-scanner", "fingerprint": "fa78e9d329d504fac713d11c585c72d0670c5bc15010b328086d1713e56210a0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-52304"], "package": "aiohttp", "rule_id": "GHSA-8495-4g3g-x7pr", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2024-52304|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6jhg-hg63-jvvf", "level": "warning", "message": {"text": "aiohttp: GHSA-6jhg-hg63-jvvf"}, "properties": {"repobilityId": 52507, "scanner": "osv-scanner", "fingerprint": "f1aa38b5ac47032c1598105ec06be73603107c9ba6e6b54b5c13697593d2ce00", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69228"], "package": "aiohttp", "rule_id": "GHSA-6jhg-hg63-jvvf", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-69228|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8ffj-4hx4-9pgf", "level": "warning", "message": {"text": "lightrag-hku: GHSA-8ffj-4hx4-9pgf"}, "properties": {"repobilityId": 52499, "scanner": "osv-scanner", "fingerprint": "0dc26b5e071c64db9477e9ec29991752051cd7649c9fd23f67ac23bceb887521", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39413"], "package": "lightrag-hku", "rule_id": "GHSA-8ffj-4hx4-9pgf", "scanner": "osv-scanner", "correlation_key": "vuln|lightrag-hku|CVE-2026-39413|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `stefanzweifel/git-auto-commit-action@v5` is 2 major version(s) behind (latest v7.1.0)"}, "properties": {"repobilityId": 52467, "scanner": "repobility-dependency-currency", "fingerprint": "dcc202611100b9808d447f44801409b609d10300fbabb441e9b6244d15576efb", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "stefanzweifel/git-auto-commit-action", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v7.1.0", "correlation_key": "fp|dcc202611100b9808d447f44801409b609d10300fbabb441e9b6244d15576efb", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linting.yaml"}, "region": {"startLine": 33}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v2` is 4 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 52466, "scanner": "repobility-dependency-currency", "fingerprint": "f8712787079f4ffcb063c686f70d1cbeabc91609c886933f631dd5855e8dc8eb", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|f8712787079f4ffcb063c686f70d1cbeabc91609c886933f631dd5855e8dc8eb", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linting.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v2` is 4 major version(s) behind (latest v6.0.2)"}, "properties": {"repobilityId": 52464, "scanner": "repobility-dependency-currency", "fingerprint": "8dc705702a152db691e05da6448f9dd62d172c7125eb2a7167ae327b06916fb9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.2", "correlation_key": "fp|8dc705702a152db691e05da6448f9dd62d172c7125eb2a7167ae327b06916fb9", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linting.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/download-artifact@v4` is 4 major version(s) behind (latest v8.0.1)"}, "properties": {"repobilityId": 52463, "scanner": "repobility-dependency-currency", "fingerprint": "f35f410168551a6a554f4e1d90d54216780458013f591fb89eabd11fc1a4c2f0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/download-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.0.1", "correlation_key": "fp|f35f410168551a6a554f4e1d90d54216780458013f591fb89eabd11fc1a4c2f0", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/upload-artifact@v4` is 3 major version(s) behind (latest v7.0.1)"}, "properties": {"repobilityId": 52461, "scanner": "repobility-dependency-currency", "fingerprint": "488a51b12a680bbaea267a619734dbf4efa04936a840c566d152cfa13e78d738", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/upload-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v7.0.1", "correlation_key": "fp|488a51b12a680bbaea267a619734dbf4efa04936a840c566d152cfa13e78d738", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v5` is 1 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 52459, "scanner": "repobility-dependency-currency", "fingerprint": "45a22348da6aebad305ed4c56881ac23cabdb1188bea7b72e46f9118b2ae4b7f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|45a22348da6aebad305ed4c56881ac23cabdb1188bea7b72e46f9118b2ae4b7f", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.2)"}, "properties": {"repobilityId": 52457, "scanner": "repobility-dependency-currency", "fingerprint": "7572b41bbdcf806836d006e60f71f55a2e47702736f45f9c4d9360651a7de896", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.2", "correlation_key": "fp|7572b41bbdcf806836d006e60f71f55a2e47702736f45f9c4d9360651a7de896", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v5` is 1 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 52455, "scanner": "repobility-dependency-currency", "fingerprint": "97f0ce83bcebdf86263826441d87b3b9e498726f3cf54e7aa7838a8c8c7748bc", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|97f0ce83bcebdf86263826441d87b3b9e498726f3cf54e7aa7838a8c8c7748bc", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.2)"}, "properties": {"repobilityId": 52451, "scanner": "repobility-dependency-currency", "fingerprint": "e4b8eaed663c08cb46398d9e736ce6f5b05d99cd75ccac9483e46a7499aea325", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.2", "correlation_key": "fp|e4b8eaed663c08cb46398d9e736ce6f5b05d99cd75ccac9483e46a7499aea325", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 38099, "scanner": "repobility-threat-engine", "fingerprint": "f2f71df54b9618c25c9c6e7a87736a1a425a14f9094f49d7c1de287b8f8d4863", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(f\"Query: {query", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f2f71df54b9618c25c9c6e7a87736a1a425a14f9094f49d7c1de287b8f8d4863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/query.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 38098, "scanner": "repobility-threat-engine", "fingerprint": "f9a713e97921cf2b6314c3984fd73ed0af9b498b8149b4e03c6218e13a343421", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(f\"\\n[Text Query]: {query", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f9a713e97921cf2b6314c3984fd73ed0af9b498b8149b4e03c6218e13a343421"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/raganything_example.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `attach_public_media_urls` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, for=1, if=10, nested_bonus=6."}, "properties": {"repobilityId": 38095, "scanner": "repobility-threat-engine", "fingerprint": "6961ac57d65621db218fe69590682b7b0e2d718d04179d08ea543e70ef5678f2", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 20 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "attach_public_media_urls", "breakdown": {"if": 10, "for": 1, "continue": 3, "nested_bonus": 6}, "complexity": 20, "correlation_key": "fp|6961ac57d65621db218fe69590682b7b0e2d718d04179d08ea543e70ef5678f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/asset_urls.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `tqdm` has no version pin"}, "properties": {"repobilityId": 38077, "scanner": "repobility-supply-chain", "fingerprint": "ff190ac88fc3eb1376cebb160e825405bea1a08efeb8b263abc27c78371ba247", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff190ac88fc3eb1376cebb160e825405bea1a08efeb8b263abc27c78371ba247"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `mineru[core]` has no version pin"}, "properties": {"repobilityId": 38076, "scanner": "repobility-supply-chain", "fingerprint": "1db466d837035416a666ea2c662ca57191cd7419da51956b277a366d19fcf7d3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1db466d837035416a666ea2c662ca57191cd7419da51956b277a366d19fcf7d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `lightrag-hku` has no version pin"}, "properties": {"repobilityId": 38075, "scanner": "repobility-supply-chain", "fingerprint": "21d28567b3997c0c589c5a7fb72f057e2dfb0c8afcd653dfe6bb66525111cd46", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|21d28567b3997c0c589c5a7fb72f057e2dfb0c8afcd653dfe6bb66525111cd46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `huggingface_hub` has no version pin"}, "properties": {"repobilityId": 38074, "scanner": "repobility-supply-chain", "fingerprint": "71b831f8a7e9955955a0f5357a732ed72eadf7ef24ee983204d79f154ea56b9d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71b831f8a7e9955955a0f5357a732ed72eadf7ef24ee983204d79f154ea56b9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `vision_model_func` (list)"}, "properties": {"repobilityId": 38055, "scanner": "repobility-ast-engine", "fingerprint": "bf12e23d0325356d7d086074df4047df8b40639536b8a775ae54dc613e337c8e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf12e23d0325356d7d086074df4047df8b40639536b8a775ae54dc613e337c8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/index.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `llm_model_func` (list)"}, "properties": {"repobilityId": 38054, "scanner": "repobility-ast-engine", "fingerprint": "163d1b599a4890031e77f901ab12af240f1bc210807a3c3b43aa42add174a027", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|163d1b599a4890031e77f901ab12af240f1bc210807a3c3b43aa42add174a027"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/index.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `vision_model_func` (list)"}, "properties": {"repobilityId": 38032, "scanner": "repobility-ast-engine", "fingerprint": "c01658f66525ced4615935274066ffe9a5530754cc18bfb7dca1e93a436ab83d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c01658f66525ced4615935274066ffe9a5530754cc18bfb7dca1e93a436ab83d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/query.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `llm_model_func` (list)"}, "properties": {"repobilityId": 38031, "scanner": "repobility-ast-engine", "fingerprint": "d9c0bc1daf96023a34707289dd2f9715dc64d091b944c53151c0e2565a7d2095", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9c0bc1daf96023a34707289dd2f9715dc64d091b944c53151c0e2565a7d2095"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/query.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `vision_model_func` (list)"}, "properties": {"repobilityId": 38030, "scanner": "repobility-ast-engine", "fingerprint": "c173e20511aaa46a6986c9007b16b3e3b2cf4e00883b6ce507dbc6b34e1b572b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c173e20511aaa46a6986c9007b16b3e3b2cf4e00883b6ce507dbc6b34e1b572b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/insert_content_list_example.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `llm_model_func` (list)"}, "properties": {"repobilityId": 38029, "scanner": "repobility-ast-engine", "fingerprint": "20e96c9e7371c4d4e33bfba004168513aa9c28b09f89ccdc38e0aa45c8dc5e24", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20e96c9e7371c4d4e33bfba004168513aa9c28b09f89ccdc38e0aa45c8dc5e24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/insert_content_list_example.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38025, "scanner": "repobility-ast-engine", "fingerprint": "ee939dc3d03377b0294b30f1eb9ee9570538c2498adb2940c255d98960f926a2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee939dc3d03377b0294b30f1eb9ee9570538c2498adb2940c255d98960f926a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ollama_integration_example.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38024, "scanner": "repobility-ast-engine", "fingerprint": "375e455504a61a1fed4c3696b7d5cccc4c1ecb08887ea49b6ffa47a8d8e86349", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|375e455504a61a1fed4c3696b7d5cccc4c1ecb08887ea49b6ffa47a8d8e86349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ollama_integration_example.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38019, "scanner": "repobility-ast-engine", "fingerprint": "0077d1b4ae3eded8790f5e33da66244b87c8c571c67189f066c9a4219ae4270d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0077d1b4ae3eded8790f5e33da66244b87c8c571c67189f066c9a4219ae4270d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38018, "scanner": "repobility-ast-engine", "fingerprint": "329a97af45207a6ba7483b623a67267cdd234ce6a0a7620e85cb5baa4c4f2c65", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|329a97af45207a6ba7483b623a67267cdd234ce6a0a7620e85cb5baa4c4f2c65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38017, "scanner": "repobility-ast-engine", "fingerprint": "8ac5fccca1bd75dceb3608bea3031d15966713988504e477589d9ac360f033fe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ac5fccca1bd75dceb3608bea3031d15966713988504e477589d9ac360f033fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38016, "scanner": "repobility-ast-engine", "fingerprint": "5da4ba7b0033ad338e574af79ff37db6ae96bdb5a2ad89397a8f990aa88afa15", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5da4ba7b0033ad338e574af79ff37db6ae96bdb5a2ad89397a8f990aa88afa15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38012, "scanner": "repobility-ast-engine", "fingerprint": "ef5805337b5b37f45fde5679b8fc4a061949df7b37573a55617c422fa7d3a28e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef5805337b5b37f45fde5679b8fc4a061949df7b37573a55617c422fa7d3a28e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/text_format_test.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38011, "scanner": "repobility-ast-engine", "fingerprint": "faf0b9e29577b20ed2f65867cc65d0e580094a638c2b29e240c8734403554007", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|faf0b9e29577b20ed2f65867cc65d0e580094a638c2b29e240c8734403554007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/text_format_test.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38009, "scanner": "repobility-ast-engine", "fingerprint": "cd0dd7b824e0508aa33a821bba813efe71c95b9263bcea1a6d839fdaea5d0f7f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd0dd7b824e0508aa33a821bba813efe71c95b9263bcea1a6d839fdaea5d0f7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/office_document_test.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38008, "scanner": "repobility-ast-engine", "fingerprint": "d1b0455b6d4780408cc0ed54fe62a726ef363520a6e579eb1d7638eecd143620", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1b0455b6d4780408cc0ed54fe62a726ef363520a6e579eb1d7638eecd143620"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/office_document_test.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `<lambda>` (list)"}, "properties": {"repobilityId": 38006, "scanner": "repobility-ast-engine", "fingerprint": "e63c3d28687af95a52d5650516827d41b8b234b90bcf109d4b48434abf4cc029", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e63c3d28687af95a52d5650516827d41b8b234b90bcf109d4b48434abf4cc029"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/modalprocessors_example.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `<lambda>` (list)"}, "properties": {"repobilityId": 38005, "scanner": "repobility-ast-engine", "fingerprint": "f9686e0ed1467308ecf47881fdfcab5c6c00813656de09f59f8a1e7d97265cab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9686e0ed1467308ecf47881fdfcab5c6c00813656de09f59f8a1e7d97265cab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/modalprocessors_example.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `<lambda>` (list)"}, "properties": {"repobilityId": 38004, "scanner": "repobility-ast-engine", "fingerprint": "c225c98a08b9bfcb9601f8f41e0a2b4ef8b7ddf8b2e47a01b6832de67fac9621", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c225c98a08b9bfcb9601f8f41e0a2b4ef8b7ddf8b2e47a01b6832de67fac9621"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/modalprocessors_example.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38003, "scanner": "repobility-ast-engine", "fingerprint": "28edfa497ddcca3f4e1244e8db6e067dcca25900aef84e11832cb23c385c977a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28edfa497ddcca3f4e1244e8db6e067dcca25900aef84e11832cb23c385c977a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38002, "scanner": "repobility-ast-engine", "fingerprint": "9038bebdbd1deba85ee4ca6c8559443275d802774855cd9a5fb1e5086abed566", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9038bebdbd1deba85ee4ca6c8559443275d802774855cd9a5fb1e5086abed566"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 288}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38001, "scanner": "repobility-ast-engine", "fingerprint": "40d7bfdec19060ec458bfd17c92824536262e76b7c650bf63de37acfdd561d8f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40d7bfdec19060ec458bfd17c92824536262e76b7c650bf63de37acfdd561d8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 38000, "scanner": "repobility-ast-engine", "fingerprint": "58480a4ac3150cc274f9b6107b89bf638aacf2747da1c070a0e3194e30f4f6fa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58480a4ac3150cc274f9b6107b89bf638aacf2747da1c070a0e3194e30f4f6fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37999, "scanner": "repobility-ast-engine", "fingerprint": "3710c92af725172733335f012eaa5c5af2db44db30c35a34d199c6e637248ad9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3710c92af725172733335f012eaa5c5af2db44db30c35a34d199c6e637248ad9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37998, "scanner": "repobility-ast-engine", "fingerprint": "c950401927d27e7d53d7e734ac2187b929b2cf73165a03dd37fc3307a87e6d56", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c950401927d27e7d53d7e734ac2187b929b2cf73165a03dd37fc3307a87e6d56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37994, "scanner": "repobility-ast-engine", "fingerprint": "b88d71b3dc04ab60de63a69596eef875ba117f248d631c9ce6acd6eea414a8ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b88d71b3dc04ab60de63a69596eef875ba117f248d631c9ce6acd6eea414a8ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/batch_processing_example.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37993, "scanner": "repobility-ast-engine", "fingerprint": "2088d8373790aa3f2b40275a1f8fe08dbd04a846b3879054fc37ffc58eae1431", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2088d8373790aa3f2b40275a1f8fe08dbd04a846b3879054fc37ffc58eae1431"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/batch_processing_example.py"}, "region": {"startLine": 482}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37992, "scanner": "repobility-ast-engine", "fingerprint": "2158d1f762f9a8a50be2e61ac5e25b24c2ae52b1c822558777a168af89d882b9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2158d1f762f9a8a50be2e61ac5e25b24c2ae52b1c822558777a168af89d882b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/batch_processing_example.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37991, "scanner": "repobility-ast-engine", "fingerprint": "b945c04e51fc5807b4434c96517a1b2d5186a1c57afe02c58baeb7a1e1c19108", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b945c04e51fc5807b4434c96517a1b2d5186a1c57afe02c58baeb7a1e1c19108"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/batch_processing_example.py"}, "region": {"startLine": 312}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37990, "scanner": "repobility-ast-engine", "fingerprint": "93042bba78b743a1f09c9636063ccb82f82b4ed10bec0bb220d52139293022d8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93042bba78b743a1f09c9636063ccb82f82b4ed10bec0bb220d52139293022d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/batch_processing_example.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37989, "scanner": "repobility-ast-engine", "fingerprint": "5e53a41ea425a3178304ed65d2aa9393b67219d84b5b18cdc0e93939317a3348", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e53a41ea425a3178304ed65d2aa9393b67219d84b5b18cdc0e93939317a3348"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/batch_processing_example.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37988, "scanner": "repobility-ast-engine", "fingerprint": "50fa620c3518dbbc1905986c6cea629e0aeb443abd9f6e4ccc7bb8a79d4a9910", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50fa620c3518dbbc1905986c6cea629e0aeb443abd9f6e4ccc7bb8a79d4a9910"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/image_format_test.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37987, "scanner": "repobility-ast-engine", "fingerprint": "b5cb311452fa96cad4c566fa76fa33b412a71b38173416abb2695a3f42cd6253", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5cb311452fa96cad4c566fa76fa33b412a71b38173416abb2695a3f42cd6253"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/image_format_test.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37986, "scanner": "repobility-ast-engine", "fingerprint": "169b7a7e24d4e4a0704eb48791bd09e039903a5682147653940a040b57695b77", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|169b7a7e24d4e4a0704eb48791bd09e039903a5682147653940a040b57695b77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/image_format_test.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `vision_model_func` (list)"}, "properties": {"repobilityId": 37984, "scanner": "repobility-ast-engine", "fingerprint": "b24ec4d74120aed4932a3f37c6251ddd1a67f6f877a1f6646f0d0f03b0a89ebe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b24ec4d74120aed4932a3f37c6251ddd1a67f6f877a1f6646f0d0f03b0a89ebe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/raganything_example.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `llm_model_func` (list)"}, "properties": {"repobilityId": 37983, "scanner": "repobility-ast-engine", "fingerprint": "fa32690645be17e49802ec429155b7117ca3b30dd0552311e2c1768b307f443b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa32690645be17e49802ec429155b7117ca3b30dd0552311e2c1768b307f443b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/raganything_example.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 4779, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 4778, "scanner": "repobility-threat-engine", "fingerprint": "e0b43f795c04fb08fb39a632151ebdba78ae33a38969ea27d1b66ea171de77b1", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e0b43f795c04fb08fb39a632151ebdba78ae33a38969ea27d1b66ea171de77b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/parser.py"}, "region": {"startLine": 466}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 4317, "scanner": "repobility-threat-engine", "fingerprint": "f07bbb50c4193274036edfb5a7508c96e05e7c0edea0ca07f647595440f025bc", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f07bbb50c4193274036edfb5a7508c96e05e7c0edea0ca07f647595440f025bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/parser.py"}, "region": {"startLine": 464}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 3340, "scanner": "repobility-threat-engine", "fingerprint": "39e9fa8e43a792f12022472f587247fe33436466c2ff39c68f412abeb6259475", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39e9fa8e43a792f12022472f587247fe33436466c2ff39c68f412abeb6259475"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/parser.py"}, "region": {"startLine": 463}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 3339, "scanner": "repobility-threat-engine", "fingerprint": "6b1748d46f9872ce5336e6bc1c07edbcd1c98a764e260e08fe8b181051367749", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "fixed", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: documentation/example path]", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6b1748d46f9872ce5336e6bc1c07edbcd1c98a764e260e08fe8b181051367749"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm_integration_example.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 3338, "scanner": "repobility-threat-engine", "fingerprint": "b3a722f4d979b14e44f31e59f6af01333c7c007646621275c3216acad4dea528", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|b3a722f4d979b14e44f31e59f6af01333c7c007646621275c3216acad4dea528"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3333, "scanner": "repobility-ai-code-hygiene", "fingerprint": "248912e49cd506efb58189c8a051b151ef39312a573282d2885685dbe6d40412", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/raganything_example.py", "duplicate_line": 58, "correlation_key": "fp|248912e49cd506efb58189c8a051b151ef39312a573282d2885685dbe6d40412"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/query.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3332, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a8519c76c933f4e2ed6d2cef2b4fe4fd82311cebcb81e227e7bb23a8e814d9d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/insert_content_list_example.py", "duplicate_line": 31, "correlation_key": "fp|1a8519c76c933f4e2ed6d2cef2b4fe4fd82311cebcb81e227e7bb23a8e814d9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/query.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3331, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db5a34a1b37a82106a2d3eed8eb4cf18a29e001cb8bd0b823c34450ff37cea2c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "reproduce/index.py", "duplicate_line": 1, "correlation_key": "fp|db5a34a1b37a82106a2d3eed8eb4cf18a29e001cb8bd0b823c34450ff37cea2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/query.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3330, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba05f34a2e17f219bc78891933470228fcd89e166d36dd30f95c4fa3b807ce6e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/insert_content_list_example.py", "duplicate_line": 31, "correlation_key": "fp|ba05f34a2e17f219bc78891933470228fcd89e166d36dd30f95c4fa3b807ce6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/index.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3329, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79c5f34dbfcdcd9876c07ba08f6d81d9af66bd5cc2d7cdb19a26f1928a970bc8", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/raganything_example.py", "duplicate_line": 16, "correlation_key": "fp|79c5f34dbfcdcd9876c07ba08f6d81d9af66bd5cc2d7cdb19a26f1928a970bc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/index.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3328, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41eaa83dd96cc1675f7137d22fd10eb1cad456f5a675d21175370e5ce892d799", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/enhanced_markdown_example.py", "duplicate_line": 113, "correlation_key": "fp|41eaa83dd96cc1675f7137d22fd10eb1cad456f5a675d21175370e5ce892d799"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/enhanced_markdown.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3327, "scanner": "repobility-ai-code-hygiene", "fingerprint": "537e5093b5d2294fa8a4e33958041e743f3c92be3c9dc245dd0820a4969bfb78", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/lmstudio_integration_example.py", "duplicate_line": 81, "correlation_key": "fp|537e5093b5d2294fa8a4e33958041e743f3c92be3c9dc245dd0820a4969bfb78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm_integration_example.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3326, "scanner": "repobility-ai-code-hygiene", "fingerprint": "766677d181c0e9d8140179cb71aedba68caa2890a18da2f8d73c18ba52180448", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/insert_content_list_example.py", "duplicate_line": 32, "correlation_key": "fp|766677d181c0e9d8140179cb71aedba68caa2890a18da2f8d73c18ba52180448"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/raganything_example.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3325, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7e7f75018de8d2e28e4727220dea14e15aa1dd5c710812e5c6903f9437424df0", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/insert_content_list_example.py", "duplicate_line": 201, "correlation_key": "fp|7e7f75018de8d2e28e4727220dea14e15aa1dd5c710812e5c6903f9437424df0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/modalprocessors_example.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3324, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e097b478d3671e3c67228a2140143031ad4bae01a0b069afa5fa3306a0a1bd8a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/lmstudio_integration_example.py", "duplicate_line": 235, "correlation_key": "fp|e097b478d3671e3c67228a2140143031ad4bae01a0b069afa5fa3306a0a1bd8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "GHSA-mwh4-6h8g-pg8w", "level": "note", "message": {"text": "aiohttp: GHSA-mwh4-6h8g-pg8w"}, "properties": {"repobilityId": 52519, "scanner": "osv-scanner", "fingerprint": "bb4b8f15a4da983b2c16449cc81b5e196c1f9bb1691539c4bdc105f83a7ce09c", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34519"], "package": "aiohttp", "rule_id": "GHSA-mwh4-6h8g-pg8w", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34519|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mqqc-3gqh-h2x8", "level": "note", "message": {"text": "aiohttp: GHSA-mqqc-3gqh-h2x8"}, "properties": {"repobilityId": 52518, "scanner": "osv-scanner", "fingerprint": "c368729e98331a44dbbf5188ac21fae6cbc6eb8d3e503a3030a8bd19f567111f", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69225"], "package": "aiohttp", "rule_id": "GHSA-mqqc-3gqh-h2x8", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-69225|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hcc4-c3v8-rx92", "level": "note", "message": {"text": "aiohttp: GHSA-hcc4-c3v8-rx92"}, "properties": {"repobilityId": 52515, "scanner": "osv-scanner", "fingerprint": "8273eca3865030ccd27e4829bee7350f29cc50ac410a575c88447e78d3267d22", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34513"], "package": "aiohttp", "rule_id": "GHSA-hcc4-c3v8-rx92", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34513|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fh55-r93g-j68g", "level": "note", "message": {"text": "aiohttp: GHSA-fh55-r93g-j68g"}, "properties": {"repobilityId": 52513, "scanner": "osv-scanner", "fingerprint": "4fa0f3b30fa4538538dec7648ca9c6da4e97cee85e3c15e30f220557198fd802", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69230"], "package": "aiohttp", "rule_id": "GHSA-fh55-r93g-j68g", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-69230|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-966j-vmvw-g2g9", "level": "note", "message": {"text": "aiohttp: GHSA-966j-vmvw-g2g9"}, "properties": {"repobilityId": 52511, "scanner": "osv-scanner", "fingerprint": "e43c080846f61f6dda0cb5f079a29d69de970e2f8900d2a8287dba9942e441f1", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34518"], "package": "aiohttp", "rule_id": "GHSA-966j-vmvw-g2g9", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34518|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9548-qrrj-x5pj", "level": "note", "message": {"text": "aiohttp: GHSA-9548-qrrj-x5pj"}, "properties": {"repobilityId": 52510, "scanner": "osv-scanner", "fingerprint": "faf2d726e7de8b749d9a63badf14c267dd59e55e647bbedd2e728efecab8ed7b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-53643"], "package": "aiohttp", "rule_id": "GHSA-9548-qrrj-x5pj", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-53643|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-69f9-5gxw-wvc2", "level": "note", "message": {"text": "aiohttp: GHSA-69f9-5gxw-wvc2"}, "properties": {"repobilityId": 52505, "scanner": "osv-scanner", "fingerprint": "6d6a0d613c6f4f7424ebca90b063098afe34b1ff71366ebfefe4782bab89906d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69224"], "package": "aiohttp", "rule_id": "GHSA-69f9-5gxw-wvc2", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-69224|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-63hf-3vf5-4wqf", "level": "note", "message": {"text": "aiohttp: GHSA-63hf-3vf5-4wqf"}, "properties": {"repobilityId": 52504, "scanner": "osv-scanner", "fingerprint": "3ab0b34981ecf41a5235be039e646cfe1206690a763295841152f0c682f83305", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34520"], "package": "aiohttp", "rule_id": "GHSA-63hf-3vf5-4wqf", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34520|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-54jq-c3m8-4m76", "level": "note", "message": {"text": "aiohttp: GHSA-54jq-c3m8-4m76"}, "properties": {"repobilityId": 52503, "scanner": "osv-scanner", "fingerprint": "928240101534d6e13803b91e0ca91e5100e22d0000c26afbdf9ddd9d0919ef64", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69226"], "package": "aiohttp", "rule_id": "GHSA-54jq-c3m8-4m76", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-69226|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3wq7-rqq7-wx6j", "level": "note", "message": {"text": "aiohttp: GHSA-3wq7-rqq7-wx6j"}, "properties": {"repobilityId": 52502, "scanner": "osv-scanner", "fingerprint": "6f99c6e4a836bb2ed9db7b557b0a9b7b491ee36ed73777083cdc987737a49482", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34517"], "package": "aiohttp", "rule_id": "GHSA-3wq7-rqq7-wx6j", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34517|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2vrm-gr82-f7m5", "level": "note", "message": {"text": "aiohttp: GHSA-2vrm-gr82-f7m5"}, "properties": {"repobilityId": 52501, "scanner": "osv-scanner", "fingerprint": "5b1a500153f014efb378c7b4aa7b1bfdda536982a8543b4a01b75601a9965aab", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34514"], "package": "aiohttp", "rule_id": "GHSA-2vrm-gr82-f7m5", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34514|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `set_prompt_language` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, for=1, if=3, nested_bonus=2."}, "properties": {"repobilityId": 38096, "scanner": "repobility-threat-engine", "fingerprint": "15d1a7cdb3e682468e90dc1dee8d333563b0653cfcd50401fe25cb54aac43208", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "set_prompt_language", "breakdown": {"if": 3, "for": 1, "else": 2, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|15d1a7cdb3e682468e90dc1dee8d333563b0653cfcd50401fe25cb54aac43208"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/prompt_manager.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `test_connection` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=2, for=1, if=4, nested_bonus=2, or=1, ternary=1."}, "properties": {"repobilityId": 38094, "scanner": "repobility-threat-engine", "fingerprint": "84f826b678fd4afeedc21467dc1ab28fbb0f13c6847f7b6033dd6f09de03d018", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "test_connection", "breakdown": {"if": 4, "or": 1, "for": 1, "except": 2, "ternary": 1, "nested_bonus": 2}, "complexity": 11, "correlation_key": "fp|84f826b678fd4afeedc21467dc1ab28fbb0f13c6847f7b6033dd6f09de03d018"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 38102, "scanner": "repobility-threat-engine", "fingerprint": "93c9700f51f0873e77f37c66e3edc7aca7230cf4597a82557df86f6566dea6fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|93c9700f51f0873e77f37c66e3edc7aca7230cf4597a82557df86f6566dea6fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/query.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 38101, "scanner": "repobility-threat-engine", "fingerprint": "858815558ab975537d7ed4f05aabb176523de97f509b789230d4fe79b831f2b2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|858815558ab975537d7ed4f05aabb176523de97f509b789230d4fe79b831f2b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/config.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 38100, "scanner": "repobility-threat-engine", "fingerprint": "e3e354502bf30786ee210f9e16331702c3b9d3a51b5eb9658a2a14b7185b328b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e3e354502bf30786ee210f9e16331702c3b9d3a51b5eb9658a2a14b7185b328b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/asset_urls.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 38097, "scanner": "repobility-threat-engine", "fingerprint": "374b2f9ca97c941ea8799534a3f6a7246c4a413e5ec69c34d7f4988e5034f739", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "test_connection", "breakdown": {"if": 4, "or": 1, "for": 1, "except": 2, "ternary": 1, "nested_bonus": 2}, "aggregated": true, "complexity": 11, "correlation_key": "fp|374b2f9ca97c941ea8799534a3f6a7246c4a413e5ec69c34d7f4988e5034f739", "aggregated_count": 2}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 38093, "scanner": "repobility-threat-engine", "fingerprint": "baf7cbea4a3aa55a0271f5e1d844085472d28c6862201126893a35d5e00b4943", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|baf7cbea4a3aa55a0271f5e1d844085472d28c6862201126893a35d5e00b4943"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/create_tiktoken_cache.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 38092, "scanner": "repobility-threat-engine", "fingerprint": "37650d897a2e8b79ed789cf70fc72bd1a12016a88a35402dff302b78f9776abf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37650d897a2e8b79ed789cf70fc72bd1a12016a88a35402dff302b78f9776abf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 38091, "scanner": "repobility-threat-engine", "fingerprint": "34f716acab79eef1e2244ca080d556f5386fdd8b7c8dd0134f9b6be672d5e6f4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|34f716acab79eef1e2244ca080d556f5386fdd8b7c8dd0134f9b6be672d5e6f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/__init__.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 38090, "scanner": "repobility-threat-engine", "fingerprint": "0a1abc05ba71be166fccfe0755235e20355bf272a2bb3e6f8ce95cbb277a5efd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a1abc05ba71be166fccfe0755235e20355bf272a2bb3e6f8ce95cbb277a5efd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 38087, "scanner": "repobility-threat-engine", "fingerprint": "019b39b089e0a5300e633ba49803bcfe4794f6c5a6a074ad04df1b5dc533e687", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|019b39b089e0a5300e633ba49803bcfe4794f6c5a6a074ad04df1b5dc533e687"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 38086, "scanner": "repobility-threat-engine", "fingerprint": "0ad10fc0ecb72fb9bf794eb56cd3a7d8bb5805284e27c4cf578d828cb1813fbe", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"\ud83d\udcc1 Using working_dir: {self.config.working_dir}\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|14|print f using working_dir: self.config.working_dir"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 3341, "scanner": "repobility-threat-engine", "fingerprint": "4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 3337, "scanner": "repobility-threat-engine", "fingerprint": "3c1512ec1e531167a3aa928d567398e9cb8cbf7ff40fccf993810ebf40229e88", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3c1512ec1e531167a3aa928d567398e9cb8cbf7ff40fccf993810ebf40229e88"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 3336, "scanner": "repobility-threat-engine", "fingerprint": "f188ce4a9b4b050db1c03ddbb74e2cfb572525d9d9d54f0da7b5a1db05147673", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"\ud83d\udcc1 Using working_dir: {self.config.working_dir}\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|9|print f using working_dir: self.config.working_dir"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 3335, "scanner": "repobility-threat-engine", "fingerprint": "b55b42814af4ea7ab04d62bb9f41731acd843444262d040630de9ed1a7635f32", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "logger.error(\"Set api key environment variable or use --api-key option\")", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|30|logger.error set api key environment variable or use --api-key option"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/raganything_example.py"}, "region": {"startLine": 310}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 3334, "scanner": "repobility-threat-engine", "fingerprint": "ab56eb88d4bd44fb25b499d2992f6433170bffc6ca631fec2e5700193ac385dd", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(\"Downloading and caching tiktoken models...\")", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|1|print downloading and caching tiktoken models..."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/create_tiktoken_cache.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "PYSEC-2020-151", "level": "error", "message": {"text": "uvicorn: PYSEC-2020-151"}, "properties": {"repobilityId": 52585, "scanner": "osv-scanner", "fingerprint": "e67d31d6de7dbb59cfdf401143dc4113476f4005f9b703b723b238d0dc9d965e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2020-7695", "GHSA-f97h-2pfx-f59f", "SNYK-PYTHON-UVICORN-570471"], "package": "uvicorn", "rule_id": "PYSEC-2020-151", "scanner": "osv-scanner", "correlation_key": "vuln|uvicorn|CVE-2020-7695|requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-f97h-2pfx-f59f", "PYSEC-2020-151"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["a103d71138c2ab1bb369f0e86f3a71ebe8792aa5ed9b35cc9b1feafbdf877418", "e67d31d6de7dbb59cfdf401143dc4113476f4005f9b703b723b238d0dc9d965e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2020-150", "level": "error", "message": {"text": "uvicorn: PYSEC-2020-150"}, "properties": {"repobilityId": 52583, "scanner": "osv-scanner", "fingerprint": "50309a964c0e7c4306a001fe4b0d883463b1d8cc9119ae48cb82b331a9280e56", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2020-7694", "GHSA-33c7-2mpw-hg34", "SNYK-PYTHON-UVICORN-575560"], "package": "uvicorn", "rule_id": "PYSEC-2020-150", "scanner": "osv-scanner", "correlation_key": "vuln|uvicorn|CVE-2020-7694|requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-33c7-2mpw-hg34", "PYSEC-2020-150"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["50309a964c0e7c4306a001fe4b0d883463b1d8cc9119ae48cb82b331a9280e56", "b2e6575dbb7932ab9aee1b97831ed9150133db15c8249737ef3db9304fcaf9e8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cx63-2mw6-8hw5", "level": "error", "message": {"text": "setuptools: GHSA-cx63-2mw6-8hw5"}, "properties": {"repobilityId": 52581, "scanner": "osv-scanner", "fingerprint": "de1bb4cb91a6bb1f44a944aa3eded2c948a880da9f67a377650f73b74244a85e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-setuptools-2024-6345", "CVE-2024-6345"], "package": "setuptools", "rule_id": "GHSA-cx63-2mw6-8hw5", "scanner": "osv-scanner", "correlation_key": "vuln|setuptools|CVE-2024-6345|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-49", "level": "error", "message": {"text": "setuptools: PYSEC-2025-49"}, "properties": {"repobilityId": 52579, "scanner": "osv-scanner", "fingerprint": "bac75dba776fc93334fffde1801fcc028be9f0619f67579af924089048400dfc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-setuptools-2025-47273", "CVE-2025-47273", "GHSA-5rjg-fvgr-3xxf"], "package": "setuptools", "rule_id": "PYSEC-2025-49", "scanner": "osv-scanner", "correlation_key": "vuln|setuptools|CVE-2025-47273|requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-5rjg-fvgr-3xxf", "PYSEC-2025-49"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4949b0df805d5751d83d96f8a72f63270132fc525ec4f9d828889d1df05a5b63", "bac75dba776fc93334fffde1801fcc028be9f0619f67579af924089048400dfc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2022-43012", "level": "error", "message": {"text": "setuptools: PYSEC-2022-43012"}, "properties": {"repobilityId": 52577, "scanner": "osv-scanner", "fingerprint": "9f6e56ca7905b506f11f10636af4a36eb0ed77cf87d3ab319ce9f50ed8493d2e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-setuptools-2022-40897", "CVE-2022-40897", "GHSA-r9hx-vwmv-q579"], "package": "setuptools", "rule_id": "PYSEC-2022-43012", "scanner": "osv-scanner", "correlation_key": "vuln|setuptools|CVE-2022-40897|requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-r9hx-vwmv-q579", "PYSEC-2022-43012"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["9f6e56ca7905b506f11f10636af4a36eb0ed77cf87d3ab319ce9f50ed8493d2e", "aae69ccb7059a61a9a80135efc33e1f4ff5e7caa79907b74e89f4174faa9bbae"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wp53-j4wj-2cfg", "level": "error", "message": {"text": "python-multipart: GHSA-wp53-j4wj-2cfg"}, "properties": {"repobilityId": 52575, "scanner": "osv-scanner", "fingerprint": "ab310ff486e243f3e06da04a9076d74f834e61099309a870a317795841f7326e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24486"], "package": "python-multipart", "rule_id": "GHSA-wp53-j4wj-2cfg", "scanner": "osv-scanner", "correlation_key": "vuln|python-multipart|CVE-2026-24486|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pp6c-gr5w-3c5g", "level": "error", "message": {"text": "python-multipart: GHSA-pp6c-gr5w-3c5g"}, "properties": {"repobilityId": 52573, "scanner": "osv-scanner", "fingerprint": "437a4bfa6acf1558920a94d469aa3d359eb12196a7a32d16eb8a997cc5f7439a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42561"], "package": "python-multipart", "rule_id": "GHSA-pp6c-gr5w-3c5g", "scanner": "osv-scanner", "correlation_key": "vuln|python-multipart|CVE-2026-42561|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-59g5-xgcq-4qw3", "level": "error", "message": {"text": "python-multipart: GHSA-59g5-xgcq-4qw3"}, "properties": {"repobilityId": 52564, "scanner": "osv-scanner", "fingerprint": "5e536513c584035abcd0ee9176673eaeeb06d1e6203316b3eeb2961234cbcda7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-53981"], "package": "python-multipart", "rule_id": "GHSA-59g5-xgcq-4qw3", "scanner": "osv-scanner", "correlation_key": "vuln|python-multipart|CVE-2024-53981|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7gcm-g887-7qv7", "level": "error", "message": {"text": "protobuf: GHSA-7gcm-g887-7qv7"}, "properties": {"repobilityId": 52547, "scanner": "osv-scanner", "fingerprint": "bb260c328c4a29e13fd6cd279f181e57d0039d7ea538f2891cf63f4975fc779f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-0994"], "package": "protobuf", "rule_id": "GHSA-7gcm-g887-7qv7", "scanner": "osv-scanner", "correlation_key": "vuln|protobuf|CVE-2026-0994|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6mq8-rvhq-8wgg", "level": "error", "message": {"text": "aiohttp: GHSA-6mq8-rvhq-8wgg"}, "properties": {"repobilityId": 52508, "scanner": "osv-scanner", "fingerprint": "9c1e6eb15638bcaed3e552ec1ff3a787dd9d06f8c56f71827bc2a121245c6e43", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69223"], "package": "aiohttp", "rule_id": "GHSA-6mq8-rvhq-8wgg", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2025-69223|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mcww-4hxq-hfr3", "level": "error", "message": {"text": "lightrag-hku: GHSA-mcww-4hxq-hfr3"}, "properties": {"repobilityId": 52500, "scanner": "osv-scanner", "fingerprint": "815b424dc98b19c8772dab6da3436982d26c10287070cdbc730a2c1caa280732", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-30762"], "package": "lightrag-hku", "rule_id": "GHSA-mcww-4hxq-hfr3", "scanner": "osv-scanner", "correlation_key": "vuln|lightrag-hku|CVE-2026-30762|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 52436, "scanner": "repobility-supply-chain", "fingerprint": "7bbb0c21f2a8df9009901551e1422b78a3b22286eea0887f0a42da054284ca7d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7bbb0c21f2a8df9009901551e1422b78a3b22286eea0887f0a42da054284ca7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 52433, "scanner": "repobility-supply-chain", "fingerprint": "f3809b3a0ecd7dabddca1d2dc4c798db3353d073f0dc9269ca39f28e67dd5fce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f3809b3a0ecd7dabddca1d2dc4c798db3353d073f0dc9269ca39f28e67dd5fce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_parser_rejects_unknown_parser"}, "properties": {"repobilityId": 52414, "scanner": "repobility-ast-engine", "fingerprint": "94f5952069ae04b6280a30ba8e59795ccf6b5719ad4e680c8e1ffbe76b1e65f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94f5952069ae04b6280a30ba8e59795ccf6b5719ad4e680c8e1ffbe76b1e65f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/testpaddleocr_parser.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_parser_type"}, "properties": {"repobilityId": 52413, "scanner": "repobility-ast-engine", "fingerprint": "6ba16c2ca6633b5b02d8291c3387a882bd8a9211a9fb626de5f8234663ad4c72", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ba16c2ca6633b5b02d8291c3387a882bd8a9211a9fb626de5f8234663ad4c72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_modules.py"}, "region": {"startLine": 368}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 38089, "scanner": "repobility-threat-engine", "fingerprint": "9afbb7e030d2a0e1a4b8fec83be6a459ac483d68552f848549c6a1d825adc1a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9afbb7e030d2a0e1a4b8fec83be6a459ac483d68552f848549c6a1d825adc1a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/__init__.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 38088, "scanner": "repobility-threat-engine", "fingerprint": "e72ad7d82ff97d3a6da280228b7a3ef539ab6a8542f308872cccb94e80df3c77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e72ad7d82ff97d3a6da280228b7a3ef539ab6a8542f308872cccb94e80df3c77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `stefanzweifel/git-auto-commit-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 38085, "scanner": "repobility-supply-chain", "fingerprint": "efc2d0085b91116c4e76425c013a611579a954307365884ee841205f424e10e4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|efc2d0085b91116c4e76425c013a611579a954307365884ee841205f424e10e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linting.yaml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 38084, "scanner": "repobility-supply-chain", "fingerprint": "807ecdd8d42bb42bb5e819e6a9d4cce4e9448ef91502ab7f281a7f8ea265ef8f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|807ecdd8d42bb42bb5e819e6a9d4cce4e9448ef91502ab7f281a7f8ea265ef8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linting.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 38083, "scanner": "repobility-supply-chain", "fingerprint": "34a7e6022ff131b47bce31be36c0e9413cda3484ee2ee155d830b0bc5e74ed5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|34a7e6022ff131b47bce31be36c0e9413cda3484ee2ee155d830b0bc5e74ed5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linting.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "properties": {"repobilityId": 38082, "scanner": "repobility-supply-chain", "fingerprint": "4116a255d82768cd0c03a848262e25a3adbb59c763c0d1d1521d97d3840ba898", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4116a255d82768cd0c03a848262e25a3adbb59c763c0d1d1521d97d3840ba898"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 38081, "scanner": "repobility-supply-chain", "fingerprint": "6f51f674d614073da3997e3b6e73e88a8b9d2b0b41d24e502b24cab2b8175a03", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6f51f674d614073da3997e3b6e73e88a8b9d2b0b41d24e502b24cab2b8175a03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 38080, "scanner": "repobility-supply-chain", "fingerprint": "da3a68ab7b2bc720e7d87992d2f3c42971a6db8e74970ea713f8dac13db44866", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|da3a68ab7b2bc720e7d87992d2f3c42971a6db8e74970ea713f8dac13db44866"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 38079, "scanner": "repobility-supply-chain", "fingerprint": "55b7f8ae8c1e84813c469757cb7a5b54661b10dc7d16579896d7ac518f014322", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|55b7f8ae8c1e84813c469757cb7a5b54661b10dc7d16579896d7ac518f014322"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 38078, "scanner": "repobility-supply-chain", "fingerprint": "09b10bf150af111fc3bae8ad5ae4776114de066653282905e42c062f66fda0d0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|09b10bf150af111fc3bae8ad5ae4776114de066653282905e42c062f66fda0d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pypi-publish.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/mgedmin/check-manifest` pinned to mutable rev `0.49`"}, "properties": {"repobilityId": 38073, "scanner": "repobility-supply-chain", "fingerprint": "4a73bde6c364fd033fbba40f7af7b210fc7edec68106ad5eac4d06a5d65a0ffe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4a73bde6c364fd033fbba40f7af7b210fc7edec68106ad5eac4d06a5d65a0ffe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.6.4`"}, "properties": {"repobilityId": 38072, "scanner": "repobility-supply-chain", "fingerprint": "ad0f6c40f1c5226841f5fbe1a72d99b57041e555d65372b97182dd61b0644b64", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad0f6c40f1c5226841f5fbe1a72d99b57041e555d65372b97182dd61b0644b64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v5.0.0`"}, "properties": {"repobilityId": 38071, "scanner": "repobility-supply-chain", "fingerprint": "adbb0d39dd1754dd5b889e526a0e3b46dfcf9e912264a38d29b66582878fafe8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|adbb0d39dd1754dd5b889e526a0e3b46dfcf9e912264a38d29b66582878fafe8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_parse_pdf_raises_import_error_when_pdf_renderer_missing"}, "properties": {"repobilityId": 38068, "scanner": "repobility-ast-engine", "fingerprint": "e228ba752b049385fb0c2d8dd57e0d4631443d7c705e059ecd5b74f322a8d45e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e228ba752b049385fb0c2d8dd57e0d4631443d7c705e059ecd5b74f322a8d45e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/testpaddleocr_parser.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_parser_rejects_unknown_parser"}, "properties": {"repobilityId": 38067, "scanner": "repobility-ast-engine", "fingerprint": "1903316757beb441fe75c11ccf8d85d3bcab98b20fb4cba1b04eb976b5f74d86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1903316757beb441fe75c11ccf8d85d3bcab98b20fb4cba1b04eb976b5f74d86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/testpaddleocr_parser.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unknown_language_raises"}, "properties": {"repobilityId": 38066, "scanner": "repobility-ast-engine", "fingerprint": "0e4752a4437852d99d9e23bab4bd18855ce62d2a1e91bb8e3ea323e2ea13b311", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e4752a4437852d99d9e23bab4bd18855ce62d2a1e91bb8e3ea323e2ea13b311"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_prompt_language.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_finalize_raises"}, "properties": {"repobilityId": 38065, "scanner": "repobility-ast-engine", "fingerprint": "ab15a3f3581796f13cd628f4aabdcaefcef0e6a171188b0e04a5c6418a3d2807", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab15a3f3581796f13cd628f4aabdcaefcef0e6a171188b0e04a5c6418a3d2807"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_close_event_loop.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_all_valid_cid_cjk_font_names"}, "properties": {"repobilityId": 38064, "scanner": "repobility-ast-engine", "fingerprint": "a8fd892a28ad15854fcc6f921f4e80127c344a6b134bd80eda6d0285b019b7ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8fd892a28ad15854fcc6f921f4e80127c344a6b134bd80eda6d0285b019b7ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_chinese_cid_font.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_cid_font_names_raise"}, "properties": {"repobilityId": 38063, "scanner": "repobility-ast-engine", "fingerprint": "715a39c3b0f7544a586a1daed3a966832a559caa91d0bf441fee8a4545cdc3b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|715a39c3b0f7544a586a1daed3a966832a559caa91d0bf441fee8a4545cdc3b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_chinese_cid_font.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_stsong_light_is_valid_cid_font"}, "properties": {"repobilityId": 38062, "scanner": "repobility-ast-engine", "fingerprint": "ddb5a6936f75a4b0003d2d158a731c3d9aa07277e1a5accc122dc17e992c3fbb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddb5a6936f75a4b0003d2d158a731c3d9aa07277e1a5accc122dc17e992c3fbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_chinese_cid_font.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_parser_type"}, "properties": {"repobilityId": 38061, "scanner": "repobility-ast-engine", "fingerprint": "826a2f90582c153ed3fedbc6fe875344c64090063c479620b60649da2402e084", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|826a2f90582c153ed3fedbc6fe875344c64090063c479620b60649da2402e084"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_modules.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_deprecated_mineru_parse_method"}, "properties": {"repobilityId": 38060, "scanner": "repobility-ast-engine", "fingerprint": "86e50ce4433ca40f0a329b744038463004c7852a8ceb5664963d4a8a127a5855", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|86e50ce4433ca40f0a329b744038463004c7852a8ceb5664963d4a8a127a5855"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_modules.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_env_contents"}, "properties": {"repobilityId": 38059, "scanner": "repobility-ast-engine", "fingerprint": "421bfe7742f05305334dbe5418243e7f73fa2fb70a130ae418956772483a1bcb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|421bfe7742f05305334dbe5418243e7f73fa2fb70a130ae418956772483a1bcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/testparser_kwargs.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_env_type"}, "properties": {"repobilityId": 38058, "scanner": "repobility-ast-engine", "fingerprint": "2ae4c903db8ba15b99640fd6cf6554c97a6230770a88bd03356e971acba032a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ae4c903db8ba15b99640fd6cf6554c97a6230770a88bd03356e971acba032a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/testparser_kwargs.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_docling_unknown_kwargs"}, "properties": {"repobilityId": 38057, "scanner": "repobility-ast-engine", "fingerprint": "6c580d1abbb0ec0e3eba515a95f015b9090e73fd900892e6040dee9d57d0ec5b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c580d1abbb0ec0e3eba515a95f015b9090e73fd900892e6040dee9d57d0ec5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/testparser_kwargs.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_docling_env_accepted_but_ignored"}, "properties": {"repobilityId": 38056, "scanner": "repobility-ast-engine", "fingerprint": "211a6af92e651c6b59c3cc4877c09d1051c8bd3d9a6ce494884d831b53b6f87b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|211a6af92e651c6b59c3cc4877c09d1051c8bd3d9a6ce494884d831b53b6f87b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/testparser_kwargs.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38053, "scanner": "repobility-ast-engine", "fingerprint": "985bbf08c9e58dcff2c3fc882ae764d095c860efef2b0b4f95055234f6d4b3e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|985bbf08c9e58dcff2c3fc882ae764d095c860efef2b0b4f95055234f6d4b3e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 478}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38052, "scanner": "repobility-ast-engine", "fingerprint": "8890dadaeb1d987d0d7bacdf8a13b7bd6cd8e69daeea36cf821c559b5b970123", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8890dadaeb1d987d0d7bacdf8a13b7bd6cd8e69daeea36cf821c559b5b970123"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 481}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38051, "scanner": "repobility-ast-engine", "fingerprint": "817b690a089001a3fedd83b884beffe31cbd171e87065ef5c0109c8b017ab808", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|817b690a089001a3fedd83b884beffe31cbd171e87065ef5c0109c8b017ab808"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 470}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38050, "scanner": "repobility-ast-engine", "fingerprint": "10db4f989d71c222287684e6e5efdccb4e536c092d19e390ca5dc4c230b523cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10db4f989d71c222287684e6e5efdccb4e536c092d19e390ca5dc4c230b523cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 389}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_fallback_evaluation` used but never assigned in __init__"}, "properties": {"repobilityId": 38049, "scanner": "repobility-ast-engine", "fingerprint": "a9a7703d251fa1eb9031a80025f967d80581612dc67201890094339cfe4d33e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a9a7703d251fa1eb9031a80025f967d80581612dc67201890094339cfe4d33e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 392}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38048, "scanner": "repobility-ast-engine", "fingerprint": "3bba9dfab9c644d71273a24fd480d60464d14ad75a0449da3e7d35a6155fa80b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3bba9dfab9c644d71273a24fd480d60464d14ad75a0449da3e7d35a6155fa80b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 370}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_fallback_evaluation` used but never assigned in __init__"}, "properties": {"repobilityId": 38047, "scanner": "repobility-ast-engine", "fingerprint": "acecaf3b83517912352e10dc1f952a3a8d07c417a5271d25fbc90f4b54c82c8e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|acecaf3b83517912352e10dc1f952a3a8d07c417a5271d25fbc90f4b54c82c8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 373}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fix_json_format` used but never assigned in __init__"}, "properties": {"repobilityId": 38046, "scanner": "repobility-ast-engine", "fingerprint": "fc9b6f1806f4e44aad77a3b5c19e8f8c1e32e514b44dcc5d8e5bd1b7d9b3603b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc9b6f1806f4e44aad77a3b5c19e8f8c1e32e514b44dcc5d8e5bd1b7d9b3603b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 384}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38045, "scanner": "repobility-ast-engine", "fingerprint": "abe811ae1ebf6101e24a01abe2307995b6f72bfe9a0fa546f9eb1a8ed311762f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|abe811ae1ebf6101e24a01abe2307995b6f72bfe9a0fa546f9eb1a8ed311762f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 361}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fix_json_format` used but never assigned in __init__"}, "properties": {"repobilityId": 38044, "scanner": "repobility-ast-engine", "fingerprint": "7b027b235b52d1479679e478e672f70fbee0d865993b21a877bf69fc07e4be67", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b027b235b52d1479679e478e672f70fbee0d865993b21a877bf69fc07e4be67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38043, "scanner": "repobility-ast-engine", "fingerprint": "3f3dd5235d2be3b152bd9d0b2209869ab541ffeee6f789b4152bae1f1a774630", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f3dd5235d2be3b152bd9d0b2209869ab541ffeee6f789b4152bae1f1a774630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38042, "scanner": "repobility-ast-engine", "fingerprint": "d00040d868b02a25e9c5047c1887dc7771040537bf8f6c2d7a1db06a7b09a03b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d00040d868b02a25e9c5047c1887dc7771040537bf8f6c2d7a1db06a7b09a03b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 445}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38041, "scanner": "repobility-ast-engine", "fingerprint": "a2afe923c97856e264e4806df6075a7cf33d42397895f1b10f01a8a911629f00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2afe923c97856e264e4806df6075a7cf33d42397895f1b10f01a8a911629f00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 425}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38040, "scanner": "repobility-ast-engine", "fingerprint": "00c7a1910002b8169dee34203575bbf237a6eb297ff4de9a4fa3acbe41867845", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00c7a1910002b8169dee34203575bbf237a6eb297ff4de9a4fa3acbe41867845"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 417}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38039, "scanner": "repobility-ast-engine", "fingerprint": "f47e65ca99978e84be667d4abe76016287e736a0a063299b52b4301af1c07654", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f47e65ca99978e84be667d4abe76016287e736a0a063299b52b4301af1c07654"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 318}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38038, "scanner": "repobility-ast-engine", "fingerprint": "c6971de477ab2391470e0aa2ec22bdb2e7fbb0a2fee1c63973ddeade52222fa0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6971de477ab2391470e0aa2ec22bdb2e7fbb0a2fee1c63973ddeade52222fa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 317}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_comprehensive_evaluation_prompt` used but never assigned in __init__"}, "properties": {"repobilityId": 38037, "scanner": "repobility-ast-engine", "fingerprint": "7fa9beff557d74641f7be2878698267a9707e8721e710c90f4b69d7dcc342286", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fa9beff557d74641f7be2878698267a9707e8721e710c90f4b69d7dcc342286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_accuracy_evaluation_prompt` used but never assigned in __init__"}, "properties": {"repobilityId": 38036, "scanner": "repobility-ast-engine", "fingerprint": "cd73fb53f06de29a0e06eace2d530fb353bf230c0166f9206751dbe67d5dbccc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd73fb53f06de29a0e06eace2d530fb353bf230c0166f9206751dbe67d5dbccc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38035, "scanner": "repobility-ast-engine", "fingerprint": "bd4c2ff7c5789831bf49a72ee66967fbb9021c4e1d5b0e8cd386fd366ac36218", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd4c2ff7c5789831bf49a72ee66967fbb9021c4e1d5b0e8cd386fd366ac36218"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38034, "scanner": "repobility-ast-engine", "fingerprint": "38cd74b67e489a3db7e13c067a1da6629049405a488fdc2547426a6639869259", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|38cd74b67e489a3db7e13c067a1da6629049405a488fdc2547426a6639869259"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.logger` used but never assigned in __init__"}, "properties": {"repobilityId": 38033, "scanner": "repobility-ast-engine", "fingerprint": "650f23d5c5e22117707493dbca753b65ee3f181176a1d4d7397b05be0a09bc13", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|650f23d5c5e22117707493dbca753b65ee3f181176a1d4d7397b05be0a09bc13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "reproduce/llm_answer_evaluator.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.embedding_func_factory` used but never assigned in __init__"}, "properties": {"repobilityId": 38028, "scanner": "repobility-ast-engine", "fingerprint": "7bb3dbb429fbf507bd29bc1e2e92f9b87d6578f2955066ddaa6ecd501d9665d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bb3dbb429fbf507bd29bc1e2e92f9b87d6578f2955066ddaa6ecd501d9665d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm_integration_example.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_chat_completion"}, "properties": {"repobilityId": 38027, "scanner": "repobility-ast-engine", "fingerprint": "6e14cee578e75add5b73f0c60de417253ceccef948f2056ae10c64ee33e2500e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e14cee578e75add5b73f0c60de417253ceccef948f2056ae10c64ee33e2500e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm_integration_example.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_connection"}, "properties": {"repobilityId": 38026, "scanner": "repobility-ast-engine", "fingerprint": "a8efefd0513ceda971a3afcb04076e140db9964d50c12596c07a086e77fc976e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8efefd0513ceda971a3afcb04076e140db9964d50c12596c07a086e77fc976e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm_integration_example.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_embedding_func` used but never assigned in __init__"}, "properties": {"repobilityId": 38023, "scanner": "repobility-ast-engine", "fingerprint": "451cce3aa683b3d96d2b0a35f271e290779d5bdc16b28f947d260228aae541b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|451cce3aa683b3d96d2b0a35f271e290779d5bdc16b28f947d260228aae541b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ollama_integration_example.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_chat"}, "properties": {"repobilityId": 38022, "scanner": "repobility-ast-engine", "fingerprint": "312e76f3b8140f2c1fb8b117797c49cce68f5c8a0b29504675164e897c6d8fe7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|312e76f3b8140f2c1fb8b117797c49cce68f5c8a0b29504675164e897c6d8fe7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ollama_integration_example.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_embedding"}, "properties": {"repobilityId": 38021, "scanner": "repobility-ast-engine", "fingerprint": "213b668896518b2e8575ace37653cba876b24e3545c7ee61fc0d3e63782c77f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|213b668896518b2e8575ace37653cba876b24e3545c7ee61fc0d3e63782c77f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ollama_integration_example.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_connection"}, "properties": {"repobilityId": 38020, "scanner": "repobility-ast-engine", "fingerprint": "1eef7a950d342b15ae58616f0eac26a8cbb8ed79ddc5b24bbfe1768999e71762", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1eef7a950d342b15ae58616f0eac26a8cbb8ed79ddc5b24bbfe1768999e71762"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ollama_integration_example.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_embedding_func` used but never assigned in __init__"}, "properties": {"repobilityId": 38015, "scanner": "repobility-ast-engine", "fingerprint": "6167e75056831e1754b1487c9fe24559eb42fee9371e5e4687014eb6d0ce9a71", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6167e75056831e1754b1487c9fe24559eb42fee9371e5e4687014eb6d0ce9a71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_chat_completion"}, "properties": {"repobilityId": 38014, "scanner": "repobility-ast-engine", "fingerprint": "c628138acaeaad6c629350a1a0dbba5f9261179b5d782da7aae811184db70f3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c628138acaeaad6c629350a1a0dbba5f9261179b5d782da7aae811184db70f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_connection"}, "properties": {"repobilityId": 38013, "scanner": "repobility-ast-engine", "fingerprint": "cb871937ee535c24dc6356798d87ac18c5b1c9a2af47d162774a81d6adc89a2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb871937ee535c24dc6356798d87ac18c5b1c9a2af47d162774a81d6adc89a2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/minimax_integration_example.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_text_format_parsing"}, "properties": {"repobilityId": 38010, "scanner": "repobility-ast-engine", "fingerprint": "5d1937937704f84116895f62a0b8e266d944259f60f185b6d24910aafc9ecf60", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d1937937704f84116895f62a0b8e266d944259f60f185b6d24910aafc9ecf60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/text_format_test.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_office_document_parsing"}, "properties": {"repobilityId": 38007, "scanner": "repobility-ast-engine", "fingerprint": "440c468bf8455b8c298261946a13e9deda9ce8faf0f2c88d3dff67efdd13c393", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|440c468bf8455b8c298261946a13e9deda9ce8faf0f2c88d3dff67efdd13c393"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/office_document_test.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.embedding_func_factory` used but never assigned in __init__"}, "properties": {"repobilityId": 37997, "scanner": "repobility-ast-engine", "fingerprint": "08c7e529874c4113f421c3d1d305abb00677ae1326f6fea84278b6b05713e9e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08c7e529874c4113f421c3d1d305abb00677ae1326f6fea84278b6b05713e9e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_chat_completion"}, "properties": {"repobilityId": 37996, "scanner": "repobility-ast-engine", "fingerprint": "c76172144ca29e11451edc253715a18f29e5a17332a94f42676081bc1c1f51f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c76172144ca29e11451edc253715a18f29e5a17332a94f42676081bc1c1f51f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_connection"}, "properties": {"repobilityId": 37995, "scanner": "repobility-ast-engine", "fingerprint": "78e07f13fff870289c2ccba7211f26799da5a1512aa7803f57912b57f5ff088d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78e07f13fff870289c2ccba7211f26799da5a1512aa7803f57912b57f5ff088d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lmstudio_integration_example.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_image_format_parsing"}, "properties": {"repobilityId": 37985, "scanner": "repobility-ast-engine", "fingerprint": "6c5f934e1a0fd8014a5b1f2aae15a0573a6ba9f1d6c2c5d52051b78b26da49d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c5f934e1a0fd8014a5b1f2aae15a0573a6ba9f1d6c2c5d52051b78b26da49d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/image_format_test.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 3342, "scanner": "repobility-threat-engine", "fingerprint": "bb5c3602da764a16fe71513a2c8c130f34a2f3c8514b22856ddc8a20382f2d73", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|424|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/enhanced_markdown.py"}, "region": {"startLine": 424}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 38070, "scanner": "repobility-ast-engine", "fingerprint": "7654ee63a2cbe386f122d3f074f280dde4dfaff0139e1c6dff811ddedd88bbb6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7654ee63a2cbe386f122d3f074f280dde4dfaff0139e1c6dff811ddedd88bbb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/parser.py"}, "region": {"startLine": 838}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 38069, "scanner": "repobility-ast-engine", "fingerprint": "d838a6eb524e0ddc6392834420f6f61b3f55a579b71211b6d9d046b3749b9956", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d838a6eb524e0ddc6392834420f6f61b3f55a579b71211b6d9d046b3749b9956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "raganything/enhanced_markdown.py"}, "region": {"startLine": 299}}}]}]}]}