{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "MINED123", "name": "[MINED123] Trojan Source bidi character (PDF) in source: Line 20693 contains a Unicode bidirectional override character ", "shortDescription": {"text": "[MINED123] Trojan Source bidi character (PDF) in source: Line 20693 contains a Unicode bidirectional override character (U+202C PDF). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see di"}, "fullDescription": {"text": "Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1049"}, "properties": {"repository": "Paradise-91/ParaTV", "repoUrl": "https://github.com/Paradise-91/ParaTV", "branch": "main"}, "results": [{"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 103049, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "CORE_NO_CI", "level": "none", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 103050, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy.", "rule_id": "CORE_NO_CI", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 103048, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (PDF) in source: Line 20693 contains a Unicode bidirectional override character (U+202C PDF). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 103052, "scanner": "repobility-supply-chain", "fingerprint": "b29591792c3e849b8812c92e4e67c68ab2ee8d502d088b5ae0ab2559154bd017", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|token", "duplicate_count": 4, "duplicate_rule_ids": ["MINED123"], "duplicate_scanners": ["repobility-supply-chain"], "duplicate_fingerprints": ["29229fb89baf5015d09f4b60dbe85bb55328ca96c9eb1da61aa58b66a19f6f34", "a6692a62f1808e4ea70f660896af159ecdbe714184310c82a050927499a3b2a5", "ab63c5e51a2839ae83ea1f7b1fc73ae266fca93f363606515a90a8ba07f54427", "b29591792c3e849b8812c92e4e67c68ab2ee8d502d088b5ae0ab2559154bd017", "dc6c843609f040cf51d0e571918c2da4396959c3f0fb5d8b10a6960323687099"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/indisponible/indisponible.ts"}, "region": {"startLine": 20693}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (FSI) in source: Line 57092 contains a Unicode bidirectional override character (U+2068 FSI). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 103051, "scanner": "repobility-supply-chain", "fingerprint": "bb93f616810931822c50eadd64039ea8f817b23541c0e859cd0e5f5bba107087", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 9 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|assets/drm/drm.ts", "duplicate_count": 9, "duplicate_rule_ids": ["MINED123"], "duplicate_scanners": ["repobility-supply-chain"], "duplicate_fingerprints": ["038f02fca4b0f9cde38d75982ff03d5c93e20230f42f25d062334450a8249df4", "7419b977f6d2e60d924026ab841985dc590fd5c17d621637354ef6f358e20f14", "7c8d41182c21012a019037288c7b2a1ba8ab277417fa7dd1dd8c9c4d8b3aa6fa", "8d620a17421b2dcc6ab696a5ebd8ee501d38217a528e068aae7b388cdb4cf90e", "99913c43d0512cc38e58fee7935a2987c5ad19e46db0342e518cefa55b0b03c3", "a6fec7862ab930128ba5da588201ea29de7c9a1b3e5b8ba9ee167040a492a775", "bb93f616810931822c50eadd64039ea8f817b23541c0e859cd0e5f5bba107087", "d682bcb8db9a283ba62336b6635fe0e0a1c3a3340301835aa6717dc2f9b8c235", "dbea3e9c1f347e13f4650461931dde8cf3e199c1ac90528021607834bd70ebcc", "de4657716e022d75e4f38f36b652c36eb4fca5ae9078140eb627a56b7998529e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/drm/drm.ts"}, "region": {"startLine": 57092}}}]}]}]}