{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `__call__` has cognitive complexity 19 (SonarSource scale). Cognitive comp", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `__call__` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 19."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED076", "name": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message", "shortDescription": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 14 more): Same pattern found in 14 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-python` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `actions/setup-python` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: actions/setup-python@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_two_mixed", "shortDescription": {"text": "Phantom test coverage: test_two_mixed"}, "fullDescription": {"text": "Test function `test_two_mixed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.pop_payload` used but never assigned in __init__", "shortDescription": {"text": "`self.pop_payload` used but never assigned in __init__"}, "fullDescription": {"text": "Method `_render_static_version` of class `TGFlash` reads `self.pop_payload`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `mimetypes` used but not imported", "shortDescription": {"text": "Missing import: `mimetypes` used but not imported"}, "fullDescription": {"text": "The file uses `mimetypes.something(...)` but never imports `mimetypes`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1327"}, "properties": {"repository": "TurboGears/tg2", "repoUrl": "https://github.com/TurboGears/tg2", "branch": "development"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 135835, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 135834, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 135829, "scanner": "repobility-threat-engine", "fingerprint": "147c0b17f2844825517fb302bca371dabb64b60cbf5f0d99468b376dc8a2fe8b", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|tg/request_local.py|122|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/request_local.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 135826, "scanner": "repobility-threat-engine", "fingerprint": "9b051d4c1c687db9856e9e45652bd3d71afb4ca73a1c1a905ab58f364befcabf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def evaluate(self, environ, credentials):\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9b051d4c1c687db9856e9e45652bd3d71afb4ca73a1c1a905ab58f364befcabf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 135825, "scanner": "repobility-threat-engine", "fingerprint": "f05f2d8546a7984d296c4e20e9f3e8cf525828acfcb6a7728f31ba3e7f2be33a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f05f2d8546a7984d296c4e20e9f3e8cf525828acfcb6a7728f31ba3e7f2be33a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/jsonify.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 135822, "scanner": "repobility-threat-engine", "fingerprint": "2b876ce8ab763961754b792783c0fc69d32a09b8de062efd0c560da8e232ef4b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|tg/util/lazystring.py|15|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/util/lazystring.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 135821, "scanner": "repobility-threat-engine", "fingerprint": "252815604839ee154a80688a716458a3e70689a22767eac7f4947c2281fea16d", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ";eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|tg/flash.py|43|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 135805, "scanner": "repobility-threat-engine", "fingerprint": "70f53993be6ff015e44d417676fc33b0023e84d1d519731e3b05a3cad2dae60c", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "random.choice(list(engines[\"slaves\"].key", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|44|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/sqla/balanced_session.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 135804, "scanner": "repobility-threat-engine", "fingerprint": "0e73a7b0ee5f7a665092f1d4495243ae33bc0aac9daf97bcfdecf0f6c94eb9ae", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_cache_key", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|tg/caching.py|151|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/caching.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `__call__` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=3, if=5, nested_bonus=10, while=1."}, "properties": {"repobilityId": 135801, "scanner": "repobility-threat-engine", "fingerprint": "57398b9a73910043a7b954a4f140d94f8707eac5c278272da4323fe00ab8085b", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 19 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__call__", "breakdown": {"if": 5, "while": 1, "except": 3, "nested_bonus": 10}, "complexity": 19, "correlation_key": "fp|57398b9a73910043a7b954a4f140d94f8707eac5c278272da4323fe00ab8085b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/appwrappers/transaction_manager.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135787, "scanner": "repobility-ast-engine", "fingerprint": "43bc9f2a2d6dd5bf70244a9d31a1c99fd8f4a290159ae2d599b62fb40559545d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43bc9f2a2d6dd5bf70244a9d31a1c99fd8f4a290159ae2d599b62fb40559545d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/appwrappers/errorpage.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135785, "scanner": "repobility-ast-engine", "fingerprint": "44ead93f529f9086031deb74d1a06d7224213963a9f2b98cc5ce8e28c12a6dda", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|44ead93f529f9086031deb74d1a06d7224213963a9f2b98cc5ce8e28c12a6dda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/decorators/decoration.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135784, "scanner": "repobility-ast-engine", "fingerprint": "78b69c1028e9aadb806c891bd9ce675455cf1d74c679777fde30a1f8f4a6b796", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78b69c1028e9aadb806c891bd9ce675455cf1d74c679777fde30a1f8f4a6b796"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/decorators/decoration.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135783, "scanner": "repobility-ast-engine", "fingerprint": "864ba483f6896c27b8f0c4c027b055cb152983da6ea1e7899f5841d99933fb0a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|864ba483f6896c27b8f0c4c027b055cb152983da6ea1e7899f5841d99933fb0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/decorators/decorators.py"}, "region": {"startLine": 516}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135782, "scanner": "repobility-ast-engine", "fingerprint": "eaaeb03e9d5b37d050c1c7cbc12e37e11652f8fefe4e07ba4a05da01b7e1053d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eaaeb03e9d5b37d050c1c7cbc12e37e11652f8fefe4e07ba4a05da01b7e1053d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/decorators/decorators.py"}, "region": {"startLine": 310}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135781, "scanner": "repobility-ast-engine", "fingerprint": "ea7ffe84d9e310ce4ee61fd4e76f422f1262101b9defe0a7932053cd01bd6b15", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea7ffe84d9e310ce4ee61fd4e76f422f1262101b9defe0a7932053cd01bd6b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/renderers/mako.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135780, "scanner": "repobility-ast-engine", "fingerprint": "68eeeb908df5c559c16fb6b7f7a84078470a4908f93a45fa217d9951074361ac", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68eeeb908df5c559c16fb6b7f7a84078470a4908f93a45fa217d9951074361ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stack/rendering/test_decorators.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135779, "scanner": "repobility-ast-engine", "fingerprint": "34b5bda24e82826b819ece9e9224f4bc908f5972fb77b8ec70f304c6ded36ea0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34b5bda24e82826b819ece9e9224f4bc908f5972fb77b8ec70f304c6ded36ea0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stack/rendering/test_rendering.py"}, "region": {"startLine": 786}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135778, "scanner": "repobility-ast-engine", "fingerprint": "f2c760fb1ce43e6fcb882bee9109958dc71fc9a96f15058508f473458cd0b524", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2c760fb1ce43e6fcb882bee9109958dc71fc9a96f15058508f473458cd0b524"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stack/rendering/test_rendering.py"}, "region": {"startLine": 570}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135777, "scanner": "repobility-ast-engine", "fingerprint": "6bef07a350d4888553ff84a0c686eb7a62265d53a1c85b2ce3b5aba0c471a468", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bef07a350d4888553ff84a0c686eb7a62265d53a1c85b2ce3b5aba0c471a468"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stack/rendering/test_rendering.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135776, "scanner": "repobility-ast-engine", "fingerprint": "47a93bb329848fff6aafe2a58acc4623cba59f7c32271c3dfe89ec103d5b5461", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47a93bb329848fff6aafe2a58acc4623cba59f7c32271c3dfe89ec103d5b5461"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stack/rendering/test_rendering.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135775, "scanner": "repobility-ast-engine", "fingerprint": "744e5ffeaa46bbf5bf8e871c67f3e29c39bc7038dfc0704449b4945feae54f78", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|744e5ffeaa46bbf5bf8e871c67f3e29c39bc7038dfc0704449b4945feae54f78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stack/dispatch/test_url_dispatch.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135774, "scanner": "repobility-ast-engine", "fingerprint": "d6e6b59212785ec5282cd82a2d1230f0bed5e7bde3581be7ea63febe682c7264", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d6e6b59212785ec5282cd82a2d1230f0bed5e7bde3581be7ea63febe682c7264"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_jsonify_sqlalchemy.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135773, "scanner": "repobility-ast-engine", "fingerprint": "5cdd642ea0144700771c003775f7a38c6900c916b411b11d055e13923eacdd5e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cdd642ea0144700771c003775f7a38c6900c916b411b11d055e13923eacdd5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_configuration.py"}, "region": {"startLine": 1882}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135772, "scanner": "repobility-ast-engine", "fingerprint": "74a6bc179765a2e27479279679e9212f7951cb2e530c51bc81ff976a42dd8cab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74a6bc179765a2e27479279679e9212f7951cb2e530c51bc81ff976a42dd8cab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_configuration.py"}, "region": {"startLine": 1624}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135771, "scanner": "repobility-ast-engine", "fingerprint": "2c538df0da80f8d0125cc008e974f0ebb869092c2364b0be65ac978f297a3421", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c538df0da80f8d0125cc008e974f0ebb869092c2364b0be65ac978f297a3421"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_configuration.py"}, "region": {"startLine": 899}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135744, "scanner": "repobility-ast-engine", "fingerprint": "3c62400de78b07b1a19e3881e4a857825bddc8d5b166d843f648a9b34051d1de", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c62400de78b07b1a19e3881e4a857825bddc8d5b166d843f648a9b34051d1de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/i18n.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `identify` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, except=1, if=5, nested_bonus=5."}, "properties": {"repobilityId": 135802, "scanner": "repobility-threat-engine", "fingerprint": "5fa00348145cc5077dc5da45bb5dc0f491d028eb89a29bd23644d7eeed41e3cc", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "identify", "breakdown": {"if": 5, "elif": 2, "except": 1, "nested_bonus": 5}, "complexity": 13, "correlation_key": "fp|5fa00348145cc5077dc5da45bb5dc0f491d028eb89a29bd23644d7eeed41e3cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/auth/fastform.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `__call__` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, if=4, nested_bonus=4."}, "properties": {"repobilityId": 135800, "scanner": "repobility-threat-engine", "fingerprint": "74d6f170e16be7c0db929da5713d59442c7bcb31319dfa46b4db572013fc060c", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__call__", "breakdown": {"if": 4, "else": 2, "nested_bonus": 4}, "complexity": 10, "correlation_key": "fp|74d6f170e16be7c0db929da5713d59442c7bcb31319dfa46b4db572013fc060c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/appwrappers/i18n.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 135718, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d49ea41d0af3902a3e422cd2e898d011c588095bc32b5429e8f9a9bc3e14ac7d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tg/caching.py", "duplicate_line": 65, "correlation_key": "fp|d49ea41d0af3902a3e422cd2e898d011c588095bc32b5429e8f9a9bc3e14ac7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/decorators/decorators.py"}, "region": {"startLine": 582}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 135717, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef2e74ea94361c737f085e1487ef22ca2b0681ac5e4c3c816618680a397b1d5f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tg/configurator/components/error_reporting.py", "duplicate_line": 71, "correlation_key": "fp|ef2e74ea94361c737f085e1487ef22ca2b0681ac5e4c3c816618680a397b1d5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configurator/components/slow_requests.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED076", "level": "none", "message": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "properties": {"repobilityId": 135827, "scanner": "repobility-threat-engine", "fingerprint": "c71d101fe7ab178448529a9d0d153b4a82299450cbf2bb0255147ecc6cbb2b07", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "catch-and-reraise-noop", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348079+00:00", "triaged_in_corpus": 10, "observations_count": 8333, "ai_coder_pattern_id": 45}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c71d101fe7ab178448529a9d0d153b4a82299450cbf2bb0255147ecc6cbb2b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 135824, "scanner": "repobility-threat-engine", "fingerprint": "482d3a0ebbed14fd3edf54016b563fadc5197ee9a3498051cd35f4aecc520663", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|482d3a0ebbed14fd3edf54016b563fadc5197ee9a3498051cd35f4aecc520663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/jsonify.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 135823, "scanner": "repobility-threat-engine", "fingerprint": "1337147ef773be6fff0421206d1e23ee08bfaf03a456a9ce38c54e193ef2f142", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1337147ef773be6fff0421206d1e23ee08bfaf03a456a9ce38c54e193ef2f142"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/i18n.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 135820, "scanner": "repobility-threat-engine", "fingerprint": "60d7a967589ada85a8f90bdffdc921455ffd03cd63344433da4c765149b88c10", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|60d7a967589ada85a8f90bdffdc921455ffd03cd63344433da4c765149b88c10", "aggregated_count": 5}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 135819, "scanner": "repobility-threat-engine", "fingerprint": "7eb7ebb4895b07539a3f2bcb1ab5998df98bd0931266ee7bf53bd7ee9f8e7d82", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7eb7ebb4895b07539a3f2bcb1ab5998df98bd0931266ee7bf53bd7ee9f8e7d82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/renderers/genshi.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 135818, "scanner": "repobility-threat-engine", "fingerprint": "57f202777d0a2ab844909cad614baffd90185e2f9429d677298d02df9840805c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|57f202777d0a2ab844909cad614baffd90185e2f9429d677298d02df9840805c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 135817, "scanner": "repobility-threat-engine", "fingerprint": "ebea4822970ea6dcf8a9633034e61f4f56c4f9a94ce08102a7b8497c7f97082a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ebea4822970ea6dcf8a9633034e61f4f56c4f9a94ce08102a7b8497c7f97082a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/utils.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 135816, "scanner": "repobility-threat-engine", "fingerprint": "06e694e6fd7732ad8afb9f594998b126d3c578b72a870f7ed76d6b811c6e64ed", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|06e694e6fd7732ad8afb9f594998b126d3c578b72a870f7ed76d6b811c6e64ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/support/statics.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 135815, "scanner": "repobility-threat-engine", "fingerprint": "fd64eb9098c55ac9cc55308bf1d2eca3b77a5a283302a49b25ac593d7f91a315", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd64eb9098c55ac9cc55308bf1d2eca3b77a5a283302a49b25ac593d7f91a315"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/renderers/jinja.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 135814, "scanner": "repobility-threat-engine", "fingerprint": "51c569a6b23fd6299007f071c4c40a2b89500a2ba4afb23ba55eac3005da2ca3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|51c569a6b23fd6299007f071c4c40a2b89500a2ba4afb23ba55eac3005da2ca3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/auth/setup.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 135813, "scanner": "repobility-threat-engine", "fingerprint": "fff7006c9f550bb38e7c95fda925dbfe05225905659680997c816b0c34c744fc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|fff7006c9f550bb38e7c95fda925dbfe05225905659680997c816b0c34c744fc", "aggregated_count": 10}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 135809, "scanner": "repobility-threat-engine", "fingerprint": "d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 33 more): Same pattern found in 33 additional files. Review if needed."}, "properties": {"repobilityId": 135803, "scanner": "repobility-threat-engine", "fingerprint": "4e7f0d0d6a8b8cb47f905303473a0d47ff5f2d6b221e2403c5cf6933dab110a4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 33 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "__call__", "breakdown": {"if": 4, "else": 2, "nested_bonus": 4}, "aggregated": true, "complexity": 10, "correlation_key": "fp|4e7f0d0d6a8b8cb47f905303473a0d47ff5f2d6b221e2403c5cf6933dab110a4", "aggregated_count": 33}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 135799, "scanner": "repobility-threat-engine", "fingerprint": "60d3535791d57daecb7571f76beae1cc0e0c1ff976eb68234272a7f7e7d25fca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|60d3535791d57daecb7571f76beae1cc0e0c1ff976eb68234272a7f7e7d25fca"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 135795, "scanner": "repobility-threat-engine", "fingerprint": "aa1cd71561e05e95642798878be0af8ceb3a68e6c4fc5321d404c6e036a65d1a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|aa1cd71561e05e95642798878be0af8ceb3a68e6c4fc5321d404c6e036a65d1a", "aggregated_count": 19}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 135794, "scanner": "repobility-threat-engine", "fingerprint": "d9b8568fb29d642e6183d76b463d61bc033529c21449db78546c88ffb977499f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9b8568fb29d642e6183d76b463d61bc033529c21449db78546c88ffb977499f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/auth/setup.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 135793, "scanner": "repobility-threat-engine", "fingerprint": "ce93aca9bbd7bbdc00ce6ccd3b3d789ea7277e1edd61f3547ebbbd6ec5dc1b3b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce93aca9bbd7bbdc00ce6ccd3b3d789ea7277e1edd61f3547ebbbd6ec5dc1b3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/app_config.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 135792, "scanner": "repobility-threat-engine", "fingerprint": "4847f63aff002e07cff5ba67f3eeb1439fec2c0bd46a5af55682e4c3d47e8a3f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4847f63aff002e07cff5ba67f3eeb1439fec2c0bd46a5af55682e4c3d47e8a3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/appwrappers/base.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 135831, "scanner": "repobility-threat-engine", "fingerprint": "c60d11c6384399fe23b8e2251acd5271b8a596e5d4c24f77bda5bad7e77d801c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c60d11c6384399fe23b8e2251acd5271b8a596e5d4c24f77bda5bad7e77d801c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/request_local.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 135812, "scanner": "repobility-threat-engine", "fingerprint": "79a1a8a5a1cb4c11402bf87862db4e755bd4726340f35a91a38f1824c556c1df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79a1a8a5a1cb4c11402bf87862db4e755bd4726340f35a91a38f1824c556c1df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/utils.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 135811, "scanner": "repobility-threat-engine", "fingerprint": "7492827ab77ec1783a78453e43ec13268ba7c9503eff97b02de73e35fc1d4a1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7492827ab77ec1783a78453e43ec13268ba7c9503eff97b02de73e35fc1d4a1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/sqla/balanced_session.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 135810, "scanner": "repobility-threat-engine", "fingerprint": "a39f9f57829daf47daf6596bf95b9df515ad5d49796e6a7e3ae9540cd37c9be5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a39f9f57829daf47daf6596bf95b9df515ad5d49796e6a7e3ae9540cd37c9be5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/auth/setup.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 135808, "scanner": "repobility-threat-engine", "fingerprint": "83991b6751b5ceb805c7262052d2577e3d32cb6a9a41d11ae7c1a02b23fc62f7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|83991b6751b5ceb805c7262052d2577e3d32cb6a9a41d11ae7c1a02b23fc62f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/controllers/restcontroller.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 135807, "scanner": "repobility-threat-engine", "fingerprint": "c77983f580170f9d59e3587b0a497ad086f1591b9d43272476a5baf306bd11c4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c77983f580170f9d59e3587b0a497ad086f1591b9d43272476a5baf306bd11c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/controllers/dispatcher.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 135806, "scanner": "repobility-threat-engine", "fingerprint": "5c13e5a4507263d976350fa15978873eea27f2804bd26882fa92498ffbff5810", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5c13e5a4507263d976350fa15978873eea27f2804bd26882fa92498ffbff5810"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/configuration/auth/fastform.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 135798, "scanner": "repobility-threat-engine", "fingerprint": "fe1b5d73d0ffcb26d97c1f91e648b61358884b4661c2bfb80da0d0727fe87739", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "options.update(\n            coerce_config(\n                config, \"identity.\", {\"enabled\":", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fe1b5d73d0ffcb26d97c1f91e648b61358884b4661c2bfb80da0d0727fe87739"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/appwrappers/identity.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 135797, "scanner": "repobility-threat-engine", "fingerprint": "568866a9117b6b44d260b2b057f0a3d321772a895897195c2c15ed8c4abba98e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "options.update(\n            coerce_config(\n                config,\n                \"i18n.\",", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|568866a9117b6b44d260b2b057f0a3d321772a895897195c2c15ed8c4abba98e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/appwrappers/i18n.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 135796, "scanner": "repobility-threat-engine", "fingerprint": "bf446ea1712b752d58c928212b7c17e05ba69733b54f8e4d16c15ccee495a56e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "options.update(\n            coerce_config(\n                config,\n                \"errorpag", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bf446ea1712b752d58c928212b7c17e05ba69733b54f8e4d16c15ccee495a56e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/appwrappers/errorpage.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 135791, "scanner": "repobility-supply-chain", "fingerprint": "aca415dd539d6040d0db810ad859a3c0669c840078ecf9edd4357ee0be9baeb6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aca415dd539d6040d0db810ad859a3c0669c840078ecf9edd4357ee0be9baeb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/ruff-action` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 135790, "scanner": "repobility-supply-chain", "fingerprint": "b11df8a1955749cf4b253cb377158563cc3998eec3a5b832af486bc9c074087f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b11df8a1955749cf4b253cb377158563cc3998eec3a5b832af486bc9c074087f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/ruff-action` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 135789, "scanner": "repobility-supply-chain", "fingerprint": "9273340388a26b53ed771191c45d3cca4b8e6e97fa5fb1341ca67156bd3148c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9273340388a26b53ed771191c45d3cca4b8e6e97fa5fb1341ca67156bd3148c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 135788, "scanner": "repobility-supply-chain", "fingerprint": "126d30867ae417127ce9a61d183a62f25bb1077e1ea2056aa315231cfb6267cc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|126d30867ae417127ce9a61d183a62f25bb1077e1ea2056aa315231cfb6267cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_two_mixed"}, "properties": {"repobilityId": 135770, "scanner": "repobility-ast-engine", "fingerprint": "6457692385c85d622514ec0bfd0c86f3fe60abb62c8520ab07ad7c9f71c8d7f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6457692385c85d622514ec0bfd0c86f3fe60abb62c8520ab07ad7c9f71c8d7f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_two_false"}, "properties": {"repobilityId": 135769, "scanner": "repobility-ast-engine", "fingerprint": "8ef798902ded6e9a0797cbcc54b0a9f558ed178df591b618ab5c2f575c8be54b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ef798902ded6e9a0797cbcc54b0a9f558ed178df591b618ab5c2f575c8be54b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_two_true"}, "properties": {"repobilityId": 135768, "scanner": "repobility-ast-engine", "fingerprint": "075441b482af737932a7b2ad0277b1cf35c2b02c0800f381276f072b8732c4f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|075441b482af737932a7b2ad0277b1cf35c2b02c0800f381276f072b8732c4f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_one_false"}, "properties": {"repobilityId": 135767, "scanner": "repobility-ast-engine", "fingerprint": "6175a9bfbb142aed64f0d2faa298d105e250c7afdafde51dd94281f2d4bd0636", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6175a9bfbb142aed64f0d2faa298d105e250c7afdafde51dd94281f2d4bd0636"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_one_true"}, "properties": {"repobilityId": 135766, "scanner": "repobility-ast-engine", "fingerprint": "ffdda556e57119074173e5447c4108a954cea5a6c613c860c4eb44f6f5b317c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ffdda556e57119074173e5447c4108a954cea5a6c613c860c4eb44f6f5b317c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_success"}, "properties": {"repobilityId": 135765, "scanner": "repobility-ast-engine", "fingerprint": "9ae4cb2bb65bc117b612ec35e9adf8e7658a2509fbc6b3270a83eef9e51dd370", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ae4cb2bb65bc117b612ec35e9adf8e7658a2509fbc6b3270a83eef9e51dd370"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_failure_with_custom_message"}, "properties": {"repobilityId": 135764, "scanner": "repobility-ast-engine", "fingerprint": "aec5270e58de574658974100ab44220e7e24b4dcdd052c06727ab11f5dfae13d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aec5270e58de574658974100ab44220e7e24b4dcdd052c06727ab11f5dfae13d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_failure"}, "properties": {"repobilityId": 135763, "scanner": "repobility-ast-engine", "fingerprint": "7b28ccd4a23b3d2d3f93b1e402b88d78caf292252b27e58aea522e8fad3e6439", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b28ccd4a23b3d2d3f93b1e402b88d78caf292252b27e58aea522e8fad3e6439"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_authorized"}, "properties": {"repobilityId": 135762, "scanner": "repobility-ast-engine", "fingerprint": "46c28b0eceef09a666c2f2d32ed39834369c0a778dcd7d1ad872291ec746478f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46c28b0eceef09a666c2f2d32ed39834369c0a778dcd7d1ad872291ec746478f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unicode_messages"}, "properties": {"repobilityId": 135761, "scanner": "repobility-ast-engine", "fingerprint": "5d314ba55edfcc390afe52a377cfa5c592b57758772cd8022014fb64680be3e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d314ba55edfcc390afe52a377cfa5c592b57758772cd8022014fb64680be3e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_evaluate_isnt_implemented"}, "properties": {"repobilityId": 135760, "scanner": "repobility-ast-engine", "fingerprint": "4d9f10ee1bf894ab86a8bf527608f76a1689c518485bc220730f60955bb09002", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d9f10ee1bf894ab86a8bf527608f76a1689c518485bc220730f60955bb09002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_predicates.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_delete_method"}, "properties": {"repobilityId": 135759, "scanner": "repobility-ast-engine", "fingerprint": "658c814cf34d91c1b8f3c5acbeee58585c310fa8e167248814ad38f3209d7e81", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|658c814cf34d91c1b8f3c5acbeee58585c310fa8e167248814ad38f3209d7e81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_rest_controller_dispatch.py"}, "region": {"startLine": 575}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_delete_bad"}, "properties": {"repobilityId": 135758, "scanner": "repobility-ast-engine", "fingerprint": "8784066f20aeff6b1863fd8810d625d11458813e607b85a43923240da2ce0409", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8784066f20aeff6b1863fd8810d625d11458813e607b85a43923240da2ce0409"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_rest_controller_dispatch.py"}, "region": {"startLine": 477}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_put_get"}, "properties": {"repobilityId": 135757, "scanner": "repobility-ast-engine", "fingerprint": "ca9d79aa538ad91a5ca8cf5bdfd4019db7ac171b81480ae792817767daa9a19b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca9d79aa538ad91a5ca8cf5bdfd4019db7ac171b81480ae792817767daa9a19b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_rest_controller_dispatch.py"}, "region": {"startLine": 474}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_root_default_dispatch"}, "properties": {"repobilityId": 135756, "scanner": "repobility-ast-engine", "fingerprint": "6815fface7f9b42ae177c857e17a1c2a7056bd48f732fe9fb1471432d6f81ac7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6815fface7f9b42ae177c857e17a1c2a7056bd48f732fe9fb1471432d6f81ac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_rest_controller_dispatch.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_304_on_post"}, "properties": {"repobilityId": 135755, "scanner": "repobility-ast-engine", "fingerprint": "1b844c747315bce02dfde73a5724562c6aae5672e40929d5becb33bbd4f7bd7e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b844c747315bce02dfde73a5724562c6aae5672e40929d5becb33bbd4f7bd7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_statics.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_if_none_match"}, "properties": {"repobilityId": 135754, "scanner": "repobility-ast-engine", "fingerprint": "bf3ff5fe9690f6c593b6b6e58c409e0615b02306332e4b47c714d05877453fab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf3ff5fe9690f6c593b6b6e58c409e0615b02306332e4b47c714d05877453fab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_statics.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_if_modified_since_future"}, "properties": {"repobilityId": 135753, "scanner": "repobility-ast-engine", "fingerprint": "56c14dd6e70516eb3ddcea40be28af4abe753c36cd6e5e66e845e8dd22e18c4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56c14dd6e70516eb3ddcea40be28af4abe753c36cd6e5e66e845e8dd22e18c4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_statics.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_if_modified_since_invalid_date"}, "properties": {"repobilityId": 135752, "scanner": "repobility-ast-engine", "fingerprint": "30e0bee896253d1c82e56110c3f25932ab32b69cc482f35818e8a0233bcc01a2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30e0bee896253d1c82e56110c3f25932ab32b69cc482f35818e8a0233bcc01a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_statics.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_startup_hook_with_exception"}, "properties": {"repobilityId": 135750, "scanner": "repobility-ast-engine", "fingerprint": "938a895f53aa19eb1329c2a511936b7da9240f9041df1c0330a50c475a1a384f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|938a895f53aa19eb1329c2a511936b7da9240f9041df1c0330a50c475a1a384f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_hooks.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dedicated_controller_wrapper_after_milestone_reached"}, "properties": {"repobilityId": 135749, "scanner": "repobility-ast-engine", "fingerprint": "a486e8f4e85efa18547cf056decb568b2f4d1ad3b8f691e994c510686b61726a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a486e8f4e85efa18547cf056decb568b2f4d1ad3b8f691e994c510686b61726a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_hooks.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_global_controller_wrapper_after_milestone_reached"}, "properties": {"repobilityId": 135748, "scanner": "repobility-ast-engine", "fingerprint": "e1b37b2b495c12f81ef747d8b760a2650b83be242c14001ec194811ce4bec2c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e1b37b2b495c12f81ef747d8b760a2650b83be242c14001ec194811ce4bec2c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_hooks.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_controller_wrapper_using_register"}, "properties": {"repobilityId": 135747, "scanner": "repobility-ast-engine", "fingerprint": "75be34c4d9d01d049bc9697ffb3288f885893adcb7a9696d9f3c04fc20791aa6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75be34c4d9d01d049bc9697ffb3288f885893adcb7a9696d9f3c04fc20791aa6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_hooks.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_hooks_shutdown_on_controller"}, "properties": {"repobilityId": 135746, "scanner": "repobility-ast-engine", "fingerprint": "2b03c244940b4f104d2595188393ecaa1444de56899c3c7881583800b60f0124", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b03c244940b4f104d2595188393ecaa1444de56899c3c7881583800b60f0124"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_hooks.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_hooks_startup_on_controller"}, "properties": {"repobilityId": 135745, "scanner": "repobility-ast-engine", "fingerprint": "5a844fc28d22aa20251a4bcafac23beec3582b23e6a037bd8f12c5f4da0cdcfa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5a844fc28d22aa20251a4bcafac23beec3582b23e6a037bd8f12c5f4da0cdcfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_hooks.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.pop_payload` used but never assigned in __init__"}, "properties": {"repobilityId": 135743, "scanner": "repobility-ast-engine", "fingerprint": "9ffe6cee4560230138ab58e42a19c57f554a7ca90c9da1a4cb23ca7ebe5ca4b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ffe6cee4560230138ab58e42a19c57f554a7ca90c9da1a4cb23ca7ebe5ca4b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._render_static_version` used but never assigned in __init__"}, "properties": {"repobilityId": 135742, "scanner": "repobility-ast-engine", "fingerprint": "4cf5fa8f7b198005724addb458e9fc531dc90a12099b2b81090b2c2d7c6ba10f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4cf5fa8f7b198005724addb458e9fc531dc90a12099b2b81090b2c2d7c6ba10f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._render_js_version` used but never assigned in __init__"}, "properties": {"repobilityId": 135741, "scanner": "repobility-ast-engine", "fingerprint": "9047ca7ae177029efb3488d4f39e6050cdfac84c06d83fdc3d3291defbd16961", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9047ca7ae177029efb3488d4f39e6050cdfac84c06d83fdc3d3291defbd16961"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.allow_html` used but never assigned in __init__"}, "properties": {"repobilityId": 135740, "scanner": "repobility-ast-engine", "fingerprint": "54435c1787eca1398bdc6ea082e2d0c65444c47ef7bdd5260ce66e1510f03f79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54435c1787eca1398bdc6ea082e2d0c65444c47ef7bdd5260ce66e1510f03f79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.default_status` used but never assigned in __init__"}, "properties": {"repobilityId": 135739, "scanner": "repobility-ast-engine", "fingerprint": "47b39afac5f0907d89aec7609229acfc199b5fd7fff860369828fc1da9e66a7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47b39afac5f0907d89aec7609229acfc199b5fd7fff860369828fc1da9e66a7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.cookie_name` used but never assigned in __init__"}, "properties": {"repobilityId": 135738, "scanner": "repobility-ast-engine", "fingerprint": "64a27e0c0c7b165a3db00bc53760944c1a874e4682d0c8da8c7c699244e73f62", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64a27e0c0c7b165a3db00bc53760944c1a874e4682d0c8da8c7c699244e73f62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._prepare_payload` used but never assigned in __init__"}, "properties": {"repobilityId": 135737, "scanner": "repobility-ast-engine", "fingerprint": "dd302850ea16c37de4f3e184ccf452a04f76d336eb7dee6bd869fa12e476005c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd302850ea16c37de4f3e184ccf452a04f76d336eb7dee6bd869fa12e476005c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.allow_html` used but never assigned in __init__"}, "properties": {"repobilityId": 135736, "scanner": "repobility-ast-engine", "fingerprint": "0b975ff60a178ee5d42ff396cedd09fd60b3f1b63d29470f89324b0c0d188d50", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b975ff60a178ee5d42ff396cedd09fd60b3f1b63d29470f89324b0c0d188d50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.js_template` used but never assigned in __init__"}, "properties": {"repobilityId": 135735, "scanner": "repobility-ast-engine", "fingerprint": "7d87c9e804d34afcd52c0e5292ce03832966323181ad6b50c2f9cfc970e2af30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d87c9e804d34afcd52c0e5292ce03832966323181ad6b50c2f9cfc970e2af30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.js_call` used but never assigned in __init__"}, "properties": {"repobilityId": 135734, "scanner": "repobility-ast-engine", "fingerprint": "0247d36447183b4004e0d3faf82a195d1e379752fc3d05347f656ddd57485a83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0247d36447183b4004e0d3faf82a195d1e379752fc3d05347f656ddd57485a83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.static_template` used but never assigned in __init__"}, "properties": {"repobilityId": 135733, "scanner": "repobility-ast-engine", "fingerprint": "9a1bc5cde924d6f659cc781e2923f8c38699c9273b74a58a3b4373777e245209", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a1bc5cde924d6f659cc781e2923f8c38699c9273b74a58a3b4373777e245209"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.cookie_name` used but never assigned in __init__"}, "properties": {"repobilityId": 135732, "scanner": "repobility-ast-engine", "fingerprint": "a43ef8ab629c83e4faecfda831ebd1ef3e9894f33a15695faded6053fe7fea9b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a43ef8ab629c83e4faecfda831ebd1ef3e9894f33a15695faded6053fe7fea9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.default_status` used but never assigned in __init__"}, "properties": {"repobilityId": 135731, "scanner": "repobility-ast-engine", "fingerprint": "ed40fb5374972a1df40b60e85fe410b7722a1c91bef823e480120fe998952279", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed40fb5374972a1df40b60e85fe410b7722a1c91bef823e480120fe998952279"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/flash.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.unmet` used but never assigned in __init__"}, "properties": {"repobilityId": 135730, "scanner": "repobility-ast-engine", "fingerprint": "02c4bc1546792c3fe21a7b33a3b2ed9930e1097bc44bfdbe01f069039a9f462d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02c4bc1546792c3fe21a7b33a3b2ed9930e1097bc44bfdbe01f069039a9f462d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 354}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.unmet` used but never assigned in __init__"}, "properties": {"repobilityId": 135729, "scanner": "repobility-ast-engine", "fingerprint": "4429700e290aa09c48c673acda9b30cbd3ff394c5b55feff83c15c13f5e0043f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4429700e290aa09c48c673acda9b30cbd3ff394c5b55feff83c15c13f5e0043f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.unmet` used but never assigned in __init__"}, "properties": {"repobilityId": 135728, "scanner": "repobility-ast-engine", "fingerprint": "355faa7c8a899ddedde0be92db879c7f2b108bb53572a86f7aaddf604e9721ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|355faa7c8a899ddedde0be92db879c7f2b108bb53572a86f7aaddf604e9721ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.unmet` used but never assigned in __init__"}, "properties": {"repobilityId": 135727, "scanner": "repobility-ast-engine", "fingerprint": "5792cab633087902086642151f8dce836d25c25d91eaca3e008d0ed3bf1b47ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5792cab633087902086642151f8dce836d25c25d91eaca3e008d0ed3bf1b47ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.unmet` used but never assigned in __init__"}, "properties": {"repobilityId": 135726, "scanner": "repobility-ast-engine", "fingerprint": "c0469360565645dadeb375124edf6cf8ede18dcd5b620a41fdaa1a945d35e4cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0469360565645dadeb375124edf6cf8ede18dcd5b620a41fdaa1a945d35e4cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.unmet` used but never assigned in __init__"}, "properties": {"repobilityId": 135725, "scanner": "repobility-ast-engine", "fingerprint": "c8c9f2ef3445df80a6a18e2d1cb30cabe2b5887f12ee9986d7becbac931f0130", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8c9f2ef3445df80a6a18e2d1cb30cabe2b5887f12ee9986d7becbac931f0130"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.predicates` used but never assigned in __init__"}, "properties": {"repobilityId": 135724, "scanner": "repobility-ast-engine", "fingerprint": "2557f5beb180905795d643280e878d51c4cb69e02b06d97e6c7a51af3820d739", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2557f5beb180905795d643280e878d51c4cb69e02b06d97e6c7a51af3820d739"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.predicates` used but never assigned in __init__"}, "properties": {"repobilityId": 135723, "scanner": "repobility-ast-engine", "fingerprint": "23cc02eedd32db8032cbfb0d1757500e3afabced993ef1d3022994135aeb64dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23cc02eedd32db8032cbfb0d1757500e3afabced993ef1d3022994135aeb64dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.unmet` used but never assigned in __init__"}, "properties": {"repobilityId": 135722, "scanner": "repobility-ast-engine", "fingerprint": "a04bc1b9f8594afea1a2ec4f9559410978567236de93603927a3af75a0bf1d8d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a04bc1b9f8594afea1a2ec4f9559410978567236de93603927a3af75a0bf1d8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.is_met` used but never assigned in __init__"}, "properties": {"repobilityId": 135721, "scanner": "repobility-ast-engine", "fingerprint": "776e8288725264d2657b2e124101389e333e6799012812161d11d3f9cac03b0e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|776e8288725264d2657b2e124101389e333e6799012812161d11d3f9cac03b0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.evaluate` used but never assigned in __init__"}, "properties": {"repobilityId": 135720, "scanner": "repobility-ast-engine", "fingerprint": "d7e1679e8083d1d2bebb27064a6965022e86d144fae65931bd8b0f1fad580f72", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7e1679e8083d1d2bebb27064a6965022e86d144fae65931bd8b0f1fad580f72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.evaluate` used but never assigned in __init__"}, "properties": {"repobilityId": 135719, "scanner": "repobility-ast-engine", "fingerprint": "8d64495008f9ba24d321e1b9b7148c8a3873f08d14a40be5040cebb93e8abb28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d64495008f9ba24d321e1b9b7148c8a3873f08d14a40be5040cebb93e8abb28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/predicates.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 135833, "scanner": "repobility-threat-engine", "fingerprint": "4ed64fb0455ebbee9ec299bc9eab91c7d4c52a556eb80afbba2fdb649a1545a4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ed64fb0455ebbee9ec299bc9eab91c7d4c52a556eb80afbba2fdb649a1545a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/request_local.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 135832, "scanner": "repobility-threat-engine", "fingerprint": "14da40d3671bd5b3545f790d96acf633ef01a13a6c4b63643eb4719b39736a42", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|14da40d3671bd5b3545f790d96acf633ef01a13a6c4b63643eb4719b39736a42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/request_local.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 135830, "scanner": "repobility-threat-engine", "fingerprint": "a7975493c00e913cf817ce4054352c83f867d0fb1e693f4875561348a6efcb90", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a7975493c00e913cf817ce4054352c83f867d0fb1e693f4875561348a6efcb90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/request_local.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 135828, "scanner": "repobility-threat-engine", "fingerprint": "3e80096710d0d37b498cacbb524030b7e97acc96bf49c6424074d7e031517bc1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e80096710d0d37b498cacbb524030b7e97acc96bf49c6424074d7e031517bc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/renderers/mako.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `mimetypes` used but not imported"}, "properties": {"repobilityId": 135786, "scanner": "repobility-ast-engine", "fingerprint": "34a4b56c451fd99bc5780dc3c274f22d8552f50eb95e9643189e084158755843", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34a4b56c451fd99bc5780dc3c274f22d8552f50eb95e9643189e084158755843"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tg/controllers/dispatcher.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `traceback` used but not imported"}, "properties": {"repobilityId": 135751, "scanner": "repobility-ast-engine", "fingerprint": "a1ab6133d00036ed986ad1774860b5c84e60533f55a056d9c77f3338cee2528f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1ab6133d00036ed986ad1774860b5c84e60533f55a056d9c77f3338cee2528f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_errorware.py"}, "region": {"startLine": 82}}}]}]}]}