{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AGT013", "name": "Agent auto-approve or skip-permissions mode is easy to enable", "shortDescription": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "fullDescription": {"text": "Codex/agent auto-approve, YOLO, or skip-permissions modes can be useful in isolated automation, but they remove the human checkpoint before command execution, network access, and file edits."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AGT016", "name": "Codex session log reader may expose prompts or tool-call content", "shortDescription": {"text": "Codex session log reader may expose prompts or tool-call content"}, "fullDescription": {"text": "Codex session JSONL files can contain prompts, tool events, paths, and operational metadata, not only token counts. Token dashboards and exporters should avoid retaining or sharing raw session text."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.73, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/298"}, "properties": {"repository": "huangjunsen0406/py-xiaozhi", "repoUrl": "https://github.com/huangjunsen0406/py-xiaozhi", "branch": "main"}, "results": [{"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 9432, "scanner": "repobility-threat-engine", "fingerprint": "480ad6b23500220c25f00120bc6ab982178711d39406a516f06f40ce4ab7328a", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "CERT_NONE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|src/activation/service.py|555|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/activation/service.py"}, "region": {"startLine": 555}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 9431, "scanner": "repobility-threat-engine", "fingerprint": "e33ccd501bfb298dd0a0cf952b36b8e7c00526521f90d369442ae9b604ba0408", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n                cmd,\n                shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|. token|240|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".trellis/scripts/common/task_utils.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 9425, "scanner": "repobility-threat-engine", "fingerprint": "30a23e3b121bc8e7d1e27e0d391c3ea583779eef14c072460d5247984a3d0341", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|30a23e3b121bc8e7d1e27e0d391c3ea583779eef14c072460d5247984a3d0341"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/inject-subagent-context.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 9424, "scanner": "repobility-threat-engine", "fingerprint": "8a821cdfa1dd78e276b80e3c1fff8d9f17296aa26f06bd5b29493d53ae5badbc", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8a821cdfa1dd78e276b80e3c1fff8d9f17296aa26f06bd5b29493d53ae5badbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".trellis/scripts/common/task_store.py"}, "region": {"startLine": 277}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 9423, "scanner": "repobility-threat-engine", "fingerprint": "8e9e3a44e7b09192162416cbc65ba133dce43e831d732adc18b7f74f4c1ee272", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8e9e3a44e7b09192162416cbc65ba133dce43e831d732adc18b7f74f4c1ee272"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "main.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 9422, "scanner": "repobility-agent-runtime", "fingerprint": "5e954674ff19e1a7340b6c4e97b26a918cc97cc7e0b123ac80a945bd0cf9f262", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5e954674ff19e1a7340b6c4e97b26a918cc97cc7e0b123ac80a945bd0cf9f262"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documents/docs/guide/\u7cfb\u7edf\u4f9d\u8d56\u5b89\u88c5.md"}, "region": {"startLine": 155}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 9421, "scanner": "repobility-agent-runtime", "fingerprint": "7d66b29ba305d120c5b2eb734510e344ccac29c48cf1e418b0862cbd5e2f6742", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7d66b29ba305d120c5b2eb734510e344ccac29c48cf1e418b0862cbd5e2f6742"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".trellis/tasks/research/linux-audio-deps.md"}, "region": {"startLine": 204}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 9420, "scanner": "repobility-agent-runtime", "fingerprint": "18bfd227f6f5153e1503b03446101bf4583dabf1cc1f9f4cc4b3e76b59fef22b", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|18bfd227f6f5153e1503b03446101bf4583dabf1cc1f9f4cc4b3e76b59fef22b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".trellis/scripts/common/cli_adapter.py"}, "region": {"startLine": 344}}}]}, {"ruleId": "AGT016", "level": "warning", "message": {"text": "Codex session log reader may expose prompts or tool-call content"}, "properties": {"repobilityId": 9419, "scanner": "repobility-agent-runtime", "fingerprint": "86d91f818b7e952a566a15239f3294e4d06c5ddd55ede16732e2df279dc070e2", "category": "quality", "severity": "medium", "confidence": 0.73, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File reads Codex session JSONL or usage logs and references prompt/message/tool content without visible redaction controls.", "evidence": {"rule_id": "AGT016", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|86d91f818b7e952a566a15239f3294e4d06c5ddd55ede16732e2df279dc070e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/session-start.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9368b281dc1d4333e19053bf9b300e67d60ee5eab62d2249fb7c852582e93e51", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/cli/manager.py", "duplicate_line": 89, "correlation_key": "fp|9368b281dc1d4333e19053bf9b300e67d60ee5eab62d2249fb7c852582e93e51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/gpio/manager.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0daf16cbdf60b29d1d5e026440b44eb5d8b4a1e9376d200432bec5b22c917e0d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/app/scanner_linux.py", "duplicate_line": 82, "correlation_key": "fp|0daf16cbdf60b29d1d5e026440b44eb5d8b4a1e9376d200432bec5b22c917e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/app/scanner_mac.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eda1116efc4d7954ec7710ea1fee7a0e15cb554c82aca773c20a893ba2f71b0b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".trellis/scripts/common/active_task.py", "duplicate_line": 87, "correlation_key": "fp|eda1116efc4d7954ec7710ea1fee7a0e15cb554c82aca773c20a893ba2f71b0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".trellis/scripts/common/paths.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9415, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8bae10fba22f4a12a05596816d7632f5e64b1ed0baafd7ef44768a46e8d24289", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".claude/hooks/inject-workflow-state.py", "duplicate_line": 47, "correlation_key": "fp|8bae10fba22f4a12a05596816d7632f5e64b1ed0baafd7ef44768a46e8d24289"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/session-start.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9414, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c805d8d384a59319b0eb0a22b032949ebae7205cca7d8196c4eeaa7a9a4fb27", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".claude/hooks/inject-subagent-context.py", "duplicate_line": 50, "correlation_key": "fp|3c805d8d384a59319b0eb0a22b032949ebae7205cca7d8196c4eeaa7a9a4fb27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/session-start.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e49e04d3ee6e5c2823bd5fb1894ddcd232d0b5459ce1ccbaa0728bde0de8ec33", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".claude/hooks/inject-subagent-context.py", "duplicate_line": 49, "correlation_key": "fp|e49e04d3ee6e5c2823bd5fb1894ddcd232d0b5459ce1ccbaa0728bde0de8ec33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/inject-workflow-state.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 9434, "scanner": "repobility-web-presence", "fingerprint": "89ffd5354be7fb359a1693b794c6c8e1c06e479fa75c9ac7b7d7ebbfcc18951c", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|89ffd5354be7fb359a1693b794c6c8e1c06e479fa75c9ac7b7d7ebbfcc18951c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documents/docs/guide/\u8bbe\u5907\u6fc0\u6d3b\u6d41\u7a0b.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 9433, "scanner": "repobility-threat-engine", "fingerprint": "c05a29e45bf9dfc05e5ed909ebdc3c0c56f887ccf333d8463cdd9abf7e667ba1", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|src/utils/audio_utils.py|121|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/audio_utils.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 9429, "scanner": "repobility-threat-engine", "fingerprint": "c9b465e54408769fdcc5213ddc98cb343b793134a255734673e3481bae292afe", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.info(\"Vision service token has been set\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|3|logger.info vision service token has been set"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/camera/normal_camera.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 9428, "scanner": "repobility-threat-engine", "fingerprint": "34f34eca663aab391d7232348217eddc47d7114da0635da322385b92ce38d909", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"  - \u7d22\u5f15: {current_camera_config.get('camera_index', '\u672a\u8bbe\u7f6e')", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|scripts/camera_scanner.py|9|print f - : current_camera_config.get camera_index"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/camera_scanner.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 9426, "scanner": "repobility-threat-engine", "fingerprint": "93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3"}}}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 9430, "scanner": "repobility-threat-engine", "fingerprint": "5f0a16e6aaee63ba760a5c1c38dbb3a8b6ca45a865323fc21db184078aa92ee5", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|319|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/keyword_generator.py"}, "region": {"startLine": 319}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 9427, "scanner": "repobility-threat-engine", "fingerprint": "e6316abcca28d770226d13e3545ea88ae7083cef8e465de1f884c3e366c557ee", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"\u26a0\ufe0f  \u8b66\u544a: tokens\u6587\u4ef6\u4e0d\u5b58\u5728: {self.tokens_file}\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|6|print f : tokens : self.tokens_file"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/keyword_generator.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 9412, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}