{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "QUAL002", "name": "Python mutable default argument", "shortDescription": {"text": "Python mutable default argument"}, "fullDescription": {"text": "def f(x=[]) \u2014 Python gotcha; mutates across calls."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CORS001", "name": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin", "shortDescription": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "fullDescription": {"text": "Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"scanner": "repobility", "category": "auth", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP001", "name": "Crypto \u2014 plaintext HTTP for sensitive endpoint", "shortDescription": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "fullDescription": {"text": "Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "TEST001", "name": "Phantom test coverage \u2014 test files without real assertions", "shortDescription": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "fullDescription": {"text": "Test function that runs code but contains no assert/expect/should \u2014 passes regardless of behaviour."}, "properties": {"scanner": "repobility", "category": "test_quality", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "ERRH001", "name": "Bare except: pass \u2014 silent failure", "shortDescription": {"text": "Bare except: pass \u2014 silent failure"}, "fullDescription": {"text": "except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"scanner": "repobility", "category": "error_handling", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP002", "name": "Crypto \u2014 weak hash or cipher (MD5, SHA1, DES, RC4)", "shortDescription": {"text": "Crypto \u2014 weak hash or cipher (MD5, SHA1, DES, RC4)"}, "fullDescription": {"text": "MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "BINARY_RISK", "name": "[BINARY] scipy: compound risk score 2194 (CVEs: 0, binary findings: 550)", "shortDescription": {"text": "[BINARY] scipy: compound risk score 2194 (CVEs: 0, binary findings: 550)"}, "fullDescription": {"text": "Review binary security profile of scipy \u2014 consider alternatives with lower binary attack surface"}, "properties": {"scanner": "repobility-binary-intel", "category": "dependency", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/285"}, "properties": {"repository": "damionrashford/RivalSearchMCP", "repoUrl": "https://github.com/damionrashford/RivalSearchMCP", "branch": "main"}, "results": [{"ruleId": "QUAL002", "level": "warning", "message": {"text": "Python mutable default argument"}, "properties": {"repobilityId": 21791, "scanner": "repobility", "fingerprint": "d1486beb19e0b5be2535c273d32fb7a2", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def social_search(... = mutable)", "aljefra_cwe": ["CWE-1023"], "aljefra_owasp": null, "aljefra_pattern_slug": "mutable-default-arg"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/social_media.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15787, "scanner": "repobility", "fingerprint": "4934a2a3988586c714ec133c0be1833b", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_validation import _get_allowed_origins", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cors_validation.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15786, "scanner": "repobility", "fingerprint": "283a8e8baabc9dcc9a790f96055f844c", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_validation import _get_allowed_origins", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cors_validation.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13700, "scanner": "repobility", "fingerprint": "67be06bd4f5fbf6edef5bc41dfe292f0", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cors_validation.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13699, "scanner": "repobility", "fingerprint": "b3a6a4f3d46d23ce957e104ba1201dd7", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cors_validation.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13698, "scanner": "repobility", "fingerprint": "36a36ae68b80145b5ebf154dcd059276", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/middleware/cors_validation.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13697, "scanner": "repobility", "fingerprint": "185920a7d226e0c90b89bbfec544449d", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/content.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13696, "scanner": "repobility", "fingerprint": "067a9f35be9932d04325ebccfcb38b6b", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/bypass/proxy.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13695, "scanner": "repobility", "fingerprint": "9b28c3180524830e18a703bbd5e7bd56", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/bypass/proxy.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13694, "scanner": "repobility", "fingerprint": "4490b5a2614495ce86e06c834ce2add5", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/fetch/base.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13693, "scanner": "repobility", "fingerprint": "36dff720c23e7a0b999134ffa7147baa", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/fetch/enhanced.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13692, "scanner": "repobility", "fingerprint": "7143a3295973c455ba0562f46dae99b1", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/scientific/search/providers/arxiv.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13691, "scanner": "repobility", "fingerprint": "10b19a62d2ad209d461452a2378ea068", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/scientific/search/providers/arxiv.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13690, "scanner": "repobility", "fingerprint": "23368e3ea94fb025f7b693cdf16c149d", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/conflict.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 8788, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 8783, "scanner": "repobility-threat-engine", "fingerprint": "f406484063f44db165267349a7fd653b79e4ce0fe1b6abeafc1932aef8452ee7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f406484063f44db165267349a7fd653b79e4ce0fe1b6abeafc1932aef8452ee7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/content/extractors.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 8782, "scanner": "repobility-threat-engine", "fingerprint": "ea9da1250e0f56e25d8850c2f3153e2d17505ebf04370aa7ee98d86f13d4850a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ea9da1250e0f56e25d8850c2f3153e2d17505ebf04370aa7ee98d86f13d4850a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/analysis.py"}, "region": {"startLine": 563}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 8781, "scanner": "repobility-threat-engine", "fingerprint": "3cbf99631c6a7bdfbc72df0e7de15e879e5af70888ddf8f7b786dbe94cfe5874", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3cbf99631c6a7bdfbc72df0e7de15e879e5af70888ddf8f7b786dbe94cfe5874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/traversal.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 8780, "scanner": "repobility-agent-runtime", "fingerprint": "b621c598c19a9d5698d97b13ad4a41732390888192fb5ae559341f49b7b9e9af", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b621c598c19a9d5698d97b13ad4a41732390888192fb5ae559341f49b7b9e9af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 8779, "scanner": "repobility-agent-runtime", "fingerprint": "5d4da79d8796f97a73e587f69687d84b04dcedf8e78f489bb1353c0672bbad2a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5d4da79d8796f97a73e587f69687d84b04dcedf8e78f489bb1353c0672bbad2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8778, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e2d7a723848d88d733e4c26e51426640844d58460cab71988cc21b5e02651363", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/search/engines/bing/bing_engine.py", "duplicate_line": 33, "correlation_key": "fp|e2d7a723848d88d733e4c26e51426640844d58460cab71988cc21b5e02651363"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/search/engines/yahoo/yahoo_engine.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8777, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e957f8638dba036fce44b8df4fe2d312d34fc1d2387a075109204f4676bae938", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/search/engines/bing/bing_engine.py", "duplicate_line": 33, "correlation_key": "fp|e957f8638dba036fce44b8df4fe2d312d34fc1d2387a075109204f4676bae938"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/search/engines/mojeek/mojeek_engine.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8776, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93282e290c65655d86ab524fb93d8a45c82171c90e7e441b561e9730db586b9f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/search/engines/bing/bing_engine.py", "duplicate_line": 33, "correlation_key": "fp|93282e290c65655d86ab524fb93d8a45c82171c90e7e441b561e9730db586b9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/search/engines/duckduckgo/duckduckgo_engine.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8775, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d82c3299d741d94947d87b64346064d5c4aba76e3488bd63571d23cdd0b604a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/scientific/datasets/orchestrator.py", "duplicate_line": 33, "correlation_key": "fp|6d82c3299d741d94947d87b64346064d5c4aba76e3488bd63571d23cdd0b604a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/scientific/search/orchestrator.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8786, "scanner": "repobility-threat-engine", "fingerprint": "8c0fa6e5afbf2594dfc85eefc1facd6789878847a918351159eee0f631465a8b", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|src/utils/headers.py|37|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/headers.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8785, "scanner": "repobility-threat-engine", "fingerprint": "8ef69967d5d347c121774c98798248198eeda5a3e4180f182e5a2cb290468431", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|src/utils/agents.py|48|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/agents.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 8784, "scanner": "repobility-threat-engine", "fingerprint": "4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164"}}}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19083, "scanner": "repobility", "fingerprint": "99ea9eb73efaa9a57180248978b4b803", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_research_agent_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19082, "scanner": "repobility", "fingerprint": "01d746205708e37cfe4ce07ab80941f1", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_document_analysis_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19081, "scanner": "repobility", "fingerprint": "c498aac0fb411373821fa749e87c8335", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_scientific_research_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19080, "scanner": "repobility", "fingerprint": "5a97ef54d75164782de222daf6c87284", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_research_topic_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19079, "scanner": "repobility", "fingerprint": "118f9444c1ae0d76ce6bea8e6a0f1f14", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_map_website_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19078, "scanner": "repobility", "fingerprint": "df20dd05bc0b01c37681f515d1d67a2e", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_content_operations_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19077, "scanner": "repobility", "fingerprint": "8fa5fa091d92e636a9b194197f86f7a4", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_github_search_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19076, "scanner": "repobility", "fingerprint": "c545bd75cf3dfb411ab6cc9db88ebd22", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_news_aggregation_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19075, "scanner": "repobility", "fingerprint": "bc46ec97bb3d2c2c96566b0f49c0ac9f", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_social_search_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19074, "scanner": "repobility", "fingerprint": "b1b71b5b156568dfde17590852962478", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_web_search_params", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/param_test_runner.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19073, "scanner": "repobility", "fingerprint": "09de1281c074654dc9b898e13d2b3b5b", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_proxy", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/bypass/proxy.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17640, "scanner": "repobility", "fingerprint": "7a9b2c17355bce7dc8eda2724f06833f", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/content/extractors.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17639, "scanner": "repobility", "fingerprint": "7f3b27b3d5fa413cce6de050a6e3a589", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/content/extractors.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17638, "scanner": "repobility", "fingerprint": "9351d02c6b056e603369429e526b786b", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/content/extractors.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17637, "scanner": "repobility", "fingerprint": "4a6b7006c3ccf430ffb90bff74a41186", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/content/extractors.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17636, "scanner": "repobility", "fingerprint": "ff5359e50c95397b59c11c1d3feaa469", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/metrics/metrics.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17635, "scanner": "repobility", "fingerprint": "f060f04fef2cd9fb3be20bac6a13e733", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/metrics/metrics.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "CRYP002", "level": "error", "message": {"text": "Crypto \u2014 weak hash or cipher (MD5, SHA1, DES, RC4)"}, "properties": {"repobilityId": 15445, "scanner": "repobility", "fingerprint": "5a84a4c510f2d674f4a4a9a0bf8731e7", "category": "crypto", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "hashlib.md5", "aljefra_cwe": ["CWE-327"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "weak-crypto"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/pagination.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "CRYP002", "level": "error", "message": {"text": "Crypto \u2014 weak hash or cipher (MD5, SHA1, DES, RC4)"}, "properties": {"repobilityId": 15444, "scanner": "repobility", "fingerprint": "d5134e9af7107788fc235fc7b2c89d12", "category": "crypto", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "hashlib.md5", "aljefra_cwe": ["CWE-327"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "weak-crypto"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/pagination.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "CRYP002", "level": "error", "message": {"text": "Crypto \u2014 weak hash or cipher (MD5, SHA1, DES, RC4)"}, "properties": {"repobilityId": 15443, "scanner": "repobility", "fingerprint": "03ce03baaed36beec5031751a77b408c", "category": "crypto", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "hashlib.md5", "aljefra_cwe": ["CWE-327"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "weak-crypto"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/cache/cache_manager.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "CRYP002", "level": "error", "message": {"text": "Crypto \u2014 weak hash or cipher (MD5, SHA1, DES, RC4)"}, "properties": {"repobilityId": 15442, "scanner": "repobility", "fingerprint": "2ad45cf1636500111e156b924652c6d0", "category": "crypto", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "hashlib.md5", "aljefra_cwe": ["CWE-327"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "weak-crypto"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/security/security.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "CRYP002", "level": "error", "message": {"text": "Crypto \u2014 weak hash or cipher (MD5, SHA1, DES, RC4)"}, "properties": {"repobilityId": 15441, "scanner": "repobility", "fingerprint": "9924a26353a597f72ca6f6f4bbadb0a9", "category": "crypto", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "hashlib.md5", "aljefra_cwe": ["CWE-327"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "weak-crypto"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance/performance.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "BINARY_RISK", "level": "error", "message": {"text": "[BINARY] scipy: compound risk score 2194 (CVEs: 0, binary findings: 550)"}, "properties": {"repobilityId": 8787, "scanner": "repobility-binary-intel", "fingerprint": "66d313940bd23341553e486747b824b1ed1a9dc8e7b4a7c27c61a08d40d81d5b", "category": "dependency", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "BINARY_RISK", "scanner": "repobility-binary-intel", "correlation_key": "fp|66d313940bd23341553e486747b824b1ed1a9dc8e7b4a7c27c61a08d40d81d5b"}}}]}]}