{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `train_model` has cognitive complexity 22 (SonarSource scale). Cognitive c", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `train_model` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion a"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 22."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `pandas` has no version pin", "shortDescription": {"text": "requirements.txt: `pandas` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `analyze_market_trend` (list)", "shortDescription": {"text": "Mutable default argument in `analyze_market_trend` (list)"}, "fullDescription": {"text": "`def analyze_market_trend(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "QA002", "name": "[QA002] No CI/CD Configuration: No CI/CD pipeline found. ", "shortDescription": {"text": "[QA002] No CI/CD Configuration: No CI/CD pipeline found. "}, "fullDescription": {"text": "Add GitHub Actions, GitLab CI, or similar."}, "properties": {"scanner": "repobility", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Bare Except with Pass (Python): Silently swallowing all exceptions. ", "shortDescription": {"text": "[ERR001] Bare Except with Pass (Python): Silently swallowing all exceptions. "}, "fullDescription": {"text": "Log the error or handle specific exception types."}, "properties": {"scanner": "repobility", "category": "error_handling", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. ", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. "}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility", "category": "deserialization", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": ""}, "properties": {"scanner": "repobility", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_kronos_predictor_regression", "shortDescription": {"text": "Phantom test coverage: test_kronos_predictor_regression"}, "fullDescription": {"text": "Test function `test_kronos_predictor_regression` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._rotate_half` used but never assigned in __init__", "shortDescription": {"text": "`self._rotate_half` used but never assigned in __init__"}, "fullDescription": {"text": "Method `forward` of class `RotaryPositionalEmbedding` reads `self._rotate_half`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "Possible hardcoded API key found", "shortDescription": {"text": "Possible hardcoded API key found"}, "fullDescription": {"text": ""}, "properties": {"scanner": "repobility", "category": "credential_exposure", "severity": "critical", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/14"}, "properties": {"repository": "shiyu-coder/Kronos", "repoUrl": "https://github.com/shiyu-coder/Kronos.git", "branch": "master"}, "results": [{"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 42129, "scanner": "repobility-threat-engine", "fingerprint": "38fe55c59a7946707da744d4436424ef06304d2eed076a167031495e0dd68920", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|38fe55c59a7946707da744d4436424ef06304d2eed076a167031495e0dd68920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/run.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 42123, "scanner": "repobility-threat-engine", "fingerprint": "1e76886b423592d7b4b5bd1268bcf6505336afaf681a8d8a562cc748895509d6", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|finetune/dataset.py|42|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/dataset.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `train_model` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=3, if=6, nested_bonus=12, ternary=1."}, "properties": {"repobilityId": 42121, "scanner": "repobility-threat-engine", "fingerprint": "93697a4b3c2eece828b0ad4ad173aced754b617d7577463d6d20fe9c2ac874aa", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 22 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "train_model", "breakdown": {"if": 6, "for": 3, "ternary": 1, "nested_bonus": 12}, "complexity": 22, "correlation_key": "fp|93697a4b3c2eece828b0ad4ad173aced754b617d7577463d6d20fe9c2ac874aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/train_predictor.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `pandas` has no version pin"}, "properties": {"repobilityId": 42115, "scanner": "repobility-supply-chain", "fingerprint": "7c8d75a759b6131e6741a12af5322025586f3b4609d85aac6b12b746dd00c02d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c8d75a759b6131e6741a12af5322025586f3b4609d85aac6b12b746dd00c02d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `numpy` has no version pin"}, "properties": {"repobilityId": 42114, "scanner": "repobility-supply-chain", "fingerprint": "f7424e07eba23fca60613649671dd6f23017bb8fc03a9056593610aa048ff0e5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7424e07eba23fca60613649671dd6f23017bb8fc03a9056593610aa048ff0e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42112, "scanner": "repobility-ast-engine", "fingerprint": "6a5ec93dd31ed18d996ad597eb720d2311aebbe6b0086870694f30159d79ddfd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a5ec93dd31ed18d996ad597eb720d2311aebbe6b0086870694f30159d79ddfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_date_new.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42111, "scanner": "repobility-ast-engine", "fingerprint": "33774d59893ee19cf85c04a1b7697ed758450b3c729c5e870cab33226858e86d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33774d59893ee19cf85c04a1b7697ed758450b3c729c5e870cab33226858e86d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_date_new.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42110, "scanner": "repobility-ast-engine", "fingerprint": "ff273961526ad5bebbe4ab9574d897debe9435d0a27db858e749115e0b80bd25", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff273961526ad5bebbe4ab9574d897debe9435d0a27db858e749115e0b80bd25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_akshare_2024-2025.py"}, "region": {"startLine": 504}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42109, "scanner": "repobility-ast-engine", "fingerprint": "4b7af5584b91df7257b5a84b66e532f52ddd9c12b32ab00273618b68e3857cd5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b7af5584b91df7257b5a84b66e532f52ddd9c12b32ab00273618b68e3857cd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 1172}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42108, "scanner": "repobility-ast-engine", "fingerprint": "2e50f438370e9cd2cb52cfb35694c4eeed066edc0235558ca688aa01995a4d8a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e50f438370e9cd2cb52cfb35694c4eeed066edc0235558ca688aa01995a4d8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 647}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42107, "scanner": "repobility-ast-engine", "fingerprint": "857c2966a2ad969f5b6e2ed548738299933d7c52656b044f57ce774f0138c8ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|857c2966a2ad969f5b6e2ed548738299933d7c52656b044f57ce774f0138c8ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 596}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42106, "scanner": "repobility-ast-engine", "fingerprint": "02329dd45cb33f5df12e8bacd0767176157f9e93df1540ab138bb5af559166bb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02329dd45cb33f5df12e8bacd0767176157f9e93df1540ab138bb5af559166bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 543}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42105, "scanner": "repobility-ast-engine", "fingerprint": "e9482a19139fd77d36238bf28d0d47f7a077e1f50bb8fc1be07d1ca90c65934c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9482a19139fd77d36238bf28d0d47f7a077e1f50bb8fc1be07d1ca90c65934c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 472}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42104, "scanner": "repobility-ast-engine", "fingerprint": "0a1258c7437545e6841b6490fd6bb4136c63663902bdcf44f96e2019b1e85f7e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a1258c7437545e6841b6490fd6bb4136c63663902bdcf44f96e2019b1e85f7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 1295}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42103, "scanner": "repobility-ast-engine", "fingerprint": "8961ca592da67bb58281ed5e0c55d650b8b12157c4f0b98532808c3d40ec3149", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8961ca592da67bb58281ed5e0c55d650b8b12157c4f0b98532808c3d40ec3149"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `analyze_market_trend` (list)"}, "properties": {"repobilityId": 42102, "scanner": "repobility-ast-engine", "fingerprint": "9c7cb2a597afb3949b6e48d53c15a5fe229cb33bd57b9d02173c98350a61f60f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c7cb2a597afb3949b6e48d53c15a5fe229cb33bd57b9d02173c98350a61f60f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 394}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42101, "scanner": "repobility-ast-engine", "fingerprint": "ae7f3ee724785fe17d7fedd4bdc80ff22ef4e575c9280f3123c2ee6803891467", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae7f3ee724785fe17d7fedd4bdc80ff22ef4e575c9280f3123c2ee6803891467"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 1176}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42100, "scanner": "repobility-ast-engine", "fingerprint": "f64db33e7eec94d816fca8b85f975cc1db21e90acbfa2aa17d963e5a946df53d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f64db33e7eec94d816fca8b85f975cc1db21e90acbfa2aa17d963e5a946df53d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 942}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42099, "scanner": "repobility-ast-engine", "fingerprint": "f16bccdc0efe4790a704ed5ff9c9ddaeeedddc3726cd67dc4ba506f8adaf0217", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f16bccdc0efe4790a704ed5ff9c9ddaeeedddc3726cd67dc4ba506f8adaf0217"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 891}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42098, "scanner": "repobility-ast-engine", "fingerprint": "529283e0abfac537d14d685646c68451f0d288a1868b6d3b119eb6549eba3603", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|529283e0abfac537d14d685646c68451f0d288a1868b6d3b119eb6549eba3603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 838}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42097, "scanner": "repobility-ast-engine", "fingerprint": "dc9beddc8343d43d641a7d76bbb146aa2684abe607f331a4e7d7a62d107ea9f1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc9beddc8343d43d641a7d76bbb146aa2684abe607f331a4e7d7a62d107ea9f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 767}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42096, "scanner": "repobility-ast-engine", "fingerprint": "983a27f7971c99f58db4c989f02550adebf2d77a1493b93827e72af9b32596d9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|983a27f7971c99f58db4c989f02550adebf2d77a1493b93827e72af9b32596d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42095, "scanner": "repobility-ast-engine", "fingerprint": "183d76a4be5a42fdb6245a2c909e8778ca29c566e131b760242ff2155a85fa3f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|183d76a4be5a42fdb6245a2c909e8778ca29c566e131b760242ff2155a85fa3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 1611}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42094, "scanner": "repobility-ast-engine", "fingerprint": "15dd5d96f9f27f0a587c33134c9786126db3e8fe7adc7384a89fe0b974c13eda", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|15dd5d96f9f27f0a587c33134c9786126db3e8fe7adc7384a89fe0b974c13eda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 1319}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42093, "scanner": "repobility-ast-engine", "fingerprint": "e582d3d7329e01e03024d43481088602e11b66f2b5db02641ff02ead383e8593", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e582d3d7329e01e03024d43481088602e11b66f2b5db02641ff02ead383e8593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 386}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `analyze_market_trend` (list)"}, "properties": {"repobilityId": 42092, "scanner": "repobility-ast-engine", "fingerprint": "ca223c382230544516cee61400d3f960e13f41a6767e79b62ad25d7f38d5cfe7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca223c382230544516cee61400d3f960e13f41a6767e79b62ad25d7f38d5cfe7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 689}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42091, "scanner": "repobility-ast-engine", "fingerprint": "2b9b46a5b8ffc2b1a7a05448d02e753185d5bf65c87235217f95069f8e3c2d50", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b9b46a5b8ffc2b1a7a05448d02e753185d5bf65c87235217f95069f8e3c2d50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_cn_markets_day.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42090, "scanner": "repobility-ast-engine", "fingerprint": "02ee4582bc168dedb4a81a80dee99db31a17b53b0fc2d9ee3b9af053326b98b1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02ee4582bc168dedb4a81a80dee99db31a17b53b0fc2d9ee3b9af053326b98b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_akshare_date_2024-2025_x.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42089, "scanner": "repobility-ast-engine", "fingerprint": "fad1c992b792dd0e37954cab42799d059c7c3e1c1e6ef745e871012b571e59fb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fad1c992b792dd0e37954cab42799d059c7c3e1c1e6ef745e871012b571e59fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_akshare_date_2024-2025_x.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42088, "scanner": "repobility-ast-engine", "fingerprint": "7430c37c8d2934533699fa3d14ff5d12c011668ec48218d3b2c845fc92a3b409", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7430c37c8d2934533699fa3d14ff5d12c011668ec48218d3b2c845fc92a3b409"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_akshare_date_2024-2025_x.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42087, "scanner": "repobility-ast-engine", "fingerprint": "95e037285115d9aed4027754187a8a8666bb876b553e1d52734d4cf2d790ae91", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95e037285115d9aed4027754187a8a8666bb876b553e1d52734d4cf2d790ae91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_akshare_date_2024-2025_x.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42086, "scanner": "repobility-ast-engine", "fingerprint": "224bccafd669a2653609020bac4690b864a60f4407c12bddfd28c93082cb05f0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|224bccafd669a2653609020bac4690b864a60f4407c12bddfd28c93082cb05f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/run_backtest_kronos.py"}, "region": {"startLine": 408}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3479, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e7e3b567c68acebaeb43d4cdbd93a2564d43e14992b3e19f56100d2bc6ad22a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/run_backtest_kronos.py", "duplicate_line": 30, "correlation_key": "fp|9e7e3b567c68acebaeb43d4cdbd93a2564d43e14992b3e19f56100d2bc6ad22a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/yuce/historical_backtest.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3478, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dfcd21678a334981a56337bccfb311c165991a19d82cdfc9ec525468c005e8d3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/prediction_example.py", "duplicate_line": 39, "correlation_key": "fp|dfcd21678a334981a56337bccfb311c165991a19d82cdfc9ec525468c005e8d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_wo_vol_example.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3477, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32f161c58436ed5a6a3cf82e86a48cf3079feda41c623ae72201a5e30a10623a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/prediction_batch_example.py", "duplicate_line": 1, "correlation_key": "fp|32f161c58436ed5a6a3cf82e86a48cf3079feda41c623ae72201a5e30a10623a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_example.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3476, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b53adc1ce4dd50e6b04dae6ec5ee00485af9be2070086e5570e3cc1c7efe44e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "examples/get_date_new.py", "duplicate_line": 3, "correlation_key": "fp|8b53adc1ce4dd50e6b04dae6ec5ee00485af9be2070086e5570e3cc1c7efe44e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_akshare_date_2024-2025_x.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 3475, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce8fcd9175c8dfbb4d179e09d5438a482d8ce009192aa60684bca7c78cc51490", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "new", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|ce8fcd9175c8dfbb4d179e09d5438a482d8ce009192aa60684bca7c78cc51490"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_date_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 2152, "scanner": "repobility-threat-engine", "fingerprint": "6511399755c761d8afedebc0f0b140ff8936aabe3378c63aca246cedb6665916", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "fixed", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: documentation/example path]", "evidence": {"match": "except:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6511399755c761d8afedebc0f0b140ff8936aabe3378c63aca246cedb6665916"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 493}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 2151, "scanner": "repobility-threat-engine", "fingerprint": "15bafd9d52730c56cea536e26c705720dc119e63f70c4b751bb6b124a86a1fc7", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "fixed", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: documentation/example path]", "evidence": {"match": "except:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|15bafd9d52730c56cea536e26c705720dc119e63f70c4b751bb6b124a86a1fc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 788}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 2143, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "QA002", "level": "warning", "message": {"text": "[QA002] No CI/CD Configuration: No CI/CD pipeline found. "}, "properties": {"repobilityId": 713, "scanner": "repobility", "fingerprint": "2238022b77622860509efa659569f0e903e6fc75797e3b94fa65deda8af1924c", "category": "practices", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Bare Except with Pass (Python): Silently swallowing all exceptions. "}, "properties": {"repobilityId": 712, "scanner": "repobility", "fingerprint": "f810c97f263637f0b2e0d5d9b8ab9a9b86e854fbcfd6f433b4485eb3c877c6b3", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune_csv/train_sequential.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. "}, "properties": {"repobilityId": 711, "scanner": "repobility", "fingerprint": "0936eee0aad5b7f6096ca9316b71abddfa7346ba525e403637df4c56531cef76", "category": "deserialization", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/dataset.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. "}, "properties": {"repobilityId": 710, "scanner": "repobility", "fingerprint": "13a69de934a484e5eb8c8157512e9559f589f03b46bafe817980ff36d380d23c", "category": "deserialization", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/qlib_test.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 709, "scanner": "repobility", "fingerprint": "a32c1a70db101787faa12d0b464c454fac4eda94d9635330c0aafab94ad0025f", "category": "practices", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=2, if=3, nested_bonus=3."}, "properties": {"repobilityId": 42120, "scanner": "repobility-threat-engine", "fingerprint": "95e88567d9e4ab5f0cfcb9db0aad5cd7a9d7b7ee10f1571e3842f76c1efac162", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__init__", "breakdown": {"if": 3, "for": 2, "else": 1, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|95e88567d9e4ab5f0cfcb9db0aad5cd7a9d7b7ee10f1571e3842f76c1efac162"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/dataset.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `load_data` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, except=1, for=2, if=4, nested_bonus=2."}, "properties": {"repobilityId": 42119, "scanner": "repobility-threat-engine", "fingerprint": "3c5c4c1feebd8a65eace9c6c5c2e18c525a69073df574d9eb40cdc5a6e34fd83", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "load_data", "breakdown": {"if": 4, "for": 2, "break": 1, "except": 1, "nested_bonus": 2}, "complexity": 10, "correlation_key": "fp|3c5c4c1feebd8a65eace9c6c5c2e18c525a69073df574d9eb40cdc5a6e34fd83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_cn_markets_day.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 3485, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e2e1da4d513a6a464c3e5c7d1915a9f5bdfd75184175bf086a002bd81b3b7613", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "get_stock_data_with_retry_all_history", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "examples/prediction_new.py", "correlation_key": "fp|e2e1da4d513a6a464c3e5c7d1915a9f5bdfd75184175bf086a002bd81b3b7613"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_date_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 3484, "scanner": "repobility-ai-code-hygiene", "fingerprint": "efb6c834fef6384794158a3d8abe558300e457fb5dc152210cf49db2275d17f0", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "calculate_enhanced_adjustment_factor", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "examples/prediction_new_GUI.py", "correlation_key": "fp|efb6c834fef6384794158a3d8abe558300e457fb5dc152210cf49db2275d17f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3483, "scanner": "repobility-ai-code-hygiene", "fingerprint": "522583929c08b2eca3cc8844914a38e306641944cf696cff8b65b96a83be9136", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "finetune_csv/finetune_base_model.py", "duplicate_line": 339, "correlation_key": "fp|522583929c08b2eca3cc8844914a38e306641944cf696cff8b65b96a83be9136"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune_csv/train_sequential.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3482, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29c083710d3df0c47782252b81aae957b8d3c4881d8db3a35608e9a2c6a7b0bd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "finetune_csv/finetune_tokenizer.py", "duplicate_line": 249, "correlation_key": "fp|29c083710d3df0c47782252b81aae957b8d3c4881d8db3a35608e9a2c6a7b0bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune_csv/train_sequential.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3481, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5ecd3cdaa2486e29b0d6a8cc3ec2e184325e54245c6136e298cd5a29f0b0d02", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "finetune_csv/finetune_base_model.py", "duplicate_line": 110, "correlation_key": "fp|e5ecd3cdaa2486e29b0d6a8cc3ec2e184325e54245c6136e298cd5a29f0b0d02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune_csv/finetune_tokenizer.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3480, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51c096569ad3d9d8f042c39e251bc078005d2288714250aef4915b47fb6d8dc5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "finetune/train_predictor.py", "duplicate_line": 144, "correlation_key": "fp|51c096569ad3d9d8f042c39e251bc078005d2288714250aef4915b47fb6d8dc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/train_tokenizer.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 3474, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b315cb6f76bf7e108d1a0fdf2d642db1fd33fd5e829f6c49fdc65023efe8a55", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2b315cb6f76bf7e108d1a0fdf2d642db1fd33fd5e829f6c49fdc65023efe8a55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 3473, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2240d8068a883e3e34dd7913760289e75bce4aa996ae7e57ee9852f87923d404", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2240d8068a883e3e34dd7913760289e75bce4aa996ae7e57ee9852f87923d404"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_date_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 42131, "scanner": "repobility-threat-engine", "fingerprint": "119d7e58252db56d7dce97f850466541c88d8320e7e3d44fedc00ee497f2cdcd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|119d7e58252db56d7dce97f850466541c88d8320e7e3d44fedc00ee497f2cdcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/run.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 42130, "scanner": "repobility-threat-engine", "fingerprint": "e8d7daf08b7ebc66c287c7d8f3699bc9b6107251a59683c90a6378d4db7a4e8f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8d7daf08b7ebc66c287c7d8f3699bc9b6107251a59683c90a6378d4db7a4e8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/run.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 42128, "scanner": "repobility-threat-engine", "fingerprint": "900749dbb765b7b4f829c49794c39499c424f222585ab746ee2c1e6f492a36b8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|900749dbb765b7b4f829c49794c39499c424f222585ab746ee2c1e6f492a36b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/__init__.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 42127, "scanner": "repobility-threat-engine", "fingerprint": "ea2e387354b515d63112400559da68c75571ba2ba103080a0cb1ef0b292a451d", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|finetune/train_tokenizer.py|174|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/train_tokenizer.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 42126, "scanner": "repobility-threat-engine", "fingerprint": "df3cb34872fbce3a49b42120bdcd78612fc702103498e7e411d2a1f894cdfd5d", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|finetune/train_predictor.py|135|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/train_predictor.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 42122, "scanner": "repobility-threat-engine", "fingerprint": "ffacc44acd0408185fc3827739658544dd0204c83ccb78694e2ced81539c2c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "load_data", "breakdown": {"if": 4, "for": 2, "break": 1, "except": 1, "nested_bonus": 2}, "aggregated": true, "complexity": 10, "correlation_key": "fp|ffacc44acd0408185fc3827739658544dd0204c83ccb78694e2ced81539c2c58", "aggregated_count": 3}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 42118, "scanner": "repobility-threat-engine", "fingerprint": "b6b13ec83871d7156cc8a848a1453ef52bc7c7b264df04af82be8624e901e01b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b6b13ec83871d7156cc8a848a1453ef52bc7c7b264df04af82be8624e901e01b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune_csv/config_loader.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 42117, "scanner": "repobility-threat-engine", "fingerprint": "21eb2ba9691fb80b682cd3bb6dc7f35d0583782d595e239efd2eb1988b768159", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|21eb2ba9691fb80b682cd3bb6dc7f35d0583782d595e239efd2eb1988b768159"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_cn_markets_day.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 42116, "scanner": "repobility-threat-engine", "fingerprint": "b5568a02b4e7a9bae0a13298159d679217ad4be10eee27d54651e740a03ba0e9", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(f\"Tokenizer training epochs: {self.tokenizer_epochs}\")", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|25|print f tokenizer training epochs: self.tokenizer_epochs"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune_csv/config_loader.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 3486, "scanner": "repobility-threat-engine", "fingerprint": "41649093ff1812751843be6c14ad08d74b34149a6b7ae3f362b190465a8e2ce5", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.log_metric('train_tokenizer_loss_batch', avg_loss, step=batch_idx_global_train)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|finetune/train_tokenizer.py|16|logger.log_metric train_tokenizer_loss_batch avg_loss step batch_idx_global_train"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/train_tokenizer.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 2150, "scanner": "repobility-threat-engine", "fingerprint": "501876d43fbaf15c6d4055194dcce53c187c4dbbef78a664b67e46162788cb51", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|501876d43fbaf15c6d4055194dcce53c187c4dbbef78a664b67e46162788cb51"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 2149, "scanner": "repobility-threat-engine", "fingerprint": "1985751ec8df13b23b4b36dceca28f947db33b5f52cd355d2aec67200db5bc81", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Legacy SEC020 finding reclassified by non-secret token context", "evidence": {"match": "print(f\"Tokenizer model exists: {tokenizer_exists}\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune_csv/train_sequential.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 2148, "scanner": "repobility-threat-engine", "fingerprint": "de8dccc167548b859bbfebcec659d41779b97b97fb7aa5ff426efba35439bf67", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(\"pre_trained_tokenizer=False, randomly initializing Tokenizer architecture for training\")", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|39|print pre_trained_tokenizer false randomly initializing tokenizer architecture for training"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune_csv/finetune_base_model.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 2147, "scanner": "repobility-threat-engine", "fingerprint": "9a33c4d3c0394c21ea8fea14e2db2ee84a7af78fa40ee121e90776e2a335f388", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(f\"\ud83d\ude80 Loading Kronos tokenizer:{TOKENIZER_PRETRAINED} model:{MODEL_PRETRAINED} ...\")", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|15|print f loading kronos tokenizer: tokenizer_pretrained model: model_pretrained ..."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_cn_markets_day.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 2146, "scanner": "repobility-threat-engine", "fingerprint": "2e21686cd5e785196ef468e4bbcaaa25f3c1fbd57b160d4398bb0d78b219fcc2", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|examples/get_date_new.py|51|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_date_new.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 2145, "scanner": "repobility-threat-engine", "fingerprint": "795071f2c1a71a0623466af558bed35494a5765f966015efbe91f52c9c097d27", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|1129|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/prediction_new_GUI.py"}, "region": {"startLine": 1129}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 2144, "scanner": "repobility-threat-engine", "fingerprint": "8ae19c2b8d84410582463572c6959f1cd279bbff752ef8fc966dd6101695b1c3", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|58|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/get_akshare_date_2024-2025_x.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_kronos_predictor_regression"}, "properties": {"repobilityId": 42113, "scanner": "repobility-ast-engine", "fingerprint": "23ba28b6452145fc33bf95fec0f503e85305f7ad904cb6b6048ee6c890a1a2cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23ba28b6452145fc33bf95fec0f503e85305f7ad904cb6b6048ee6c890a1a2cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_kronos_regression.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rotate_half` used but never assigned in __init__"}, "properties": {"repobilityId": 42085, "scanner": "repobility-ast-engine", "fingerprint": "8f18c08cdf0ec5fc5f6a5dcb5c7c23393e97efa5e0cf0df9a0c2444003ab9487", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f18c08cdf0ec5fc5f6a5dcb5c7c23393e97efa5e0cf0df9a0c2444003ab9487"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rotate_half` used but never assigned in __init__"}, "properties": {"repobilityId": 42084, "scanner": "repobility-ast-engine", "fingerprint": "2d20e9fc6cbe660e13394c299850de7af1c51e058b4b389b7d709a85b2ffecce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d20e9fc6cbe660e13394c299850de7af1c51e058b4b389b7d709a85b2ffecce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 306}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._update_cos_sin_cache` used but never assigned in __init__"}, "properties": {"repobilityId": 42083, "scanner": "repobility-ast-engine", "fingerprint": "1238298a1797943261b2e6a47734f8a0ad954b66cfdf31eaacd785cba035e4e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1238298a1797943261b2e6a47734f8a0ad954b66cfdf31eaacd785cba035e4e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.inv_freq` used but never assigned in __init__"}, "properties": {"repobilityId": 42082, "scanner": "repobility-ast-engine", "fingerprint": "f3aebcd38e4bbd76b9faa389065f7e851e6e606790ebc563b95e9dd40c54bc8c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3aebcd38e4bbd76b9faa389065f7e851e6e606790ebc563b95e9dd40c54bc8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 297}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.inv_freq` used but never assigned in __init__"}, "properties": {"repobilityId": 42081, "scanner": "repobility-ast-engine", "fingerprint": "89845ef590bb0111b66727f7442dd6e26f9d79e364c05caa9f3a985976b5da90", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89845ef590bb0111b66727f7442dd6e26f9d79e364c05caa9f3a985976b5da90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 296}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._norm` used but never assigned in __init__"}, "properties": {"repobilityId": 42080, "scanner": "repobility-ast-engine", "fingerprint": "5e0771bdeecc93b1ec3c6ee46e9dac179af3ec1b11af6513082427ee7909e256", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e0771bdeecc93b1ec3c6ee46e9dac179af3ec1b11af6513082427ee7909e256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.bits_to_indices` used but never assigned in __init__"}, "properties": {"repobilityId": 42079, "scanner": "repobility-ast-engine", "fingerprint": "8527d50055b6883c9b7462848b65d90cfc834896776e6bd3202c4c13ef775768", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8527d50055b6883c9b7462848b65d90cfc834896776e6bd3202c4c13ef775768"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.bits_to_indices` used but never assigned in __init__"}, "properties": {"repobilityId": 42078, "scanner": "repobility-ast-engine", "fingerprint": "10a2f21a260b26b9884d3627aae4b61d7d180f5d6c37d4531253189b5bb59d42", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10a2f21a260b26b9884d3627aae4b61d7d180f5d6c37d4531253189b5bb59d42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 253}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.indexes_to_codes` used but never assigned in __init__"}, "properties": {"repobilityId": 42077, "scanner": "repobility-ast-engine", "fingerprint": "f1ab2d0f527ccde93145bd9549f19dadd9e1c7f12ee0303fbf1008af16cf24dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f1ab2d0f527ccde93145bd9549f19dadd9e1c7f12ee0303fbf1008af16cf24dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.group_indexes_to_codes` used but never assigned in __init__"}, "properties": {"repobilityId": 42076, "scanner": "repobility-ast-engine", "fingerprint": "06ec1afb3f5dbe8279befb1742410d49fd1061de0a5b49abee6698c53ea28d86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|06ec1afb3f5dbe8279befb1742410d49fd1061de0a5b49abee6698c53ea28d86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.group_basis` used but never assigned in __init__"}, "properties": {"repobilityId": 42075, "scanner": "repobility-ast-engine", "fingerprint": "0ce808e69f940a635dc0aec71557cf98c8c03ecbddd9af971517845ed8489841", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ce808e69f940a635dc0aec71557cf98c8c03ecbddd9af971517845ed8489841"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.basis` used but never assigned in __init__"}, "properties": {"repobilityId": 42074, "scanner": "repobility-ast-engine", "fingerprint": "3a3bc8fc8a9d52f515583992a18a37a5701eec58c46912688ad3d02acdd62ece", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a3bc8fc8a9d52f515583992a18a37a5701eec58c46912688ad3d02acdd62ece"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.group_basis` used but never assigned in __init__"}, "properties": {"repobilityId": 42073, "scanner": "repobility-ast-engine", "fingerprint": "a9081eee04819876ce7fe81f0fc1c432b7ce64215b2f01dfa4b359b05481a1bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a9081eee04819876ce7fe81f0fc1c432b7ce64215b2f01dfa4b359b05481a1bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.basis` used but never assigned in __init__"}, "properties": {"repobilityId": 42072, "scanner": "repobility-ast-engine", "fingerprint": "27cdd6ae7e7fd82e4be3c102c45634f6ef863c87a88e66f8f156f08786aae6d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27cdd6ae7e7fd82e4be3c102c45634f6ef863c87a88e66f8f156f08786aae6d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_entropy` used but never assigned in __init__"}, "properties": {"repobilityId": 42071, "scanner": "repobility-ast-engine", "fingerprint": "3eb1cff7ec4a2d04173d4de7ec12b970742bd6daeac939cf24210d12a3a1b896", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3eb1cff7ec4a2d04173d4de7ec12b970742bd6daeac939cf24210d12a3a1b896"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_entropy` used but never assigned in __init__"}, "properties": {"repobilityId": 42070, "scanner": "repobility-ast-engine", "fingerprint": "6305acb7b89a7b37c28693c4803e67fa98e6c96709e2ebb00c605e090fb17232", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6305acb7b89a7b37c28693c4803e67fa98e6c96709e2ebb00c605e090fb17232"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_entropy` used but never assigned in __init__"}, "properties": {"repobilityId": 42069, "scanner": "repobility-ast-engine", "fingerprint": "e330cff7500f37eae05e64ffcd275c1bd500ad71f1b5d3573c4eb49c80ccdd1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e330cff7500f37eae05e64ffcd275c1bd500ad71f1b5d3573c4eb49c80ccdd1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.group_codebook` used but never assigned in __init__"}, "properties": {"repobilityId": 42068, "scanner": "repobility-ast-engine", "fingerprint": "6e1f8dae78a25e58ef00a2a2ae23fcc449b890cabd476e7068275d81019383e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e1f8dae78a25e58ef00a2a2ae23fcc449b890cabd476e7068275d81019383e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.basis` used but never assigned in __init__"}, "properties": {"repobilityId": 42067, "scanner": "repobility-ast-engine", "fingerprint": "283e11fd62aad47c6c4bc52a8ea6ae9fc22be5b353d860174962c22a7b598758", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|283e11fd62aad47c6c4bc52a8ea6ae9fc22be5b353d860174962c22a7b598758"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_hard_per_sample_entropy` used but never assigned in __init__"}, "properties": {"repobilityId": 42066, "scanner": "repobility-ast-engine", "fingerprint": "a2e53005850ccb39ae1d094a804f42463cc60739cf87be20579dfdce6223c910", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2e53005850ccb39ae1d094a804f42463cc60739cf87be20579dfdce6223c910"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.soft_entropy_loss` used but never assigned in __init__"}, "properties": {"repobilityId": 42065, "scanner": "repobility-ast-engine", "fingerprint": "f11588419b8c6a94c4bc9262db66b699011ab01114a261d9023595ab5f41e1f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f11588419b8c6a94c4bc9262db66b699011ab01114a261d9023595ab5f41e1f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.training` used but never assigned in __init__"}, "properties": {"repobilityId": 42064, "scanner": "repobility-ast-engine", "fingerprint": "b236e15394dce645662f2f2f661af42dac277fd4565673fa2cf8fc4e5526ec5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b236e15394dce645662f2f2f661af42dac277fd4565673fa2cf8fc4e5526ec5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.codes_to_group_indexes` used but never assigned in __init__"}, "properties": {"repobilityId": 42063, "scanner": "repobility-ast-engine", "fingerprint": "1b0222b40e50aeeaeb095f99328c30ebd1f88458efb27f9e9761dab91e265d26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b0222b40e50aeeaeb095f99328c30ebd1f88458efb27f9e9761dab91e265d26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.codes_to_indexes` used but never assigned in __init__"}, "properties": {"repobilityId": 42062, "scanner": "repobility-ast-engine", "fingerprint": "af41b5526e1acf94c1f0802e325319e6fbd8faf5ff31398a6794c8eaf64a2c07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af41b5526e1acf94c1f0802e325319e6fbd8faf5ff31398a6794c8eaf64a2c07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.quantize` used but never assigned in __init__"}, "properties": {"repobilityId": 42061, "scanner": "repobility-ast-engine", "fingerprint": "c9607685e985a0780f5ccccae51212d8d72895c901eb954bb615a6cdb2cbaaf3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9607685e985a0780f5ccccae51212d8d72895c901eb954bb615a6cdb2cbaaf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "model/module.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 42125, "scanner": "repobility-threat-engine", "fingerprint": "94bb5a19739f43abd3d48b58ac263d1b457e765637eea5be759bd54a5ec7d621", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94bb5a19739f43abd3d48b58ac263d1b457e765637eea5be759bd54a5ec7d621"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/dataset.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 42124, "scanner": "repobility-threat-engine", "fingerprint": "74547f6ca76fd7310ebd01d4509cb3bbaed650637a3cfe6854083a5c2ca9773d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|74547f6ca76fd7310ebd01d4509cb3bbaed650637a3cfe6854083a5c2ca9773d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/dataset.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 708, "scanner": "repobility", "fingerprint": "50428d3943db4a64c2529a2f0ef280f7cdcee75ea6e44c76b1d7dc23169ee9a2", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/train_tokenizer.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 707, "scanner": "repobility", "fingerprint": "bfa3297b2d5110fb4853f52a3020d2444ced82ad14392dd3ae4c584b18d29bff", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/train_predictor.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 706, "scanner": "repobility", "fingerprint": "846cacfbc0d0e4bce4e26fa4d374a212421a130be1f1621ece8e6e3dd1775e08", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetune/config.py"}, "region": {"startLine": 1}}}]}]}]}