{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 19 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 19."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `lxml` has no version pin", "shortDescription": {"text": "requirements.txt: `lxml` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED077] Python Open No Context (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `stefanzweifel/git-auto-commit-action` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `stefanzweifel/git-auto-commit-action` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: stefanzweifel/git-auto-commit-action@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.praseHTML` used but never assigned in __init__", "shortDescription": {"text": "`self.praseHTML` used but never assigned in __init__"}, "fullDescription": {"text": "Method `run` of class `UrlScaner` reads `self.praseHTML`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1180"}, "properties": {"repository": "nthack/Shadowrocket-ADBlock-Rules-Easy", "repoUrl": "https://github.com/nthack/Shadowrocket-ADBlock-Rules-Easy", "branch": "master"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 118429, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, else=1, except=2, if=4, nested_bonus=7, or=1, while=1."}, "properties": {"repobilityId": 118425, "scanner": "repobility-threat-engine", "fingerprint": "71dfa7b914537a2722ad07eae52d881938fa6ceb1a8206e8f1f4ca3436eb13b5", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 19 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run", "breakdown": {"if": 4, "or": 1, "else": 1, "while": 1, "except": 2, "continue": 3, "nested_bonus": 7}, "complexity": 19, "correlation_key": "fp|71dfa7b914537a2722ad07eae52d881938fa6ceb1a8206e8f1f4ca3436eb13b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `getRulesStringFromFile` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=1, for=1, if=4, nested_bonus=9."}, "properties": {"repobilityId": 118424, "scanner": "repobility-threat-engine", "fingerprint": "d725dba5f06005c2099404b947e93b7fa4d89e897ecc69f3dea4b0d3427cf0d7", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "getRulesStringFromFile", "breakdown": {"if": 4, "for": 1, "elif": 1, "else": 1, "continue": 1, "nested_bonus": 9}, "complexity": 17, "correlation_key": "fp|d725dba5f06005c2099404b947e93b7fa4d89e897ecc69f3dea4b0d3427cf0d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/build_confs.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `getRulesStringFromFile` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=1, for=1, if=4, nested_bonus=9."}, "properties": {"repobilityId": 118423, "scanner": "repobility-threat-engine", "fingerprint": "64847ac644d289ce123a23884bcd2afba041642dd442ba82a2c4ea2d771a1b0c", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "getRulesStringFromFile", "breakdown": {"if": 4, "for": 1, "elif": 1, "else": 1, "continue": 1, "nested_bonus": 9}, "complexity": 17, "correlation_key": "fp|64847ac644d289ce123a23884bcd2afba041642dd442ba82a2c4ea2d771a1b0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/build_confs.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 118421, "scanner": "repobility-threat-engine", "fingerprint": "6b8ed095520f6751bd62bdcff0761dc36e1647766b648ef585bec72d8fee63c7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6b8ed095520f6751bd62bdcff0761dc36e1647766b648ef585bec72d8fee63c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/ad.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 118420, "scanner": "repobility-threat-engine", "fingerprint": "6b930848520ae58f24e83cdc64f0e9ef957aabc1f448601ee6e7df227b905277", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6b930848520ae58f24e83cdc64f0e9ef957aabc1f448601ee6e7df227b905277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/ad.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `lxml` has no version pin"}, "properties": {"repobilityId": 118395, "scanner": "repobility-supply-chain", "fingerprint": "0c6d7b04dae0442e104c106e5123bf670957fd3dbc0b3fbbbfcabb6875186ead", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c6d7b04dae0442e104c106e5123bf670957fd3dbc0b3fbbbfcabb6875186ead"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `requests` has no version pin"}, "properties": {"repobilityId": 118394, "scanner": "repobility-supply-chain", "fingerprint": "501fa3ba4111f4c1046e0d91b85c2c60666cba24fe5f35d15a28a3be3ee1f9b5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|501fa3ba4111f4c1046e0d91b85c2c60666cba24fe5f35d15a28a3be3ee1f9b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `beautifulsoup4` has no version pin"}, "properties": {"repobilityId": 118393, "scanner": "repobility-supply-chain", "fingerprint": "9bdf1cb2c7424fb5dd7cdab9968e8439029418a85faa6bc27ab5c5a9404ce6bb", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9bdf1cb2c7424fb5dd7cdab9968e8439029418a85faa6bc27ab5c5a9404ce6bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `configparser` has no version pin"}, "properties": {"repobilityId": 118392, "scanner": "repobility-supply-chain", "fingerprint": "edb485f764919c2dee5652e93e0f0a89f0b18b09de883223e885c924dd04925e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|edb485f764919c2dee5652e93e0f0a89f0b18b09de883223e885c924dd04925e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `lxml` has no version pin"}, "properties": {"repobilityId": 118391, "scanner": "repobility-supply-chain", "fingerprint": "1980f59168a93b3e84b82273fa1c89277ccd77a357f2cc142de21089b461608c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1980f59168a93b3e84b82273fa1c89277ccd77a357f2cc142de21089b461608c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `requests` has no version pin"}, "properties": {"repobilityId": 118390, "scanner": "repobility-supply-chain", "fingerprint": "cddaacba999feb710e9a4a873dcc598a136346945b7b77e2abfd70ed2b60e1f6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cddaacba999feb710e9a4a873dcc598a136346945b7b77e2abfd70ed2b60e1f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `beautifulsoup4` has no version pin"}, "properties": {"repobilityId": 118389, "scanner": "repobility-supply-chain", "fingerprint": "1d93ffb8882519f7cd450babd8cc2b9431bff018ff8de72d0d4751c3db7b24ae", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1d93ffb8882519f7cd450babd8cc2b9431bff018ff8de72d0d4751c3db7b24ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 118388, "scanner": "repobility-ast-engine", "fingerprint": "43b4307850b39ceaa2704191fd95023452f6f21cec6d8b6b64cc7af20c1c8fe9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43b4307850b39ceaa2704191fd95023452f6f21cec6d8b6b64cc7af20c1c8fe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 118387, "scanner": "repobility-ast-engine", "fingerprint": "05cdf1d2083571814e716d52e8409ec2d741a00d2a121573e085347acb1fc465", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05cdf1d2083571814e716d52e8409ec2d741a00d2a121573e085347acb1fc465"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 118422, "scanner": "repobility-threat-engine", "fingerprint": "111f16e73d797a86e2fb7c6335b2c638ea3e0a717f0daf9548c52a303a6960b1", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"![](https://img.shields.io/badge/\u89c4\u5219\u66f4\u65b0\u65f6\u95f4-\" + timecode + \"-blue?style=for-the-badge&logo=AdGuard)\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|111f16e73d797a86e2fb7c6335b2c638ea3e0a717f0daf9548c52a303a6960b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/build_confs.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118384, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c6381335bfeb182dac31a9394f08852b62a0ad68916b02b628db17b1cab16b8b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "h2y_bak/factory/chnroutes.py", "duplicate_line": 10, "correlation_key": "fp|c6381335bfeb182dac31a9394f08852b62a0ad68916b02b628db17b1cab16b8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9867409af57ee5a87ada2b5bb0788d305b7fd6b8c164a1912e9189d4db335d9f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "factory/gfwlist.py", "duplicate_line": 29, "correlation_key": "fp|9867409af57ee5a87ada2b5bb0788d305b7fd6b8c164a1912e9189d4db335d9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/gfwlist.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118382, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bc64bf0558767b09817d652ae1a0fdf2f2f742e878a2d0494fab59480476a74", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "factory/build_confs.py", "duplicate_line": 10, "correlation_key": "fp|2bc64bf0558767b09817d652ae1a0fdf2f2f742e878a2d0494fab59480476a74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/build_confs.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118381, "scanner": "repobility-ai-code-hygiene", "fingerprint": "032ab1c3126829011f5983c75b2e06bf24eac0a0ff7bc0fc5cbd7a5555a728e7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "factory/ad.py", "duplicate_line": 34, "correlation_key": "fp|032ab1c3126829011f5983c75b2e06bf24eac0a0ff7bc0fc5cbd7a5555a728e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/ad.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 118427, "scanner": "repobility-threat-engine", "fingerprint": "7d9cf7be082a484c14a60deeffffcca23dc6d01bc91e4391d857e040790f5460", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7d9cf7be082a484c14a60deeffffcca23dc6d01bc91e4391d857e040790f5460"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 118426, "scanner": "repobility-threat-engine", "fingerprint": "09beecb2625327baa4e2d5bb1b3fb581ca76be6e0752c14873e9206c80f1ef7a", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|09beecb2625327baa4e2d5bb1b3fb581ca76be6e0752c14873e9206c80f1ef7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/chnroutes.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 118419, "scanner": "repobility-threat-engine", "fingerprint": "22c0d567d696a6862689f7c9fd8c307213fa0bf7df0ff8c77916ef3d9279f800", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|22c0d567d696a6862689f7c9fd8c307213fa0bf7df0ff8c77916ef3d9279f800", "aggregated_count": 3}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 118418, "scanner": "repobility-threat-engine", "fingerprint": "2ef32abf5629c2f36fcdd21f2af7698491b1a3c16773db497850c8991aa94c52", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ef32abf5629c2f36fcdd21f2af7698491b1a3c16773db497850c8991aa94c52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/ad.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 118417, "scanner": "repobility-threat-engine", "fingerprint": "2403cb3b3942ee969117fbb7f7737bac06676eb32e43f494f2358906a075308b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2403cb3b3942ee969117fbb7f7737bac06676eb32e43f494f2358906a075308b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/gfwlist.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 118416, "scanner": "repobility-threat-engine", "fingerprint": "2d1f97568b54801831bf2851779d26b3c3b4fd15ec2bddcb37d45086414bf04d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d1f97568b54801831bf2851779d26b3c3b4fd15ec2bddcb37d45086414bf04d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/ad.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118415, "scanner": "repobility-threat-engine", "fingerprint": "028f1ee76dd4ceb58e2f5a7647beee5ef1a20a419845d7104b5f848926aa9a07", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|028f1ee76dd4ceb58e2f5a7647beee5ef1a20a419845d7104b5f848926aa9a07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118414, "scanner": "repobility-threat-engine", "fingerprint": "e868c30f8a2278724f6c75f87d5cb8f3b0605c9801e9e4b56d256a6215359f5e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e868c30f8a2278724f6c75f87d5cb8f3b0605c9801e9e4b56d256a6215359f5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/ad.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118413, "scanner": "repobility-threat-engine", "fingerprint": "3eefe95c1120defae61ba48584b04cf914dd804081dcdd6168d422c48f6e3ca8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3eefe95c1120defae61ba48584b04cf914dd804081dcdd6168d422c48f6e3ca8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/ad.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 118410, "scanner": "repobility-threat-engine", "fingerprint": "4ad6f55494afe619cae3e4cf741803a5646a33d13c8bf832506da6d5a11f8beb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ad6f55494afe619cae3e4cf741803a5646a33d13c8bf832506da6d5a11f8beb"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 118406, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 118402, "scanner": "repobility-threat-engine", "fingerprint": "e5aedca74f2cb959790934426f11a54bec225c880f96f9691c5e392ba533c9d8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e5aedca74f2cb959790934426f11a54bec225c880f96f9691c5e392ba533c9d8", "aggregated_count": 3}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 118401, "scanner": "repobility-threat-engine", "fingerprint": "aec5b8f9d15202bf6e0b811359ad0743bf57514b738c7881e804397ce6771d4e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aec5b8f9d15202bf6e0b811359ad0743bf57514b738c7881e804397ce6771d4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/build_confs.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 118400, "scanner": "repobility-threat-engine", "fingerprint": "3aa2f2cebb29291db0d80450b37dc7cfae167dd165d657b0a6c3c0533e879794", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3aa2f2cebb29291db0d80450b37dc7cfae167dd165d657b0a6c3c0533e879794"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/ad.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 118399, "scanner": "repobility-threat-engine", "fingerprint": "de8669153d2b99823b97c33d77fcb45bfc41b2a9d1b44ca87d805fe037ee8efa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de8669153d2b99823b97c33d77fcb45bfc41b2a9d1b44ca87d805fe037ee8efa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/PropFileRW.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 118428, "scanner": "repobility-threat-engine", "fingerprint": "5b439039169af05579485b06b42fae44f1ab6e135b95b549cdfe79ccc85c8eca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5b439039169af05579485b06b42fae44f1ab6e135b95b549cdfe79ccc85c8eca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 118412, "scanner": "repobility-threat-engine", "fingerprint": "ae997f644ec20784c6f4412a27e6ab4fe1596b89c4dd903ba291fd1c1a16f6ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae997f644ec20784c6f4412a27e6ab4fe1596b89c4dd903ba291fd1c1a16f6ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/ad.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 118411, "scanner": "repobility-threat-engine", "fingerprint": "0ebf30d8965054941708271fbcc917f74b5daffda3df0f7ea16bc51758622e52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ebf30d8965054941708271fbcc917f74b5daffda3df0f7ea16bc51758622e52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/ad.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 118409, "scanner": "repobility-threat-engine", "fingerprint": "89be57996cdab99b610108c3072c4152c66c7ecbdc528e9c805396dfdaf5b0dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|89be57996cdab99b610108c3072c4152c66c7ecbdc528e9c805396dfdaf5b0dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/ad.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 118408, "scanner": "repobility-threat-engine", "fingerprint": "772cab8e577bc1d115759afd637e6bd8bfcddd76c17b8a304ed35fc5dca576a2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|772cab8e577bc1d115759afd637e6bd8bfcddd76c17b8a304ed35fc5dca576a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/gfwlist.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 118407, "scanner": "repobility-threat-engine", "fingerprint": "e04ef926901ff5d782934b63901b835c7de143965523c8b5e4ee3eebea34508e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e04ef926901ff5d782934b63901b835c7de143965523c8b5e4ee3eebea34508e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/ad.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 118405, "scanner": "repobility-threat-engine", "fingerprint": "799be689efb71e7a5533e794810cd3143dbf8dfd835ffa131f558dd0681944ea", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(rule_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|799be689efb71e7a5533e794810cd3143dbf8dfd835ffa131f558dd0681944ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/ad.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 118404, "scanner": "repobility-threat-engine", "fingerprint": "ca7b266b48c9ac156aca03ed6d85fe57c5e7e607d2ca0d6cb85c680be1dd952e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(rules_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ca7b266b48c9ac156aca03ed6d85fe57c5e7e607d2ca0d6cb85c680be1dd952e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/gfwlist.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 118403, "scanner": "repobility-threat-engine", "fingerprint": "c1ba42e0af6880bb97432aee2dc81a73ffaa172bec8d2287c56142c9415f370f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(rule_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c1ba42e0af6880bb97432aee2dc81a73ffaa172bec8d2287c56142c9415f370f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/ad.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `stefanzweifel/git-auto-commit-action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118398, "scanner": "repobility-supply-chain", "fingerprint": "6c7dae2b4795623b773b2740e3f87fa09a44edebb12bf98a2d97d24fa1ff38d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6c7dae2b4795623b773b2740e3f87fa09a44edebb12bf98a2d97d24fa1ff38d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `szenius/set-timezone` pinned to mutable ref `@v1.0`"}, "properties": {"repobilityId": 118397, "scanner": "repobility-supply-chain", "fingerprint": "23614506ea3cbb77265b8177576ceba5383a9960fa34d9d23a677c14c8dca5d4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|23614506ea3cbb77265b8177576ceba5383a9960fa34d9d23a677c14c8dca5d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 118396, "scanner": "repobility-supply-chain", "fingerprint": "0d8e1a7a8f6ef7a59265ff97bc672ef16406b918f7b9b6322175dec8ee62cea4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0d8e1a7a8f6ef7a59265ff97bc672ef16406b918f7b9b6322175dec8ee62cea4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.praseHTML` used but never assigned in __init__"}, "properties": {"repobilityId": 118386, "scanner": "repobility-ast-engine", "fingerprint": "b57f7425346c27476fe96d8f772a16712ca25ac3f8c5499f5a437a2247850699", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b57f7425346c27476fe96d8f772a16712ca25ac3f8c5499f5a437a2247850699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fetchHTML` used but never assigned in __init__"}, "properties": {"repobilityId": 118385, "scanner": "repobility-ast-engine", "fingerprint": "c135ba284b9907459571ef2dfad0bd916b70f22b4ea2379b96d27705da0e2d34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c135ba284b9907459571ef2dfad0bd916b70f22b4ea2379b96d27705da0e2d34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "h2y_bak/factory/top500.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 118380, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}