{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `add_control_channel` has cognitive complexity 17 (SonarSource scale). Cog", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `add_control_channel` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and rec"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 17."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `write_freq_and_amp_to_csv` (list)", "shortDescription": {"text": "Mutable default argument in `write_freq_and_amp_to_csv` (list)"}, "fullDescription": {"text": "`def write_freq_and_amp_to_csv(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `dawidd6/action-send-mail` pinned to mutable ref `@v3`", "shortDescription": {"text": "Action `dawidd6/action-send-mail` pinned to mutable ref `@v3`"}, "fullDescription": {"text": "`uses: dawidd6/action-send-mail@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/codespell-project/codespell` pinned to mutable rev `v2.4.1`", "shortDescription": {"text": "pre-commit hook `https://github.com/codespell-project/codespell` pinned to mutable rev `v2.4.1`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/codespell-project/codespell` at `rev: v2.4.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.extractor_instance` used but never assigned in __init__", "shortDescription": {"text": "`self.extractor_instance` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_read_split_subevent_matches_parent_filter` of class `TdtRecordingExtractorSplitTestMixin` reads `self.extractor_instance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_z_score_computation_baseline_raises_when_start_greater_than_end", "shortDescription": {"text": "Phantom test coverage: test_z_score_computation_baseline_raises_when_start_greater_than_end"}, "fullDescription": {"text": "Test function `test_z_score_computation_baseline_raises_when_start_greater_than_end` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `io` used but not imported", "shortDescription": {"text": "Missing import: `io` used but not imported"}, "fullDescription": {"text": "The file uses `io.something(...)` but never imports `io`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1149"}, "properties": {"repository": "LernerLab/GuPPy", "repoUrl": "https://github.com/LernerLab/GuPPy", "branch": "main"}, "results": [{"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 115064, "scanner": "repobility-threat-engine", "fingerprint": "41fe8252de56fc4674bbafa0edfa07f2fdb88d0f14473051d56a42bd7f8a4bb2", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|41fe8252de56fc4674bbafa0edfa07f2fdb88d0f14473051d56a42bd7f8a4bb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/csv_recording_extractor.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `add_control_channel` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=1, for=2, if=5, nested_bonus=8."}, "properties": {"repobilityId": 115055, "scanner": "repobility-threat-engine", "fingerprint": "8ab7b8ff37f8ffd773a637bbf677be669e127e245f96c74ff45810c917b7ae51", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "add_control_channel", "breakdown": {"if": 5, "for": 2, "else": 1, "continue": 1, "nested_bonus": 8}, "complexity": 17, "correlation_key": "fp|8ab7b8ff37f8ffd773a637bbf677be669e127e245f96c74ff45810c917b7ae51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/control_channel.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115030, "scanner": "repobility-ast-engine", "fingerprint": "7413bc531a9c250bc5685a0c7637f8e96dc0991a20d31ecb25f25397a47fd1bb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7413bc531a9c250bc5685a0c7637f8e96dc0991a20d31ecb25f25397a47fd1bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/orchestration/home.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115029, "scanner": "repobility-ast-engine", "fingerprint": "b288c2f96a933b89624f28fd76cc12fdee98c2c23f64f9d9beff300e7e236302", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b288c2f96a933b89624f28fd76cc12fdee98c2c23f64f9d9beff300e7e236302"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/doric_recording_extractor.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115028, "scanner": "repobility-ast-engine", "fingerprint": "fd8d40a478532a79f11fb319bfff5eac55d7f86979546b588c28f73426aa963d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd8d40a478532a79f11fb319bfff5eac55d7f86979546b588c28f73426aa963d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/doric_recording_extractor.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115027, "scanner": "repobility-ast-engine", "fingerprint": "d5f6c6bd4814ce47d12a0736e0aae8c8926c2d929dae197ee2900b58a69612c2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5f6c6bd4814ce47d12a0736e0aae8c8926c2d929dae197ee2900b58a69612c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/npm_recording_extractor.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115025, "scanner": "repobility-ast-engine", "fingerprint": "7b273fd800fb6c4cb21e7a0bfb3a67adfd999335528afa6ff378e9cd5705b955", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b273fd800fb6c4cb21e7a0bfb3a67adfd999335528afa6ff378e9cd5705b955"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/csv_recording_extractor.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115022, "scanner": "repobility-ast-engine", "fingerprint": "34643deecd624b22319ec407ae4a047cf90b6ec19c968713126e0559b5230721", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34643deecd624b22319ec407ae4a047cf90b6ec19c968713126e0559b5230721"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/io_utils.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `write_freq_and_amp_to_csv` (list)"}, "properties": {"repobilityId": 115021, "scanner": "repobility-ast-engine", "fingerprint": "bef07fce589cb4dc0269397ed11fa6e6dc7ee25b310045fc576aaffad95f628f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bef07fce589cb4dc0269397ed11fa6e6dc7ee25b310045fc576aaffad95f628f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/standard_io.py"}, "region": {"startLine": 685}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `write_freq_and_amp_to_hdf5` (list)"}, "properties": {"repobilityId": 115020, "scanner": "repobility-ast-engine", "fingerprint": "e8bdbd79533d4b7fae37e03ef6861b1d424dd016670cb9e10f4e93bb350be64d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8bdbd79533d4b7fae37e03ef6861b1d424dd016670cb9e10f4e93bb350be64d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/standard_io.py"}, "region": {"startLine": 657}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `write_peak_and_area_to_csv` (list)"}, "properties": {"repobilityId": 115019, "scanner": "repobility-ast-engine", "fingerprint": "60a9568d6108a48695c6c69f7a6ee9fed785d613142b8006b3aad3e2dc44c44b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60a9568d6108a48695c6c69f7a6ee9fed785d613142b8006b3aad3e2dc44c44b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/standard_io.py"}, "region": {"startLine": 636}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `write_peak_and_area_to_hdf5` (list)"}, "properties": {"repobilityId": 115018, "scanner": "repobility-ast-engine", "fingerprint": "082a0e67319131ad41115d72e2d88b4b9ad3e913f2dfde6caa40dad6a5e6f09b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|082a0e67319131ad41115d72e2d88b4b9ad3e913f2dfde6caa40dad6a5e6f09b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/standard_io.py"}, "region": {"startLine": 612}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `combine_data` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=1, for=2, if=3, nested_bonus=7."}, "properties": {"repobilityId": 115053, "scanner": "repobility-threat-engine", "fingerprint": "955163164abf4ab16f58062c19cec5db7214149dc830a09d6d403e100e156ab3", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "combine_data", "breakdown": {"if": 3, "for": 2, "else": 1, "continue": 1, "nested_bonus": 7}, "complexity": 14, "correlation_key": "fp|955163164abf4ab16f58062c19cec5db7214149dc830a09d6d403e100e156ab3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/combine_data.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114962, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ab2108c8529f64f45b801df2aa9a9726eb55bcf1b0444d329f199bf5df58f5d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_1_ndx_events_v0_2.py", "duplicate_line": 159, "correlation_key": "fp|7ab2108c8529f64f45b801df2aa9a9726eb55bcf1b0444d329f199bf5df58f5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_2_ndx_events_v0_4.py"}, "region": {"startLine": 253}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114961, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9381f0c5602f4b0d6c6b4b4f51a9d1c7ce3b58f40267d36a3d3e52b01524be2a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_2_ndx_events_v0_2.py", "duplicate_line": 21, "correlation_key": "fp|9381f0c5602f4b0d6c6b4b4f51a9d1c7ce3b58f40267d36a3d3e52b01524be2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_2_ndx_events_v0_4.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114960, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9916e487ab8621796f17a20057cb9269f45b18bd0663346e07bd8ce9c3a74110", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_1_ndx_events_v0_2.py", "duplicate_line": 159, "correlation_key": "fp|9916e487ab8621796f17a20057cb9269f45b18bd0663346e07bd8ce9c3a74110"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_2_ndx_events_v0_2.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114959, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe2a6acbed096bbfb02d5298a4f585adc0bb0208611faea1c339b5c030005766", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/orchestration/psth.py", "duplicate_line": 361, "correlation_key": "fp|fe2a6acbed096bbfb02d5298a4f585adc0bb0208611faea1c339b5c030005766"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/orchestration/transients.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114958, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b30bc7b67037e8dcf6474236e97e3c45961732aeb6d7e8aa8065933852a64e14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/analysis/io_utils.py", "duplicate_line": 68, "correlation_key": "fp|b30bc7b67037e8dcf6474236e97e3c45961732aeb6d7e8aa8065933852a64e14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/orchestration/preprocess.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114957, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37c81b0b9447f2d0a414c1eafc5cd8b4769debb7441848db3f190b46896e8436", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/extractors/dandi_nwb_recording_extractor.py", "duplicate_line": 208, "correlation_key": "fp|37c81b0b9447f2d0a414c1eafc5cd8b4769debb7441848db3f190b46896e8436"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/nwb_recording_extractor.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114956, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5247f656b76021b29c6aa6ad19f481dbf9f760da832cd5807ae2f80fb21022b2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/extractors/csv_recording_extractor.py", "duplicate_line": 48, "correlation_key": "fp|5247f656b76021b29c6aa6ad19f481dbf9f760da832cd5807ae2f80fb21022b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/npm_recording_extractor.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114955, "scanner": "repobility-ai-code-hygiene", "fingerprint": "894d8b100fa7b00751376d43aee8261055416c56d6cd88db8a80b1a850ee12a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/extractors/csv_recording_extractor.py", "duplicate_line": 182, "correlation_key": "fp|894d8b100fa7b00751376d43aee8261055416c56d6cd88db8a80b1a850ee12a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/doric_recording_extractor.py"}, "region": {"startLine": 450}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114954, "scanner": "repobility-ai-code-hygiene", "fingerprint": "043d50d47d68688f38e9891f865e9b4d6d5aee0e62fc9264096b4721d604c71f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/guppy/analysis/combine_data.py", "duplicate_line": 134, "correlation_key": "fp|043d50d47d68688f38e9891f865e9b4d6d5aee0e62fc9264096b4721d604c71f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/standard_io.py"}, "region": {"startLine": 398}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 115067, "scanner": "repobility-threat-engine", "fingerprint": "b2167567238b9ebd3ac54f1a3e0d27dff60947f40cf89d76d60a50c1a9fb0494", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b2167567238b9ebd3ac54f1a3e0d27dff60947f40cf89d76d60a50c1a9fb0494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/frontend/progress.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 115062, "scanner": "repobility-threat-engine", "fingerprint": "86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "aggregated_count": 1}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 115061, "scanner": "repobility-threat-engine", "fingerprint": "ce109182b8194e77e8242b1539554dbb27248042c0beb77eb9b2cc95ee67ab9f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce109182b8194e77e8242b1539554dbb27248042c0beb77eb9b2cc95ee67ab9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/dandi_nwb_recording_extractor.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 115060, "scanner": "repobility-threat-engine", "fingerprint": "3a0647fd61c85fb04957f8ede4509aaf308c2091dd07cae6a5db018e81bcb375", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a0647fd61c85fb04957f8ede4509aaf308c2091dd07cae6a5db018e81bcb375"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/csv_recording_extractor.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 115059, "scanner": "repobility-threat-engine", "fingerprint": "4752c2409ba151e6bb90f200976f6c90d3b23917b4185b284d4bb593eb29a44f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4752c2409ba151e6bb90f200976f6c90d3b23917b4185b284d4bb593eb29a44f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/base_recording_extractor.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 115056, "scanner": "repobility-threat-engine", "fingerprint": "77c6c839e3d15e6868a981640348ff83ed699acf23819d7eaf9cee4a446a7fe9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "combine_data", "breakdown": {"if": 3, "for": 2, "else": 1, "continue": 1, "nested_bonus": 7}, "aggregated": true, "complexity": 14, "correlation_key": "fp|77c6c839e3d15e6868a981640348ff83ed699acf23819d7eaf9cee4a446a7fe9", "aggregated_count": 16}}}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 115070, "scanner": "repobility-threat-engine", "fingerprint": "fe5f5d62971ad321e06427134d0fcb90a8c979c902ee41ef72fda4ba9a83a185", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(output_dir, NPM_PARAMS", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|src/guppy/utils/utils.py|34|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/utils/utils.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 115069, "scanner": "repobility-threat-engine", "fingerprint": "fe420c33224a792a1b71b7e9d71e0449bb91af14bd0b058ebf3c42d22eee5445", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(output_dir, NPM_PARAMS", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|src/guppy/utils/utils.py|34|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/utils/utils.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 115066, "scanner": "repobility-threat-engine", "fingerprint": "ae095fec8433224289c4fa16caa22f648a4838de091d6c7e3f54414460a22cb8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae095fec8433224289c4fa16caa22f648a4838de091d6c7e3f54414460a22cb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/frontend/progress.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 115065, "scanner": "repobility-threat-engine", "fingerprint": "cec120742cc597e67cba5daf8dc0db301ab028ecffad6feca6e47cccdd7e4746", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cec120742cc597e67cba5daf8dc0db301ab028ecffad6feca6e47cccdd7e4746"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/dandi_nwb_recording_extractor.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 115063, "scanner": "repobility-threat-engine", "fingerprint": "9d2ec0e6a82abacb3747d1fb877c54069be0f028d8e17fd59e28e6eaba8f560a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9d2ec0e6a82abacb3747d1fb877c54069be0f028d8e17fd59e28e6eaba8f560a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/csv_recording_extractor.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 115058, "scanner": "repobility-threat-engine", "fingerprint": "0699f819779a7f51980f39b66517e11b2e5e8f3620ca3d9c176197225b4f7654", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0699f819779a7f51980f39b66517e11b2e5e8f3620ca3d9c176197225b4f7654"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/frontend/npm_gui_prompts.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 115057, "scanner": "repobility-threat-engine", "fingerprint": "a23e359d520c88e71d39e55d1372d5bd70ee1588c42ad659bd6e9527355a7dd0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "extractor.save(output_dicts=output_dicts, outputPath=outputPath)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a23e359d520c88e71d39e55d1372d5bd70ee1588c42ad659bd6e9527355a7dd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/base_recording_extractor.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `compute_psth` has cognitive complexity 34 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, elif=1, else=6, for=6, if=8, nested_bonus=11."}, "properties": {"repobilityId": 115054, "scanner": "repobility-threat-engine", "fingerprint": "378f8295f814d64aa717001602e5ebc688b62b67fbf5244565261c01ea1f77ba", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 34 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "compute_psth", "breakdown": {"if": 8, "for": 6, "elif": 1, "else": 6, "continue": 2, "nested_bonus": 11}, "complexity": 34, "correlation_key": "fp|378f8295f814d64aa717001602e5ebc688b62b67fbf5244565261c01ea1f77ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/compute_psth.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dawidd6/action-send-mail` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 115052, "scanner": "repobility-supply-chain", "fingerprint": "8d3c234fab23d488222f2b64a964f10c315ef2cd2c089e04200990d62797ce33", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d3c234fab23d488222f2b64a964f10c315ef2cd2c089e04200990d62797ce33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dailies.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115051, "scanner": "repobility-supply-chain", "fingerprint": "36e55c5d88dc9092aaf366ca1feb4e4e74216b5687be6fbaf01bab3ed20b58ac", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|36e55c5d88dc9092aaf366ca1feb4e4e74216b5687be6fbaf01bab3ed20b58ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dailies.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `anthropics/claude-code-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 115050, "scanner": "repobility-supply-chain", "fingerprint": "4b6ee0aae6da4a53e262db45ab5605fa522c8e1899a5f365d90ee13d83d9fa25", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b6ee0aae6da4a53e262db45ab5605fa522c8e1899a5f365d90ee13d83d9fa25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/claude.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115049, "scanner": "repobility-supply-chain", "fingerprint": "14e02bcf926b0da5d4a2677501979f74c3e7e9e84eccdd57f90d35b6d88bf96d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14e02bcf926b0da5d4a2677501979f74c3e7e9e84eccdd57f90d35b6d88bf96d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/claude.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@v1.12.4`"}, "properties": {"repobilityId": 115048, "scanner": "repobility-supply-chain", "fingerprint": "1aee2e87543d5d1b5c60167cab2bd303a1a8a466ce8f2386d2efa930a5c7fb35", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1aee2e87543d5d1b5c60167cab2bd303a1a8a466ce8f2386d2efa930a5c7fb35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-publish.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 115047, "scanner": "repobility-supply-chain", "fingerprint": "663a1f99186e567f11fe12b0b7181056e84a6b339a51646757da50d5a82e250f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|663a1f99186e567f11fe12b0b7181056e84a6b339a51646757da50d5a82e250f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-publish.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 115046, "scanner": "repobility-supply-chain", "fingerprint": "8b5cb9da3fc7765041a6f39ef1c10d741c683f3dd13dc9eec8e3b72c9cdc5df3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b5cb9da3fc7765041a6f39ef1c10d741c683f3dd13dc9eec8e3b72c9cdc5df3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-publish.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `tj-actions/changed-files` pinned to mutable ref `@v46.0.1`"}, "properties": {"repobilityId": 115045, "scanner": "repobility-supply-chain", "fingerprint": "c4f6d8d7607195cd55e921a2ab4aa4c8750ceb2bc330b32cdedb64c31ab16e0d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c4f6d8d7607195cd55e921a2ab4aa4c8750ceb2bc330b32cdedb64c31ab16e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/assess-file-changes.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115044, "scanner": "repobility-supply-chain", "fingerprint": "0f0e23205e1696c183fda2e0b564083d111e8d852d309a6bf44bb8ad0ab5dbc2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f0e23205e1696c183fda2e0b564083d111e8d852d309a6bf44bb8ad0ab5dbc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/assess-file-changes.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 115043, "scanner": "repobility-supply-chain", "fingerprint": "113135b264ca7a01f4fed30f79b3e53b67a5cc5221cbb61a1c9756397b802dfb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|113135b264ca7a01f4fed30f79b3e53b67a5cc5221cbb61a1c9756397b802dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 115042, "scanner": "repobility-supply-chain", "fingerprint": "d4019a919e6208af80ade5bd9f65b0de7649fa62abc42df8e6ff2072bf9cdbac", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4019a919e6208af80ade5bd9f65b0de7649fa62abc42df8e6ff2072bf9cdbac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 115041, "scanner": "repobility-supply-chain", "fingerprint": "8300b846f83ed3010e46e1112e9f45e4c1d84e7f128f1ca84eca6033cbf63fcb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8300b846f83ed3010e46e1112e9f45e4c1d84e7f128f1ca84eca6033cbf63fcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `re-actors/alls-green` pinned to mutable ref `@release/v1`"}, "properties": {"repobilityId": 115039, "scanner": "repobility-supply-chain", "fingerprint": "a91b9f2f78b622c95113e98d14d18c71d31b6bef4e51709c01e442be387b967b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a91b9f2f78b622c95113e98d14d18c71d31b6bef4e51709c01e442be387b967b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-tests.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115038, "scanner": "repobility-supply-chain", "fingerprint": "3037dca7383064e045bdb0d4f7d7a5f3d6c8bd3d542d016222fc6fbc2190ce51", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3037dca7383064e045bdb0d4f7d7a5f3d6c8bd3d542d016222fc6fbc2190ce51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-tests.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/codespell-project/codespell` pinned to mutable rev `v2.4.1`"}, "properties": {"repobilityId": 115037, "scanner": "repobility-supply-chain", "fingerprint": "f557b1dba658e881e356331ea46dfba447c614bbf3a13ea582d87b447f00f24b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f557b1dba658e881e356331ea46dfba447c614bbf3a13ea582d87b447f00f24b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.13.0`"}, "properties": {"repobilityId": 115036, "scanner": "repobility-supply-chain", "fingerprint": "186155b29d5391aa53f1d4c23a00187883ec020e3e4dc6368c1dd8115b5d0714", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|186155b29d5391aa53f1d4c23a00187883ec020e3e4dc6368c1dd8115b5d0714"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/psf/black` pinned to mutable rev `25.1.0`"}, "properties": {"repobilityId": 115035, "scanner": "repobility-supply-chain", "fingerprint": "b8e855fa4ceafb1b09e3eb39a1c8e2e41333df17c9a3304238214748b8de3db2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b8e855fa4ceafb1b09e3eb39a1c8e2e41333df17c9a3304238214748b8de3db2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`"}, "properties": {"repobilityId": 115034, "scanner": "repobility-supply-chain", "fingerprint": "7d6eb8afb666cf3c56fa0abc46036bcc52e657a57a1a639516377b0302928728", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d6eb8afb666cf3c56fa0abc46036bcc52e657a57a1a639516377b0302928728"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_instance` used but never assigned in __init__"}, "properties": {"repobilityId": 115014, "scanner": "repobility-ast-engine", "fingerprint": "29cbe4a81508aa16d9c3d46d8e5ea42ec9040f2fd85d3cef9035deb3d0fcdaba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29cbe4a81508aa16d9c3d46d8e5ea42ec9040f2fd85d3cef9035deb3d0fcdaba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_instance` used but never assigned in __init__"}, "properties": {"repobilityId": 115013, "scanner": "repobility-ast-engine", "fingerprint": "d94831c6b6fcf33813203d07ed481162c4226dcc81c520bb112da6444df1353d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d94831c6b6fcf33813203d07ed481162c4226dcc81c520bb112da6444df1353d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_class` used but never assigned in __init__"}, "properties": {"repobilityId": 115012, "scanner": "repobility-ast-engine", "fingerprint": "40cdb0690d8e13a3fe4ae815222ec0d26de856ef26375ba32fecf888b9ba05e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40cdb0690d8e13a3fe4ae815222ec0d26de856ef26375ba32fecf888b9ba05e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.split_parent` used but never assigned in __init__"}, "properties": {"repobilityId": 115011, "scanner": "repobility-ast-engine", "fingerprint": "791e3cac0eba7ad410886dba9aad23a4a59ca55228b69bb890b55673cf2a7468", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|791e3cac0eba7ad410886dba9aad23a4a59ca55228b69bb890b55673cf2a7468"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expected_split_events` used but never assigned in __init__"}, "properties": {"repobilityId": 115010, "scanner": "repobility-ast-engine", "fingerprint": "0ebc2031e6013c4e31e6783bffb06593e9a141185b68566526b76ea6f5b80d7c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ebc2031e6013c4e31e6783bffb06593e9a141185b68566526b76ea6f5b80d7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expected_split_events` used but never assigned in __init__"}, "properties": {"repobilityId": 115009, "scanner": "repobility-ast-engine", "fingerprint": "d61fece92dc344fc6dcbe6d2362ddcaee3f2bf1cc938e2b44db3e370c6b9ff2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d61fece92dc344fc6dcbe6d2362ddcaee3f2bf1cc938e2b44db3e370c6b9ff2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_class` used but never assigned in __init__"}, "properties": {"repobilityId": 115008, "scanner": "repobility-ast-engine", "fingerprint": "38c1b68a605afb0848821f9095b908e71a18007e421592840a6d8f3435eccf41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|38c1b68a605afb0848821f9095b908e71a18007e421592840a6d8f3435eccf41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.folder_path` used but never assigned in __init__"}, "properties": {"repobilityId": 115007, "scanner": "repobility-ast-engine", "fingerprint": "2315bb1f376a5a79e4e705e6548788efb903f36b51eacc0230df3995ba71a67a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2315bb1f376a5a79e4e705e6548788efb903f36b51eacc0230df3995ba71a67a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_class` used but never assigned in __init__"}, "properties": {"repobilityId": 115006, "scanner": "repobility-ast-engine", "fingerprint": "50479d5f814a0b651d1b3a7e17d13f575c9c5d0b45ced91c0e567f8dd9b927c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50479d5f814a0b651d1b3a7e17d13f575c9c5d0b45ced91c0e567f8dd9b927c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.split_parent` used but never assigned in __init__"}, "properties": {"repobilityId": 115005, "scanner": "repobility-ast-engine", "fingerprint": "8d817f11fd024e5e78f6b11519020bc4431371a5721ed0f2e307b26287d7c8ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d817f11fd024e5e78f6b11519020bc4431371a5721ed0f2e307b26287d7c8ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.folder_path` used but never assigned in __init__"}, "properties": {"repobilityId": 115004, "scanner": "repobility-ast-engine", "fingerprint": "04c7410a2f816f980ca5040c4f38b97019ff9dc8deeb0194bcaa95a742ea3980", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04c7410a2f816f980ca5040c4f38b97019ff9dc8deeb0194bcaa95a742ea3980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expected_split_events` used but never assigned in __init__"}, "properties": {"repobilityId": 115003, "scanner": "repobility-ast-engine", "fingerprint": "89f924cf1b9048da6e6b6c7f65c7dc1ec2f2a909f174cc3da6c786241f6df9b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89f924cf1b9048da6e6b6c7f65c7dc1ec2f2a909f174cc3da6c786241f6df9b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.ttl_event` used but never assigned in __init__"}, "properties": {"repobilityId": 115002, "scanner": "repobility-ast-engine", "fingerprint": "26fb6099d7b8a138e19f9db849203204eb0d1708e807507fd82a9e94eb9f0884", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26fb6099d7b8a138e19f9db849203204eb0d1708e807507fd82a9e94eb9f0884"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_instance` used but never assigned in __init__"}, "properties": {"repobilityId": 115001, "scanner": "repobility-ast-engine", "fingerprint": "9a3eef602988797d0bf89286f5a8472e9ce2f3e45d265962cdeb96ff13319707", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a3eef602988797d0bf89286f5a8472e9ce2f3e45d265962cdeb96ff13319707"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.ttl_event` used but never assigned in __init__"}, "properties": {"repobilityId": 115000, "scanner": "repobility-ast-engine", "fingerprint": "42a0ff17a194edb3d217c75cbf3a2128482bb629c9e9d4c1762c95c8d1db3877", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42a0ff17a194edb3d217c75cbf3a2128482bb629c9e9d4c1762c95c8d1db3877"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_event` used but never assigned in __init__"}, "properties": {"repobilityId": 114999, "scanner": "repobility-ast-engine", "fingerprint": "754f11cc85e4697aaa42da7d6257da72f771611af8369c2a5fd4e81ce91e7409", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|754f11cc85e4697aaa42da7d6257da72f771611af8369c2a5fd4e81ce91e7409"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_instance` used but never assigned in __init__"}, "properties": {"repobilityId": 114998, "scanner": "repobility-ast-engine", "fingerprint": "48c61ec1767172a74633787037eb4b799fda0675ffbb6f57b96137d31e38dca4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|48c61ec1767172a74633787037eb4b799fda0675ffbb6f57b96137d31e38dca4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_event` used but never assigned in __init__"}, "properties": {"repobilityId": 114997, "scanner": "repobility-ast-engine", "fingerprint": "8811444eba429ef43dd8fe08aee4879651ab0a62d70c09ce4a0cf763605d489a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8811444eba429ef43dd8fe08aee4879651ab0a62d70c09ce4a0cf763605d489a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_instance` used but never assigned in __init__"}, "properties": {"repobilityId": 114996, "scanner": "repobility-ast-engine", "fingerprint": "37bbfcd5dfb130609c6785e49e06987fe7769d51ac4b373937e4ee4d558a41a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37bbfcd5dfb130609c6785e49e06987fe7769d51ac4b373937e4ee4d558a41a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.control_event` used but never assigned in __init__"}, "properties": {"repobilityId": 114995, "scanner": "repobility-ast-engine", "fingerprint": "4f923b553b79dfcf6c80f5d77b978fe37e605245c5a1b80a385f2dc2eba89868", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f923b553b79dfcf6c80f5d77b978fe37e605245c5a1b80a385f2dc2eba89868"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_instance` used but never assigned in __init__"}, "properties": {"repobilityId": 114994, "scanner": "repobility-ast-engine", "fingerprint": "d114975dba56a724dfc33cbb53e43aa60173da9c7126afc8f9a1f007be0c1e36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d114975dba56a724dfc33cbb53e43aa60173da9c7126afc8f9a1f007be0c1e36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.control_event` used but never assigned in __init__"}, "properties": {"repobilityId": 114993, "scanner": "repobility-ast-engine", "fingerprint": "edff19750a2a14f77d78aceb96b77803037722d605db8fcec167cea45c7372af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|edff19750a2a14f77d78aceb96b77803037722d605db8fcec167cea45c7372af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extractor_instance` used but never assigned in __init__"}, "properties": {"repobilityId": 114992, "scanner": "repobility-ast-engine", "fingerprint": "614812ce589b868a7db4f890e29c46cd39c63cbf4ff64ff0068395004dcc1adc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|614812ce589b868a7db4f890e29c46cd39c63cbf4ff64ff0068395004dcc1adc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_tdt_recording_extractor.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 114991, "scanner": "repobility-ast-engine", "fingerprint": "61bab033a5a739fef32a514670017cb79ad2ebdf51675191b5992ca1f70083cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61bab033a5a739fef32a514670017cb79ad2ebdf51675191b5992ca1f70083cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/utils/test_validation.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 114990, "scanner": "repobility-ast-engine", "fingerprint": "ca4bf77a9ad1071c9fa5575426b28326785fc5ca207e63311a7630cef64c4ae9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca4bf77a9ad1071c9fa5575426b28326785fc5ca207e63311a7630cef64c4ae9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/utils/test_validation.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_z_score_computation_baseline_raises_when_start_greater_than_end"}, "properties": {"repobilityId": 114988, "scanner": "repobility-ast-engine", "fingerprint": "e5028b9fc8ec08a95378a6513e90424c44a4f4d7bb6b5299fa1868b74ba1a693", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5028b9fc8ec08a95378a6513e90424c44a4f4d7bb6b5299fa1868b74ba1a693"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_z_score_computation_baseline_raises_when_start_equals_end"}, "properties": {"repobilityId": 114987, "scanner": "repobility-ast-engine", "fingerprint": "990233d1af7052eaa6649dc86cbb1f957a4dea1ebd1cc574bda4b755080d9f9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|990233d1af7052eaa6649dc86cbb1f957a4dea1ebd1cc574bda4b755080d9f9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_z_score_computation_baseline_raises_non_numeric_end"}, "properties": {"repobilityId": 114986, "scanner": "repobility-ast-engine", "fingerprint": "24ed9ba016f866c45f315aaace894fdb9d0f165dd6ed928db4080de8f7a3140e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24ed9ba016f866c45f315aaace894fdb9d0f165dd6ed928db4080de8f7a3140e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_z_score_computation_baseline_raises_non_numeric_start"}, "properties": {"repobilityId": 114985, "scanner": "repobility-ast-engine", "fingerprint": "dfd0be2b51a7476e16c06a9844679a62b84180ad88e88586affed9ef91ec68a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dfd0be2b51a7476e16c06a9844679a62b84180ad88e88586affed9ef91ec68a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_z_score_computation_baseline_raises_when_end_exceeds_signal_duration"}, "properties": {"repobilityId": 114984, "scanner": "repobility-ast-engine", "fingerprint": "1dfc053dfaf875282580b49449b3d47a9169b0495fb017453255e84d77a72b85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1dfc053dfaf875282580b49449b3d47a9169b0495fb017453255e84d77a72b85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_z_score_computation_baseline_raises_when_window_outside_timestamps"}, "properties": {"repobilityId": 114983, "scanner": "repobility-ast-engine", "fingerprint": "4e0f11a95912f9d215721609b839025c7545b16c065918fd6ea91e0234cf8587", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e0f11a95912f9d215721609b839025c7545b16c065918fd6ea91e0234cf8587"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_z_score_computation_baseline_mean_near_zero_in_window"}, "properties": {"repobilityId": 114982, "scanner": "repobility-ast-engine", "fingerprint": "bd3793230aab19ccde4a7212b5403d9c6bec9d001fe9d2aae4a067bb2d56fecf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd3793230aab19ccde4a7212b5403d9c6bec9d001fe9d2aae4a067bb2d56fecf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_z_score_computation_standard_has_zero_mean_unit_std"}, "properties": {"repobilityId": 114981, "scanner": "repobility-ast-engine", "fingerprint": "00b1879958922c21cf390f98fe9a7673659ae850079109d31c943ff506f77f93", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00b1879958922c21cf390f98fe9a7673659ae850079109d31c943ff506f77f93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_control_fit_known_linear_signal_returns_exact_fit"}, "properties": {"repobilityId": 114980, "scanner": "repobility-ast-engine", "fingerprint": "6214df7e68c5d0bb9bfb9a0e4afa498aa4488a16a57e6c5fca2770d1f6d48139", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6214df7e68c5d0bb9bfb9a0e4afa498aa4488a16a57e6c5fca2770d1f6d48139"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_delta_ff_double_signal_returns_one_hundred"}, "properties": {"repobilityId": 114979, "scanner": "repobility-ast-engine", "fingerprint": "aa7b8af4a897721e15e3a546fe454746152bea2efe2c300cd89a6afb6bd54fe0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa7b8af4a897721e15e3a546fe454746152bea2efe2c300cd89a6afb6bd54fe0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_delta_ff_equal_signal_and_control_returns_zeros"}, "properties": {"repobilityId": 114978, "scanner": "repobility-ast-engine", "fingerprint": "9cb339d71388fd30045e17ec29a0a03e0df23b9e3d2818e4805a41793bfb96ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9cb339d71388fd30045e17ec29a0a03e0df23b9e3d2818e4805a41793bfb96ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_filter_signal_window_zero_returns_original"}, "properties": {"repobilityId": 114977, "scanner": "repobility-ast-engine", "fingerprint": "1e295757b50ceaf1b33fa15de47cbe751dcfcf9ce86aca420e5591219456a0ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e295757b50ceaf1b33fa15de47cbe751dcfcf9ce86aca420e5591219456a0ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_z_score.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_nwb_npm"}, "properties": {"repobilityId": 114976, "scanner": "repobility-ast-engine", "fingerprint": "ba4bfea39d220a70108e6afde3181cbd64e7d5ab705fb782a7732f496b17a928", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba4bfea39d220a70108e6afde3181cbd64e7d5ab705fb782a7732f496b17a928"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_inter_session_mixed_modality.py"}, "region": {"startLine": 393}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_nwb_doric"}, "properties": {"repobilityId": 114975, "scanner": "repobility-ast-engine", "fingerprint": "5cc40bda6b84ec92d0d4b812f7b13dd34552fcaf736129e204c96a0b14506c7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cc40bda6b84ec92d0d4b812f7b13dd34552fcaf736129e204c96a0b14506c7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_inter_session_mixed_modality.py"}, "region": {"startLine": 347}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_nwb_tdt"}, "properties": {"repobilityId": 114974, "scanner": "repobility-ast-engine", "fingerprint": "7ea3211a5344a8312573b36842a4bd2ac110225d7c51300b15b5c416fd877ee8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ea3211a5344a8312573b36842a4bd2ac110225d7c51300b15b5c416fd877ee8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_inter_session_mixed_modality.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_nwb_csv"}, "properties": {"repobilityId": 114973, "scanner": "repobility-ast-engine", "fingerprint": "fd0cc0b9a67297dd06061051d12c5dd2bad2137e29a8f1aec0796567af0030ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd0cc0b9a67297dd06061051d12c5dd2bad2137e29a8f1aec0796567af0030ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_inter_session_mixed_modality.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_tdt_csv_data"}, "properties": {"repobilityId": 114972, "scanner": "repobility-ast-engine", "fingerprint": "12c4f4112fc5a4ab7f6559823c1aebf15651b461a7e4434e65ffc910cb8e5222", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|12c4f4112fc5a4ab7f6559823c1aebf15651b461a7e4434e65ffc910cb8e5222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_inter_session_mixed_modality.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_tdt_npm"}, "properties": {"repobilityId": 114971, "scanner": "repobility-ast-engine", "fingerprint": "42349eacbbdb2283853d3cde4c025b1b25143ec6146be20afc8967b40a261634", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42349eacbbdb2283853d3cde4c025b1b25143ec6146be20afc8967b40a261634"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_inter_session_mixed_modality.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_tdt_doric"}, "properties": {"repobilityId": 114970, "scanner": "repobility-ast-engine", "fingerprint": "8ee3b66c422d5a4ad7ba6ed4fda90f64fd5e5cb3bd479551557e5360b383496b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ee3b66c422d5a4ad7ba6ed4fda90f64fd5e5cb3bd479551557e5360b383496b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_inter_session_mixed_modality.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_nwb_csv_ttl"}, "properties": {"repobilityId": 114969, "scanner": "repobility-ast-engine", "fingerprint": "b6c3391852080c545f410dbb1134281e225e688bddc66556720d94275d77210f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6c3391852080c545f410dbb1134281e225e688bddc66556720d94275d77210f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_intra_session_mixed_modality.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_npm_csv_ttl"}, "properties": {"repobilityId": 114968, "scanner": "repobility-ast-engine", "fingerprint": "278d5dc4e25f6432c967796591c2473d4f5bb0ef8b194371954a5b474afc77ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|278d5dc4e25f6432c967796591c2473d4f5bb0ef8b194371954a5b474afc77ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_intra_session_mixed_modality.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_doric_csv_ttl"}, "properties": {"repobilityId": 114967, "scanner": "repobility-ast-engine", "fingerprint": "14076cfde7127d5029887786805eef96d2d80c0fa45d4371e87ad08a5b18dc71", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14076cfde7127d5029887786805eef96d2d80c0fa45d4371e87ad08a5b18dc71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_intra_session_mixed_modality.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mixed_modality_tdt_csv_ttl"}, "properties": {"repobilityId": 114966, "scanner": "repobility-ast-engine", "fingerprint": "69ebf073772c7871407acd0a0f1d9f28bac8e705636227d1d14c1187f935e6da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69ebf073772c7871407acd0a0f1d9f28bac8e705636227d1d14c1187f935e6da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_intra_session_mixed_modality.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_selected_runs_unknown_name_raises"}, "properties": {"repobilityId": 114965, "scanner": "repobility-ast-engine", "fingerprint": "6eca6ba1b5335f7a3691043229e0169b64846c84a99e81d4662e308940db1dfa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6eca6ba1b5335f7a3691043229e0169b64846c84a99e81d4662e308940db1dfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_parametrized_outputs.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_create_policy_raises_on_existing_run_name"}, "properties": {"repobilityId": 114964, "scanner": "repobility-ast-engine", "fingerprint": "ba37a865ecc160908941b1d6db02a57110e1a8924087f45d983daba5c7d780c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba37a865ecc160908941b1d6db02a57110e1a8924087f45d983daba5c7d780c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_parametrized_outputs.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 115068, "scanner": "repobility-threat-engine", "fingerprint": "8818a003f8b1abaa18f3dec8e69a485f9672e866df26ced678724479fe68983a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8818a003f8b1abaa18f3dec8e69a485f9672e866df26ced678724479fe68983a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/orchestration/home.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 115040, "scanner": "repobility-supply-chain", "fingerprint": "8ef1cd2a6053a711598bc8b0b7b5a3fe358f06e49f4d35d7ddbef4b0cc6897b8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ef1cd2a6053a711598bc8b0b7b5a3fe358f06e49f4d35d7ddbef4b0cc6897b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-tests.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 115033, "scanner": "repobility-ast-engine", "fingerprint": "81100be4d45288cf877b88b19a3ee559e000a23e46bd24546c7d96b4b2e2ad82", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|81100be4d45288cf877b88b19a3ee559e000a23e46bd24546c7d96b4b2e2ad82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_2_ndx_events_v0_2.py"}, "region": {"startLine": 342}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 115032, "scanner": "repobility-ast-engine", "fingerprint": "eff09118e2cd51d2c67433bdac468c1995faeb1a6461e6015ecf134a188c3ac7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eff09118e2cd51d2c67433bdac468c1995faeb1a6461e6015ecf134a188c3ac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_1_ndx_events_v0_2.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 115031, "scanner": "repobility-ast-engine", "fingerprint": "bbcb72ad43473afa585ef662b05ef80cdfcee3fe7d462de3ca6c44f076cfbe31", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bbcb72ad43473afa585ef662b05ef80cdfcee3fe7d462de3ca6c44f076cfbe31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/testing/scripts/create_mock_nwbfile_ndx_fiber_photometry_v0_2_ndx_events_v0_4.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 115026, "scanner": "repobility-ast-engine", "fingerprint": "ed212cccb2424ef18f1bad4791e257a1b7dbfdec6b6e9f3247382d0df50e2940", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed212cccb2424ef18f1bad4791e257a1b7dbfdec6b6e9f3247382d0df50e2940"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/dandi_nwb_recording_extractor.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 115024, "scanner": "repobility-ast-engine", "fingerprint": "ebac8b51ea9d925e11c984232fbffd18130b10e2b12fe0a8785d95ae900aaaef", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebac8b51ea9d925e11c984232fbffd18130b10e2b12fe0a8785d95ae900aaaef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/extractors/nwb_recording_extractor.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 115023, "scanner": "repobility-ast-engine", "fingerprint": "e0183d23837ff0a9fc54e42ddc0ca15dd632a604c526f47c381b3caf83703d6b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0183d23837ff0a9fc54e42ddc0ca15dd632a604c526f47c381b3caf83703d6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/timestamp_correction.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 115017, "scanner": "repobility-ast-engine", "fingerprint": "ad86a12a0d2669cbb8780cef06228f9fc8393c8d87a7cdda3b8d3c2d2bad7e37", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad86a12a0d2669cbb8780cef06228f9fc8393c8d87a7cdda3b8d3c2d2bad7e37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/guppy/analysis/control_channel.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 115016, "scanner": "repobility-ast-engine", "fingerprint": "90b673c1d663713d653389f2447ac82c6ae021f1d17275c2ab7bbbce54f35fd9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|90b673c1d663713d653389f2447ac82c6ae021f1d17275c2ab7bbbce54f35fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_dandi_nwb_recording_extractor.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 115015, "scanner": "repobility-ast-engine", "fingerprint": "bc60ae1a7c7a737f4d0a586c139951640bdb3d46a3a421ab5972af3386b3dcd1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc60ae1a7c7a737f4d0a586c139951640bdb3d46a3a421ab5972af3386b3dcd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/extractors/test_dandi_nwb_live.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 114989, "scanner": "repobility-ast-engine", "fingerprint": "31c99e8c35260c91f3654d1c40e03c40a2b661ff07bed94f369f9de1862c829f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31c99e8c35260c91f3654d1c40e03c40a2b661ff07bed94f369f9de1862c829f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/analysis/test_control_channel.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 114963, "scanner": "repobility-ast-engine", "fingerprint": "f60908f0620131fd308cb7cd10071c0266f98cfc5c50c73816629248510cd2e4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f60908f0620131fd308cb7cd10071c0266f98cfc5c50c73816629248510cd2e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_integration_dandi.py"}, "region": {"startLine": 55}}}]}]}]}