{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `run_tool` (dict): `def run_tool(... = []/{}/set())` \u2014 Python's default value is ", "shortDescription": {"text": "[MINED109] Mutable default argument in `run_tool` (dict): `def run_tool(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every f"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def run_tool(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `parse_orbital_spec` has cognitive complexity 16 (SonarSource scale). Cogn", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `parse_orbital_spec` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recu"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Add robots.txt at the web root or a framework-native robots route. Include an explicit Sitemap directive and disallow only private paths."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED076", "name": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message", "shortDescription": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 21 more): Same pattern found in 21 additional files", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter (and 2 more): Same pattern found in 2 additional files. Review if n", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 3 more): Same pattern found in 3 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 31 more): Same pattern found in 31 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 31 more): Same pattern found in 31 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 10 more): Same pattern found in 10 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 37 more): Same pattern found in 37 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 37 more): Same pattern found in 37 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 18 more): Same pattern found in 18 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `j178/prek-action` pinned to mutable ref `@v1`: `uses: j178/prek-action@v1` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `j178/prek-action` pinned to mutable ref `@v1`: `uses: j178/prek-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: j178/prek-action@<40-char-sha>  # v1` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `mcr.microsoft.com/playwright:v1.58.0-noble` unpinned: `container/services ", "shortDescription": {"text": "[MINED126] Workflow container/services image `mcr.microsoft.com/playwright:v1.58.0-noble` unpinned: `container/services image: mcr.microsoft.com/playwright:v1.58.0-noble` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat"}, "fullDescription": {"text": "Replace with `mcr.microsoft.com/playwright:v1.58.0-noble@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `python:3.11-slim-bookworm` not pinned by digest: `FROM python:3.11-slim-bookworm` resolves t", "shortDescription": {"text": "[MINED118] Dockerfile FROM `python:3.11-slim-bookworm` not pinned by digest: `FROM python:3.11-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially differe"}, "fullDescription": {"text": "Replace with: `FROM python:3.11-slim-bookworm@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-eslint` pinned to mutable rev `v9.38.0`: `.pre-commit-", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-eslint` pinned to mutable rev `v9.38.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-eslint` at `rev: v9.38.0`. If `{rev}` is a branch or vers"}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `@catgo/ferrox-wasm` pulled from URL/Git: `dependencies.@catgo/ferrox-wasm` = `link:extensio", "shortDescription": {"text": "[MINED122] package.json dep `@catgo/ferrox-wasm` pulled from URL/Git: `dependencies.@catgo/ferrox-wasm` = `link:extensions/rust-wasm` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /{workflow_id}/recheck-jobs has no auth: Handler `api_recheck_jobs` is registered with router/ap", "shortDescription": {"text": "[MINED112] FastAPI POST /{workflow_id}/recheck-jobs has no auth: Handler `api_recheck_jobs` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_irc_expansion` of class `TestExpandConverg", "shortDescription": {"text": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_irc_expansion` of class `TestExpandConvergencePoints` reads `self._base_row`, but no assignment to it exists in __init__ (and no class-level fallback). This raise"}, "fullDescription": {"text": "Initialize `self._base_row = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_structure_ops: Test function `test_structure_ops` runs code but contains no asser", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_structure_ops: Test function `test_structure_ops` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`", "shortDescription": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import queue` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1064"}, "properties": {"repository": "Hello-QM/catgo-LRG", "repoUrl": "https://github.com/Hello-QM/catgo-LRG", "branch": "main"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `run_tool` (dict): `def run_tool(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 104433, "scanner": "repobility-ast-engine", "fingerprint": "915fc06302a842e9fe14cc1c37d7c5eda209ea3b67eb7da27b61365d88d29b0c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|915fc06302a842e9fe14cc1c37d7c5eda209ea3b67eb7da27b61365d88d29b0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/tools.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104385, "scanner": "repobility-ast-engine", "fingerprint": "57d187566257ccbae494c12e72df0f03a75f2b623c7c61bd4717924d83feedb5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57d187566257ccbae494c12e72df0f03a75f2b623c7c61bd4717924d83feedb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_phase1_manual.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104384, "scanner": "repobility-ast-engine", "fingerprint": "3682e666716c5891ec6e3128f9c2be7bacb62c39df4a2fa630844f0d658a64f5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3682e666716c5891ec6e3128f9c2be7bacb62c39df4a2fa630844f0d658a64f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_phase1_manual.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104383, "scanner": "repobility-ast-engine", "fingerprint": "219ce4f49525df854d1019cf35a610ead7a225c00114b96cc0a9cf3dd7a1c47a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|219ce4f49525df854d1019cf35a610ead7a225c00114b96cc0a9cf3dd7a1c47a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_phase1_manual.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104382, "scanner": "repobility-ast-engine", "fingerprint": "ade5b6fba80b0ed6f908a7006c204445a40672f06609ce4495f5bc8927a286a7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ade5b6fba80b0ed6f908a7006c204445a40672f06609ce4495f5bc8927a286a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_phase1_manual.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104381, "scanner": "repobility-ast-engine", "fingerprint": "59193115836315cea6c0876831582b6acc593c761aecfd633ce450e5045d0987", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59193115836315cea6c0876831582b6acc593c761aecfd633ce450e5045d0987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_phase1_manual.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104380, "scanner": "repobility-ast-engine", "fingerprint": "99e397a91df0a2e354bb595cf46c54e9a52bf5ce0449430be80aa3918ff0b685", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99e397a91df0a2e354bb595cf46c54e9a52bf5ce0449430be80aa3918ff0b685"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_kremer_grest_polymer.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104379, "scanner": "repobility-ast-engine", "fingerprint": "d1c2260aa48f21a5b40970c62b3ecd7457f95719bb9fc421c57d3100e8230a39", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1c2260aa48f21a5b40970c62b3ecd7457f95719bb9fc421c57d3100e8230a39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_kremer_grest_polymer.py"}, "region": {"startLine": 339}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104376, "scanner": "repobility-ast-engine", "fingerprint": "7b95e706dbee7b3491e362c52f88561084dc935e97c79a1d8c8f3759d4702996", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b95e706dbee7b3491e362c52f88561084dc935e97c79a1d8c8f3759d4702996"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_phase2_analyzer.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104375, "scanner": "repobility-ast-engine", "fingerprint": "29e68d47df4656789bd0e65f3ec4aa24d447807dd300b2c1a097a40e44f9f127", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29e68d47df4656789bd0e65f3ec4aa24d447807dd300b2c1a097a40e44f9f127"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_phase2_analyzer.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104374, "scanner": "repobility-ast-engine", "fingerprint": "54b6482053778d50c4208647853d1eb6015178cc849cff8aac91420ab5a20b52", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54b6482053778d50c4208647853d1eb6015178cc849cff8aac91420ab5a20b52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lammps_api.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104369, "scanner": "repobility-ast-engine", "fingerprint": "5c44dfa3d891f4924875437c151e000552d2b1d946e748123e976d3f710138d3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c44dfa3d891f4924875437c151e000552d2b1d946e748123e976d3f710138d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_polymer_workflow.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104365, "scanner": "repobility-ast-engine", "fingerprint": "7a29b43f4b2e6ee7fd5c066bd5bc84282750d090b97bf2311dfb5c748bbef8e8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a29b43f4b2e6ee7fd5c066bd5bc84282750d090b97bf2311dfb5c748bbef8e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_plugins_manual.py"}, "region": {"startLine": 495}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104364, "scanner": "repobility-ast-engine", "fingerprint": "bd659b4d0464bcfb1ffaabaf68e38be21bea88c2a457bd9281536c4389292ea7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd659b4d0464bcfb1ffaabaf68e38be21bea88c2a457bd9281536c4389292ea7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_plugins_manual.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104363, "scanner": "repobility-ast-engine", "fingerprint": "360b695a3450ef8af23ae77d8d3a79ac663f188fc4b6da72b0abafbf714d3834", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|360b695a3450ef8af23ae77d8d3a79ac663f188fc4b6da72b0abafbf714d3834"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_plugins_manual.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104362, "scanner": "repobility-ast-engine", "fingerprint": "2cbc1931e2150e13d0ce4b1c9c116b4e471cb075cff8ed72dbe8e345778ac569", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2cbc1931e2150e13d0ce4b1c9c116b4e471cb075cff8ed72dbe8e345778ac569"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_plugins_manual.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104361, "scanner": "repobility-ast-engine", "fingerprint": "de888f19625249e275f512eb2f450453a976475adcb3d4b8567f86dc88d6e6f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de888f19625249e275f512eb2f450453a976475adcb3d4b8567f86dc88d6e6f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 247}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104360, "scanner": "repobility-ast-engine", "fingerprint": "f40e871310ad403745d7d954446d55b738d904b7ccc46bade950bb5ebbfc7ff1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f40e871310ad403745d7d954446d55b738d904b7ccc46bade950bb5ebbfc7ff1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104359, "scanner": "repobility-ast-engine", "fingerprint": "789a6c1d395521b0d536f2dfa7a97105144e3d20817856513cc6062e1e20a0c4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|789a6c1d395521b0d536f2dfa7a97105144e3d20817856513cc6062e1e20a0c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104358, "scanner": "repobility-ast-engine", "fingerprint": "30fbc2ec4d688d4c27f5df63a0a5aaddb2d6b7a1f82e52b596d2909b21913be3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30fbc2ec4d688d4c27f5df63a0a5aaddb2d6b7a1f82e52b596d2909b21913be3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104357, "scanner": "repobility-ast-engine", "fingerprint": "c19b80d753cb229388f9e76f983df0b9b3911a5a4bf28bb113d20e0923660741", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c19b80d753cb229388f9e76f983df0b9b3911a5a4bf28bb113d20e0923660741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104351, "scanner": "repobility-ast-engine", "fingerprint": "63c3fc112fd64e4d63664045791f833b030213068a3397bf8c8ae428c938a167", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63c3fc112fd64e4d63664045791f833b030213068a3397bf8c8ae428c938a167"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/cp2k_dos.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104350, "scanner": "repobility-ast-engine", "fingerprint": "a148b3ce41dc8f3f3b9000210b4ceec4a8aba866eac4517454f722026bc97da7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a148b3ce41dc8f3f3b9000210b4ceec4a8aba866eac4517454f722026bc97da7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/main.py"}, "region": {"startLine": 521}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104348, "scanner": "repobility-ast-engine", "fingerprint": "f74ba105b94c102df7f174b4792e943d4ad2a5603bad0aeaa43ecf05281e7591", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f74ba105b94c102df7f174b4792e943d4ad2a5603bad0aeaa43ecf05281e7591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/test_vasp.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104347, "scanner": "repobility-ast-engine", "fingerprint": "03acb84f4301bca4bf225546e200c965047e8b324d41e3b2349eadb431b3c746", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03acb84f4301bca4bf225546e200c965047e8b324d41e3b2349eadb431b3c746"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/test_vasp.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 104346, "scanner": "repobility-ast-engine", "fingerprint": "5ef9564fd21e93e620bc10bd53879001771c9029e170209968d9f93a8833b8e8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ef9564fd21e93e620bc10bd53879001771c9029e170209968d9f93a8833b8e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/test_vasp.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 104344, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 104333, "scanner": "repobility-docker", "fingerprint": "c45ba92636aeae247d52d239df4c506e3005c9cab982c0520364be19ae136d74", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.11-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c45ba92636aeae247d52d239df4c506e3005c9cab982c0520364be19ae136d74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hpc/Dockerfile.base"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 104332, "scanner": "repobility-docker", "fingerprint": "921b302faf4b50f40f1c4bc07ae84152325328da0fe3617d791df7071567e63c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.11-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|921b302faf4b50f40f1c4bc07ae84152325328da0fe3617d791df7071567e63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hpc/Dockerfile"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 104330, "scanner": "repobility-docker", "fingerprint": "80f697b26c8c1092e8fd41c3384295506c983801c25f8ed03a4d1369be34be74", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.11-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|80f697b26c8c1092e8fd41c3384295506c983801c25f8ed03a4d1369be34be74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 70}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 104328, "scanner": "repobility-docker", "fingerprint": "194621bb12299bd68a3af0aa2e784c418164203efff3fe7a76081d95733eec0d", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|194621bb12299bd68a3af0aa2e784c418164203efff3fe7a76081d95733eec0d", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 44}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 104326, "scanner": "repobility-agent-runtime", "fingerprint": "acb6dad8ef4c298cf8bb66d737fab2f137dbe499e80663dc18acfdf695019d39", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|acb6dad8ef4c298cf8bb66d737fab2f137dbe499e80663dc18acfdf695019d39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/main.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 104325, "scanner": "repobility-agent-runtime", "fingerprint": "fdeca4ff22f8ac688311e9c0306b803e8b3390a53a5d7cb4887ee99c0c7e27ab", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|fdeca4ff22f8ac688311e9c0306b803e8b3390a53a5d7cb4887ee99c0c7e27ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/state/sidebar-state.svelte.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 104324, "scanner": "repobility-agent-runtime", "fingerprint": "dd9210c475056c4d984f708feb7bddefede01041dafecbf34f3d05157bc77b58", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|dd9210c475056c4d984f708feb7bddefede01041dafecbf34f3d05157bc77b58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/lib/popout-manager.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 104323, "scanner": "repobility-agent-runtime", "fingerprint": "442e2b37b2549b718ebda8ed4ebfb48c1971f99f287cd2fd13b8e6c37f641248", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|442e2b37b2549b718ebda8ed4ebfb48c1971f99f287cd2fd13b8e6c37f641248"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/web/install.sh"}, "region": {"startLine": 7}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 104322, "scanner": "repobility-agent-runtime", "fingerprint": "82c8852c323c466055bca3d76f016b997e2b5c2240225ac047c36add54c930a9", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|82c8852c323c466055bca3d76f016b997e2b5c2240225ac047c36add54c930a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/web/INSTALL.md"}, "region": {"startLine": 10}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 104321, "scanner": "repobility-agent-runtime", "fingerprint": "9eff7f03c9c55e3a88276c773e78eee11245d6858a97d8aabc0ab4775f2032a7", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9eff7f03c9c55e3a88276c773e78eee11245d6858a97d8aabc0ab4775f2032a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/vsix-publish.yml"}, "region": {"startLine": 47}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 104320, "scanner": "repobility-agent-runtime", "fingerprint": "54759f4879b038732fd0b7892e4bdf644fdd00ca4c8a071fda1d51d6bc5b14c6", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|54759f4879b038732fd0b7892e4bdf644fdd00ca4c8a071fda1d51d6bc5b14c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 104319, "scanner": "repobility-agent-runtime", "fingerprint": "1d7ed2666e0feb4baa19b1e2c15b12b9a238cc5e5aad8d4b3d85cd4aaab49583", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1d7ed2666e0feb4baa19b1e2c15b12b9a238cc5e5aad8d4b3d85cd4aaab49583"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-test-build.yml"}, "region": {"startLine": 90}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 104318, "scanner": "repobility-agent-runtime", "fingerprint": "82bba5f54148b24736b594562a42a9d7f4bbcc856de27d7053638bfaeb5a12df", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|82bba5f54148b24736b594562a42a9d7f4bbcc856de27d7053638bfaeb5a12df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ios-build.yml"}, "region": {"startLine": 82}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 104317, "scanner": "repobility-agent-runtime", "fingerprint": "a61a9aff9f3616e42f90c7ba50bee68d80e56a6391481474423d4869daa22d5c", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|a61a9aff9f3616e42f90c7ba50bee68d80e56a6391481474423d4869daa22d5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/hpc-bundle.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 104285, "scanner": "repobility-threat-engine", "fingerprint": "4af547a84300143f1eb039d1e82cbd88fd826a6685cb8be564dabcb88b9717fb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * total_weight\n  let cumulativ", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4af547a84300143f1eb039d1e82cbd88fd826a6685cb8be564dabcb88b9717fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/site/plot-utils.ts"}, "region": {"startLine": 135}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 104281, "scanner": "repobility-threat-engine", "fingerprint": "b0bb8e7457d5e4ac27cc0805c127df513ea330be60d14f08d1547599cc30c829", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(potcar_cmd, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|103|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engines/sella.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 104273, "scanner": "repobility-threat-engine", "fingerprint": "0d2c0a1c7f52b409c30f6a08dc3342bef7a367e0df59de2ec4eca9bce5dd80cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        from catgo.routers.view_capture import _current_structure_dict\n        return _current_", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d2c0a1c7f52b409c30f6a08dc3342bef7a367e0df59de2ec4eca9bce5dd80cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/tools.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 104272, "scanner": "repobility-threat-engine", "fingerprint": "b44d7405974c71a99c9cc2a08c90c528593687ed44b128eb5c5625c002c6f6f9", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(\n            f\"Building Moir\u00e9 bilayer: angle={req", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b44d7405974c71a99c9cc2a08c90c528593687ed44b128eb5c5625c002c6f6f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/moire.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 104261, "scanner": "repobility-threat-engine", "fingerprint": "4fca4863586320bd97763735ce2440683a7479054b8b9ea04d00bbd6d263a6e9", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4fca4863586320bd97763735ce2440683a7479054b8b9ea04d00bbd6d263a6e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/mcp_tools/plugin_tools.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 104260, "scanner": "repobility-threat-engine", "fingerprint": "ca28b04eaa6f2cd9c84a4e124e1f5b084c65e1fd17c9a626ab4e956e4450cb81", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ca28b04eaa6f2cd9c84a4e124e1f5b084c65e1fd17c9a626ab4e956e4450cb81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/mcp_tools/helpers.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 104259, "scanner": "repobility-threat-engine", "fingerprint": "a24c39f1751fae3cd136ce3184971d19e153e57696fd01ce5810fdc5f461ec25", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a24c39f1751fae3cd136ce3184971d19e153e57696fd01ce5810fdc5f461ec25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/calculators/base.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 104242, "scanner": "repobility-threat-engine", "fingerprint": "23e871a6590c262c409e6e1343948223fe01df768d858b407163aaad7cbad597", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|191|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/tools/sandbox.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 104241, "scanner": "repobility-threat-engine", "fingerprint": "6582a0afa3fa006d619e2d3aad31480c27fd9e99dbe2046c358c70f43b39de47", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|236|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/plugins/sandbox.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 104240, "scanner": "repobility-threat-engine", "fingerprint": "4ed1a86c0cbee85a4e0f1669d219cfc917ca54bf8c868711ddea1b57afaeac93", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|128|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/vscode/src/optimade-backend.ts"}, "region": {"startLine": 128}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_orbital_spec` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=4, except=1, for=1, if=4, nested_bonus=6."}, "properties": {"repobilityId": 104222, "scanner": "repobility-threat-engine", "fingerprint": "2e1fb6613712583f503bacde91975ba5c734278cc7826b1dbd89427c7da8d43a", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_orbital_spec", "breakdown": {"if": 4, "for": 1, "except": 1, "continue": 4, "nested_bonus": 6}, "complexity": 16, "correlation_key": "fp|2e1fb6613712583f503bacde91975ba5c734278cc7826b1dbd89427c7da8d43a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/dos-analysis/catgo_dos/orbital.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 104343, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 104342, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 104341, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 104340, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 104335, "scanner": "repobility-docker", "fingerprint": "a14a371eea950d59e2cc48a3021cc5d83b122a0040fd074f2efc0fbba45434ac", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "catgo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|a14a371eea950d59e2cc48a3021cc5d83b122a0040fd074f2efc0fbba45434ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 104334, "scanner": "repobility-docker", "fingerprint": "6965f855fcbb620cbe2686e36eb4193991616aa5f6ed8417393932358b090574", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "catgo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6965f855fcbb620cbe2686e36eb4193991616aa5f6ed8417393932358b090574"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 104331, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 104329, "scanner": "repobility-docker", "fingerprint": "547893c0f539fd8829f48b8fa98bbe606011f53adef1aecc93e14d4f2e2ce269", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|547893c0f539fd8829f48b8fa98bbe606011f53adef1aecc93e14d4f2e2ce269"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 103}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104316, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f472f58508b0d0e9f96cd91aa152a1bcde5e9d2e01699abc8097b2cf092c3a8d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/utils/pbs.py", "duplicate_line": 12, "correlation_key": "fp|f472f58508b0d0e9f96cd91aa152a1bcde5e9d2e01699abc8097b2cf092c3a8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/utils/scheduler_base.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104315, "scanner": "repobility-ai-code-hygiene", "fingerprint": "782de8df96bc78ba24f2551b2c60c09b04f850146fb1af7bc1f5713d64933bb0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/plugins/builtin_readers.py", "duplicate_line": 14, "correlation_key": "fp|782de8df96bc78ba24f2551b2c60c09b04f850146fb1af7bc1f5713d64933bb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/tools/builtin/vasp_readers.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104314, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fc365efbb71448c8ebf42885d1e27e7bef3a635c41090b27eff8673dc088221f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/routers/heterostructure.py", "duplicate_line": 80, "correlation_key": "fp|fc365efbb71448c8ebf42885d1e27e7bef3a635c41090b27eff8673dc088221f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/reticular.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104313, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a974d68e04a7f0218af8a7d0fe15fdd6eda23f0f44acae99a914eabedc187ccb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/routers/mofdb.py", "duplicate_line": 16, "correlation_key": "fp|a974d68e04a7f0218af8a7d0fe15fdd6eda23f0f44acae99a914eabedc187ccb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/reticular.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104312, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ec0ee6429744113a37f4d22f1a559144ff4575674facc1925b2866eafb0a2ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/routers/cp2k.py", "duplicate_line": 108, "correlation_key": "fp|5ec0ee6429744113a37f4d22f1a559144ff4575674facc1925b2866eafb0a2ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/qe.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104311, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0c3b2b62c2255e0af5c4c3f6f1bec9411b4824ac02020060a4e18626f52ac58", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/routers/lammps/utils.py", "duplicate_line": 128, "correlation_key": "fp|a0c3b2b62c2255e0af5c4c3f6f1bec9411b4824ac02020060a4e18626f52ac58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/qe.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104310, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3999aaff21b897b8c2a1910524bac50ef9689d2c71bc63e9dcd157e0283b45f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/routers/optimize.py", "duplicate_line": 32, "correlation_key": "fp|3999aaff21b897b8c2a1910524bac50ef9689d2c71bc63e9dcd157e0283b45f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/optimize_ws.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104309, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1925e0139ff20c3727b9995b5b8004b6edad33ce3b6a86e972c03b5ae42b8cec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/routers/heterostructure.py", "duplicate_line": 80, "correlation_key": "fp|1925e0139ff20c3727b9995b5b8004b6edad33ce3b6a86e972c03b5ae42b8cec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/mofdb.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104308, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f98a7c6a0feaa577f17602419fbd3529ed2be5c23f097c875d6871e059a8005e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/routers/mcp_http.py", "duplicate_line": 24, "correlation_key": "fp|f98a7c6a0feaa577f17602419fbd3529ed2be5c23f097c875d6871e059a8005e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/mcp_sse.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104307, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ecc71f4b57b69d6e2bbbd5774c21298406fdff38ed4220a1053f854763487cf2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/routers/chgcar.py", "duplicate_line": 21, "correlation_key": "fp|ecc71f4b57b69d6e2bbbd5774c21298406fdff38ed4220a1053f854763487cf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/cube.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104306, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e6a5012654e4c1f27d3ecdc69dad8d225fcd0b56164992e297690d4e2351a721", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/catgo/calculators/xtb.py", "duplicate_line": 20, "correlation_key": "fp|e6a5012654e4c1f27d3ecdc69dad8d225fcd0b56164992e297690d4e2351a721"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/calculators/xtb_cli.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104305, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d440239401ace569e657fac767dc0032dfb6b4323b8e9bae9052d61a49074ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/lammps-workflow/plugin.py", "duplicate_line": 22, "correlation_key": "fp|0d440239401ace569e657fac767dc0032dfb6b4323b8e9bae9052d61a49074ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/lammps-workflow/tool.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104304, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9dba61a7ccbaeac319991a82ae2eb9dde3653816cf42af29ed9bd482c152a18a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/cp2k-dos-reader/plugin.py", "duplicate_line": 2, "correlation_key": "fp|9dba61a7ccbaeac319991a82ae2eb9dde3653816cf42af29ed9bd482c152a18a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/cp2k-dos-reader/tool.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104303, "scanner": "repobility-ai-code-hygiene", "fingerprint": "362aeca1381e06e0563a8cea3fea6276875b11cb44eed32c024ba0e8f6bdd94d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/bond-histogram/plugin.py", "duplicate_line": 23, "correlation_key": "fp|362aeca1381e06e0563a8cea3fea6276875b11cb44eed32c024ba0e8f6bdd94d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/bond-histogram/tool.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104302, "scanner": "repobility-ai-code-hygiene", "fingerprint": "be405be1a4fd69503a93b428af65eedf5b1a326d770a345da1b61bcb9793aab7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/rust/src/nanoscroll.rs", "duplicate_line": 43, "correlation_key": "fp|be405be1a4fd69503a93b428af65eedf5b1a326d770a345da1b61bcb9793aab7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/rust/src/wasm_nanoscroll.rs"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104301, "scanner": "repobility-ai-code-hygiene", "fingerprint": "90eb879930f422b1525ff3448ded586f4ac77927fe6ba99e76309846a5f96f50", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/rust/src/cell_ops.rs", "duplicate_line": 58, "correlation_key": "fp|90eb879930f422b1525ff3448ded586f4ac77927fe6ba99e76309846a5f96f50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/rust/src/pbc.rs"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104300, "scanner": "repobility-ai-code-hygiene", "fingerprint": "685fa65d93dda4155c0434acc34b50506dcd3bfc5af57475b44e35548b698bf7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/rust/src/mof/functional_groups.rs", "duplicate_line": 209, "correlation_key": "fp|685fa65d93dda4155c0434acc34b50506dcd3bfc5af57475b44e35548b698bf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/rust/src/mof/rac.rs"}, "region": {"startLine": 368}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104299, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b7224f6d1f844a6718320ee032ecc2d73d9408c9a8af29a87194ba008bac29e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/rust/src/mof/mod.rs", "duplicate_line": 85, "correlation_key": "fp|1b7224f6d1f844a6718320ee032ecc2d73d9408c9a8af29a87194ba008bac29e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/rust/src/mof/rac.rs"}, "region": {"startLine": 338}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104298, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5df9c097020918058494ad3577e73293de583888f4b91c324eeedcce8d36a7a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/rust/src/mof/functional_groups.rs", "duplicate_line": 209, "correlation_key": "fp|b5df9c097020918058494ad3577e73293de583888f4b91c324eeedcce8d36a7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/rust/src/mof/mod.rs"}, "region": {"startLine": 115}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104297, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3688775361fc1ffe9cf11586555fdeef2b5f251a2532cbaee2581f05910b1f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/rust/src/algorithms/ewald.rs", "duplicate_line": 411, "correlation_key": "fp|e3688775361fc1ffe9cf11586555fdeef2b5f251a2532cbaee2581f05910b1f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/rust/src/crystal_nn.rs"}, "region": {"startLine": 536}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104296, "scanner": "repobility-ai-code-hygiene", "fingerprint": "26eeb27b06b9e99a2cbfa80215eb470f12c9d2f4ea8407d85b4419d6d44b90e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/rust/src/bonding.rs", "duplicate_line": 500, "correlation_key": "fp|26eeb27b06b9e99a2cbfa80215eb470f12c9d2f4ea8407d85b4419d6d44b90e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/rust/src/coordination.rs"}, "region": {"startLine": 331}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104295, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aef491f1326905207cbc967d99f6ef677087c3603914af08c618fe18c8e1086f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/rust/benches/matcher_bench.rs", "duplicate_line": 12, "correlation_key": "fp|aef491f1326905207cbc967d99f6ef677087c3603914af08c618fe18c8e1086f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/rust/src/batch.rs"}, "region": {"startLine": 272}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104294, "scanner": "repobility-ai-code-hygiene", "fingerprint": "afa7f8ced1c0ddb12bdb357e6a42555bd90dc5125981c5577e388aa496a1842c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "desktop/components/CloseAllModal.svelte", "duplicate_line": 52, "correlation_key": "fp|afa7f8ced1c0ddb12bdb357e6a42555bd90dc5125981c5577e388aa496a1842c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/components/ExportSaveDialog.svelte"}, "region": {"startLine": 138}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104293, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31dd67b1c95eae01f6226d15d36522e90910044e63c1a0ff36dec261c39b380c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/catgo-graph/src/tools/file_writer.rs", "duplicate_line": 18, "correlation_key": "fp|31dd67b1c95eae01f6226d15d36522e90910044e63c1a0ff36dec261c39b380c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/tools/vasp.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104292, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa2461be075ced78b2d184e7209d73a867cfc5f84df5b05d84b312ba1288b075", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/catgo-graph/src/tools/file_writer.rs", "duplicate_line": 64, "correlation_key": "fp|fa2461be075ced78b2d184e7209d73a867cfc5f84df5b05d84b312ba1288b075"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/tools/stats.rs"}, "region": {"startLine": 107}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104291, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8792869179487fc1d474d2fde258cf0fbd96bda90e3bc8831701fcd806d4593a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/catgo-graph/src/runtime/engine.rs", "duplicate_line": 390, "correlation_key": "fp|8792869179487fc1d474d2fde258cf0fbd96bda90e3bc8831701fcd806d4593a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/runtime/scheduler.rs"}, "region": {"startLine": 152}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104290, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a507ef3e087f2f7314e555690205623176a0ae3d4db0ba175c8929b261addd9b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/catgo-graph/src/core/state.rs", "duplicate_line": 118, "correlation_key": "fp|a507ef3e087f2f7314e555690205623176a0ae3d4db0ba175c8929b261addd9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/runtime/lifecycle.rs"}, "region": {"startLine": 121}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104289, "scanner": "repobility-ai-code-hygiene", "fingerprint": "59c22e479e75102ad2af14169cb935fa71b7974aa9dc87d07864d120d609474c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/catgo-graph/src/api/graph_api.rs", "duplicate_line": 331, "correlation_key": "fp|59c22e479e75102ad2af14169cb935fa71b7974aa9dc87d07864d120d609474c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/runtime/engine.rs"}, "region": {"startLine": 618}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104288, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a76c4d1c6bef3f0547a2e583ffe9707a23383435f915c17d0d495e77dd50d57", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/catgo-graph/src/graph/subgraph_validate.rs", "duplicate_line": 234, "correlation_key": "fp|9a76c4d1c6bef3f0547a2e583ffe9707a23383435f915c17d0d495e77dd50d57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/graph/validate.rs"}, "region": {"startLine": 149}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_on_text_input` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=3, except=1, if=5, nested_bonus=4."}, "properties": {"repobilityId": 104221, "scanner": "repobility-threat-engine", "fingerprint": "431089d29c20b37f619404d859b11bbeacd8f3a21ec60320a0b8d4fa43580ce5", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_on_text_input", "breakdown": {"if": 5, "elif": 3, "except": 1, "nested_bonus": 4}, "complexity": 13, "correlation_key": "fp|431089d29c20b37f619404d859b11bbeacd8f3a21ec60320a0b8d4fa43580ce5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "energy_diagram/energydiagram/interaction.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_on_editor_action` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, except=1, for=1, if=4, nested_bonus=6."}, "properties": {"repobilityId": 104220, "scanner": "repobility-threat-engine", "fingerprint": "1b205311ce6679e977468706e56c2d33da71e4a439dd3104d6d8751cf9c40238", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_on_editor_action", "breakdown": {"if": 4, "for": 1, "break": 1, "except": 1, "nested_bonus": 6}, "complexity": 13, "correlation_key": "fp|1b205311ce6679e977468706e56c2d33da71e4a439dd3104d6d8751cf9c40238"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "energy_diagram/energydiagram/interaction.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 104204, "scanner": "repobility-threat-engine", "fingerprint": "35fc7bc8b86fad154d91866e340b4cbabe3a399af9231317d86235ede41af718", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|desktop/main.ts|15|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/main.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 104287, "scanner": "repobility-threat-engine", "fingerprint": "4c119626335df14d2fca1bf803059b2892068a80ba5a1d1e2754b3fb152b68f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4c119626335df14d2fca1bf803059b2892068a80ba5a1d1e2754b3fb152b68f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vite-plugin-agent-bridge.ts"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 104286, "scanner": "repobility-threat-engine", "fingerprint": "4aafe4a0933abca741010663c2a67bf7b956a02e2cf34115dd60d85a0e8e0b3d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4aafe4a0933abca741010663c2a67bf7b956a02e2cf34115dd60d85a0e8e0b3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vite-plugin-agent-bridge.ts"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 104280, "scanner": "repobility-threat-engine", "fingerprint": "13eaa2fec737a64c370302a38943104879a00a13fd5b88f25f0464515e650a94", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|13eaa2fec737a64c370302a38943104879a00a13fd5b88f25f0464515e650a94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/run_cp2k_sp.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED076", "level": "none", "message": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "properties": {"repobilityId": 104277, "scanner": "repobility-threat-engine", "fingerprint": "36d318fc2c25f4e583fe1d50f903b4ff1275b39c7b1d06da7f0ad29c63741751", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "catch-and-reraise-noop", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348079+00:00", "triaged_in_corpus": 10, "observations_count": 8333, "ai_coder_pattern_id": 45}, "scanner": "repobility-threat-engine", "correlation_key": "fp|36d318fc2c25f4e583fe1d50f903b4ff1275b39c7b1d06da7f0ad29c63741751"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/utils/hpc_client.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 104276, "scanner": "repobility-threat-engine", "fingerprint": "ede9d82fd51cf0e51c7c9945256f52944b8f84a5063856d685c11e886821361b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ede9d82fd51cf0e51c7c9945256f52944b8f84a5063856d685c11e886821361b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/utils/local_connection.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 104275, "scanner": "repobility-threat-engine", "fingerprint": "66b3c0d765c13708e64734e0adcdffdc5980b4f075cd33f594c869b111fb1389", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66b3c0d765c13708e64734e0adcdffdc5980b4f075cd33f594c869b111fb1389"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/tools/sandbox.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 104274, "scanner": "repobility-threat-engine", "fingerprint": "afa39f031eadf8dd600adad51dd61cb4d1177ff188a74bf36546478c642a38af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|afa39f031eadf8dd600adad51dd61cb4d1177ff188a74bf36546478c642a38af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/tools/discovery.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 104271, "scanner": "repobility-threat-engine", "fingerprint": "9f2724229c3b02d914603c235bce7661b3b60d15995900704828a392e418025b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9f2724229c3b02d914603c235bce7661b3b60d15995900704828a392e418025b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/materials_project.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 104270, "scanner": "repobility-threat-engine", "fingerprint": "dd916166b072f3d72ef804e2162f42ba9a2fe1b38be922e1832d33d87a7442a8", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"Cluster configs: {list(config.cluster_configs.keys()", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|10|print f cluster configs: list config.cluster_configs.keys"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/templates/example_expanse_config.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 104269, "scanner": "repobility-threat-engine", "fingerprint": "2b13a8d4eddfa8de05a559dea996eb8b23055e1e6b87dcc3f42e48f08a05f669", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.info(\"[CatGo:SOCKS5] Proxy auth succeeded (username/password)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|12|logger.info catgo:socks5 proxy auth succeeded username/password"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/utils/ssh_auth.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 104267, "scanner": "repobility-threat-engine", "fingerprint": "515ce8f34190c372bacad0228e354d50ffa84385c6d25d59f60ba89b5f04eae7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|515ce8f34190c372bacad0228e354d50ffa84385c6d25d59f60ba89b5f04eae7"}}}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 104263, "scanner": "repobility-threat-engine", "fingerprint": "4e556c63f157ce3942ee1cdb8498bb1f8755168f557c21f19f83c34d63b841e4", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value looks like a development placeholder, not a live credential", "evidence": {"match": "PASSWORD = \"<redacted>\"", "reason": "Value looks like a development placeholder, not a live credential", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|server/catgo/models/hpc.py|2|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/models/hpc.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 104262, "scanner": "repobility-threat-engine", "fingerprint": "5e52edf7b37020aa239df3ddcd6024b0623fc9d6fa5f53ab26d6712f2091fba9", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5e52edf7b37020aa239df3ddcd6024b0623fc9d6fa5f53ab26d6712f2091fba9"}}}, {"ruleId": "SEC103", "level": "none", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 104255, "scanner": "repobility-threat-engine", "fingerprint": "0edbeffb250228c25ea7248a70ed5a8dd2a5b09f7f3943fdb9d9c2db8f28df16", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0edbeffb250228c25ea7248a70ed5a8dd2a5b09f7f3943fdb9d9c2db8f28df16"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 104251, "scanner": "repobility-threat-engine", "fingerprint": "29f418f0b32afce9ff9545bb3e439c1b302cb3c41f56d413b872dcb5fe0b02fc", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|29f418f0b32afce9ff9545bb3e439c1b302cb3c41f56d413b872dcb5fe0b02fc"}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 104247, "scanner": "repobility-threat-engine", "fingerprint": "f1c2c4035cdd6e0916d588faf9becbbbd5dd61a9e4a7efb0017757e4e82f5c05", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f1c2c4035cdd6e0916d588faf9becbbbd5dd61a9e4a7efb0017757e4e82f5c05"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 104243, "scanner": "repobility-threat-engine", "fingerprint": "b031acad30223651838c72762fbf67002aa9bccea5e8d28f9a1dee5134b8d8a4", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b031acad30223651838c72762fbf67002aa9bccea5e8d28f9a1dee5134b8d8a4"}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 31 more): Same pattern found in 31 additional files. Review if needed."}, "properties": {"repobilityId": 104239, "scanner": "repobility-threat-engine", "fingerprint": "c04ab6bfd02aae07d20c269ad1c9fc90313046c42f4d5a648c64ff859775e106", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 31 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c04ab6bfd02aae07d20c269ad1c9fc90313046c42f4d5a648c64ff859775e106", "aggregated_count": 31}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 104235, "scanner": "repobility-threat-engine", "fingerprint": "0b02df8724bdd7ab7ca32aab93e3d6c680820bdca4abe8cd0f226b9328a812e5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0b02df8724bdd7ab7ca32aab93e3d6c680820bdca4abe8cd0f226b9328a812e5", "aggregated_count": 7}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 104234, "scanner": "repobility-threat-engine", "fingerprint": "c6df3aeaca1b8c0a6cf03c4bf09f086d2a0d2494faa29f82668efb13a3e8f75f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c6df3aeaca1b8c0a6cf03c4bf09f086d2a0d2494faa29f82668efb13a3e8f75f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/cli/hpc_link.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 104233, "scanner": "repobility-threat-engine", "fingerprint": "72e4d7c21f7583946d1d9fe28bd62b1c24788a0a7bda5f5cd5e5de9be8586139", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|72e4d7c21f7583946d1d9fe28bd62b1c24788a0a7bda5f5cd5e5de9be8586139"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/dos-analysis/catgo_dos/pdos.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 104232, "scanner": "repobility-threat-engine", "fingerprint": "3334c85a4e64911a3c937be5231cadc8671803a0bbff77521db7cde2275b163e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3334c85a4e64911a3c937be5231cadc8671803a0bbff77521db7cde2275b163e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/dos-analysis/catgo_dos/dband.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 104229, "scanner": "repobility-threat-engine", "fingerprint": "02b847bd7d4ccea62b1bac4097f887f9e6ec1f165d0c1ca517adb2e5000206b5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|02b847bd7d4ccea62b1bac4097f887f9e6ec1f165d0c1ca517adb2e5000206b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "energy_diagram/examples/test.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 104228, "scanner": "repobility-threat-engine", "fingerprint": "ca85539d3ca8e1a13a7c03a218b67e58ae9cd7abdf6322f3931382bf191cf7c0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ca85539d3ca8e1a13a7c03a218b67e58ae9cd7abdf6322f3931382bf191cf7c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "energy_diagram/examples/keyboard_demo.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 104227, "scanner": "repobility-threat-engine", "fingerprint": "b716e452fc69f198dd09d9395b6a9646e9c76178cc7a871b1d6ec822f8589b1c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b716e452fc69f198dd09d9395b6a9646e9c76178cc7a871b1d6ec822f8589b1c"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 133 more): Same pattern found in 133 additional files. Review if needed."}, "properties": {"repobilityId": 104223, "scanner": "repobility-threat-engine", "fingerprint": "d5d896061378b3eb764b25bc86cf6dfa560d1eff6bbc38308d84561e05c9813d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 133 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_on_editor_action", "breakdown": {"if": 4, "for": 1, "break": 1, "except": 1, "nested_bonus": 6}, "aggregated": true, "complexity": 13, "correlation_key": "fp|d5d896061378b3eb764b25bc86cf6dfa560d1eff6bbc38308d84561e05c9813d", "aggregated_count": 133}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 37 more): Same pattern found in 37 additional files. Review if needed."}, "properties": {"repobilityId": 104219, "scanner": "repobility-threat-engine", "fingerprint": "9de7c384267415d021590a1b81a6a14d7734ce941cba8b3b1010bff322fcdaa0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 37 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9de7c384267415d021590a1b81a6a14d7734ce941cba8b3b1010bff322fcdaa0", "aggregated_count": 37}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 104218, "scanner": "repobility-threat-engine", "fingerprint": "edbf6e418916e4f41d98b2e419c7fbfc22ea97bb69b88d32edaca702ba5b026b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|edbf6e418916e4f41d98b2e419c7fbfc22ea97bb69b88d32edaca702ba5b026b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/dos-analysis/catgo_dos/orbital.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 104217, "scanner": "repobility-threat-engine", "fingerprint": "26124f1aa820ec64fe9f4bf251db5e47db98b686a8851306c1d36fa1a72a7d69", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|26124f1aa820ec64fe9f4bf251db5e47db98b686a8851306c1d36fa1a72a7d69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/plugins/lennard-jones-calculator/plugin.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 104216, "scanner": "repobility-threat-engine", "fingerprint": "68e4170d367e1e397547418617763eef8a817ad9b2c416484169a742d669eba3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|68e4170d367e1e397547418617763eef8a817ad9b2c416484169a742d669eba3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "energy_diagram/energydiagram/interaction.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 104215, "scanner": "repobility-threat-engine", "fingerprint": "3a22ac02b2baf370d83ba17a8bec43c4e714d3f46e5467e1b51a8599f7854e5a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3a22ac02b2baf370d83ba17a8bec43c4e714d3f46e5467e1b51a8599f7854e5a", "aggregated_count": 1}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 104214, "scanner": "repobility-threat-engine", "fingerprint": "0dad5e5640491cf1305fff215f183d808bbf6334d9886fe5265853f372e3e800", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0dad5e5640491cf1305fff215f183d808bbf6334d9886fe5265853f372e3e800"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scripts/fetch-elem-images.ts"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 104213, "scanner": "repobility-threat-engine", "fingerprint": "742cb4735d229566c760e2402692bec16dcc92d830f886e10632aaaa77c082c2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|742cb4735d229566c760e2402692bec16dcc92d830f886e10632aaaa77c082c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/vscode/scripts/sync-config.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 104212, "scanner": "repobility-threat-engine", "fingerprint": "8d91f842c37217fdff1fb242303ae4753d7d029b9290eddd785f796d5d33af7e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d91f842c37217fdff1fb242303ae4753d7d029b9290eddd785f796d5d33af7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/pane-utils.ts"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 104211, "scanner": "repobility-threat-engine", "fingerprint": "cbf6547d9f643e95684a65906e45e71aa8a38aa27576546abef5efe92c852f3e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cbf6547d9f643e95684a65906e45e71aa8a38aa27576546abef5efe92c852f3e", "aggregated_count": 18}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 104210, "scanner": "repobility-threat-engine", "fingerprint": "f8285a2c553efe3f2b9b09bda7ae59c15b14afcba3ec47173162ab83acd73f00", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f8285a2c553efe3f2b9b09bda7ae59c15b14afcba3ec47173162ab83acd73f00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/sidebar/rename-save-dialogs.svelte.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 104209, "scanner": "repobility-threat-engine", "fingerprint": "517b6021150fc24cb57abdcc16c3204bfabb4353dd03f08accdb89986cfac771", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|517b6021150fc24cb57abdcc16c3204bfabb4353dd03f08accdb89986cfac771"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/settings.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 104208, "scanner": "repobility-threat-engine", "fingerprint": "c726749c72dbe0fcea7f1099743610e0b984a7ee0740a9a70a546852371b025e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c726749c72dbe0fcea7f1099743610e0b984a7ee0740a9a70a546852371b025e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/main.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 104203, "scanner": "repobility-threat-engine", "fingerprint": "0467dd39abcae401ab2462a9dad2b1e15faf33643d34afc7de64002165551195", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0467dd39abcae401ab2462a9dad2b1e15faf33643d34afc7de64002165551195"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/build-server.sh"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 104202, "scanner": "repobility-threat-engine", "fingerprint": "e535114cd599ca5d9fc018e028b5af83cc763575bbdc6ac7a16a3826952c2d6c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e535114cd599ca5d9fc018e028b5af83cc763575bbdc6ac7a16a3826952c2d6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hpc/conda/setup-catgo.sh"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 104201, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 104200, "scanner": "repobility-threat-engine", "fingerprint": "d094bd193b55468aa31339b505f2caf60ab3f2d52e823ee830c0a2d1909c6789", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d094bd193b55468aa31339b505f2caf60ab3f2d52e823ee830c0a2d1909c6789"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/catrender-wasm/src/lib.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 104199, "scanner": "repobility-threat-engine", "fingerprint": "9ab600659005ab0c75c1b9ce2dd95b11789ab72f320ff60d601da9fe330e9aa2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9ab600659005ab0c75c1b9ce2dd95b11789ab72f320ff60d601da9fe330e9aa2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hpc/catgo-job.sh"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 104198, "scanner": "repobility-threat-engine", "fingerprint": "cb117d209e8ff3dc36445358f7ad1369f33be48a84d7b9275ceddb43573d2fae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb117d209e8ff3dc36445358f7ad1369f33be48a84d7b9275ceddb43573d2fae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hpc/bundle/catgo-job.sh"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 104197, "scanner": "repobility-threat-engine", "fingerprint": "9165cfb92f23c82d748ff2e396f6ce1906a33fc59330ee3ce89bc7aac0698e97", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9165cfb92f23c82d748ff2e396f6ce1906a33fc59330ee3ce89bc7aac0698e97", "aggregated_count": 1}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 104196, "scanner": "repobility-threat-engine", "fingerprint": "e736e3a7cbf029cdb3d156359952b97fed4cb467133323800bcf1e53645bede8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e736e3a7cbf029cdb3d156359952b97fed4cb467133323800bcf1e53645bede8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/catrender-wasm/src/types.rs"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 104195, "scanner": "repobility-threat-engine", "fingerprint": "65466f356c70fc7fd2e71fa99db3fa09b36c70170d37eaded471d496dd834508", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65466f356c70fc7fd2e71fa99db3fa09b36c70170d37eaded471d496dd834508"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/tools/stats.rs"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 104194, "scanner": "repobility-threat-engine", "fingerprint": "969d4404eddc6819495a47ba9b002dcc16b009ec830bacfc6ea11aea9375025c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|969d4404eddc6819495a47ba9b002dcc16b009ec830bacfc6ea11aea9375025c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/tools/http_bridge.rs"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 104193, "scanner": "repobility-threat-engine", "fingerprint": "5eac8336f0b4cc00ae4620ca638e175af65ee892d0c641edbb038f6e632bfa61", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5eac8336f0b4cc00ae4620ca638e175af65ee892d0c641edbb038f6e632bfa61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/runtime/lifecycle.rs"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 104192, "scanner": "repobility-threat-engine", "fingerprint": "36a8872f242ced5bf43c2c59654152661be00d89f115d0c72d280a73a1364ec5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|36a8872f242ced5bf43c2c59654152661be00d89f115d0c72d280a73a1364ec5", "aggregated_count": 16}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `j178/prek-action` pinned to mutable ref `@v1`: `uses: j178/prek-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104505, "scanner": "repobility-supply-chain", "fingerprint": "e35bda3535e8b5a6b0ce5a88437c720dde203bb6663e52a4a3e6395c9e7f0dce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e35bda3535e8b5a6b0ce5a88437c720dde203bb6663e52a4a3e6395c9e7f0dce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `denoland/setup-deno` pinned to mutable ref `@v2`: `uses: denoland/setup-deno@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104504, "scanner": "repobility-supply-chain", "fingerprint": "135b919b2635651c4714b1c42c5ae9ec88142092a0d8df33eda3b3274ca270eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|135b919b2635651c4714b1c42c5ae9ec88142092a0d8df33eda3b3274ca270eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104503, "scanner": "repobility-supply-chain", "fingerprint": "35d050d78fc654b057e44333e9e7d862b71423bf4edf9e8863486d224f40b03e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35d050d78fc654b057e44333e9e7d862b71423bf4edf9e8863486d224f40b03e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `mcr.microsoft.com/playwright:v1.58.0-noble` unpinned: `container/services image: mcr.microsoft.com/playwright:v1.58.0-noble` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 104502, "scanner": "repobility-supply-chain", "fingerprint": "47a77dfa430547b6d858b63f4768c0d01f7c456015f336f534399b36c133c52c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47a77dfa430547b6d858b63f4768c0d01f7c456015f336f534399b36c133c52c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104501, "scanner": "repobility-supply-chain", "fingerprint": "27358499304dc10ab10f7ea787ef1033d11123b7c12bd6c102874a0817800881", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|27358499304dc10ab10f7ea787ef1033d11123b7c12bd6c102874a0817800881"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104500, "scanner": "repobility-supply-chain", "fingerprint": "63c59f9afd05a5a200821322a57c83abe1db6867911286ba24368d49eb79dc5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|63c59f9afd05a5a200821322a57c83abe1db6867911286ba24368d49eb79dc5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104499, "scanner": "repobility-supply-chain", "fingerprint": "70b4283431de38161840f9c77d161419e2a8998de6af53b94c4dbfe0d5e65149", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|70b4283431de38161840f9c77d161419e2a8998de6af53b94c4dbfe0d5e65149"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104498, "scanner": "repobility-supply-chain", "fingerprint": "cb4d7bb15eebe80ed4f86dbbc5b8a14bbedd010a1ee0da8580ed452b6b1e8a99", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb4d7bb15eebe80ed4f86dbbc5b8a14bbedd010a1ee0da8580ed452b6b1e8a99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104497, "scanner": "repobility-supply-chain", "fingerprint": "1705645727b68782ee37cb2637a876ae3a7e2b4b693b50284382c215b35e74f3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1705645727b68782ee37cb2637a876ae3a7e2b4b693b50284382c215b35e74f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104496, "scanner": "repobility-supply-chain", "fingerprint": "6a66458910e524e27e0e6e75c604fcf5e5fb93e419f55798c70d61ca378509cb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6a66458910e524e27e0e6e75c604fcf5e5fb93e419f55798c70d61ca378509cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104495, "scanner": "repobility-supply-chain", "fingerprint": "f944285fe2f291ac3cc2da132a79665773e9e4bcff2cabe20517f2d67097a91e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f944285fe2f291ac3cc2da132a79665773e9e4bcff2cabe20517f2d67097a91e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104494, "scanner": "repobility-supply-chain", "fingerprint": "dd7f20597700ae9340a795fcd2f7f4223391eddde38747a2fb0c36b7085ff83a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd7f20597700ae9340a795fcd2f7f4223391eddde38747a2fb0c36b7085ff83a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `tauri-apps/tauri-action` pinned to mutable ref `@v0.6`: `uses: tauri-apps/tauri-action@v0.6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104493, "scanner": "repobility-supply-chain", "fingerprint": "45e7b6905a9bc98cb8d8a5572810f78dbc98fde9c6f039131864a20537bd0464", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45e7b6905a9bc98cb8d8a5572810f78dbc98fde9c6f039131864a20537bd0464"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104492, "scanner": "repobility-supply-chain", "fingerprint": "085ec557b2aadadbffefda458bf22c8216c070527a3fe34e17819151085aff0f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|085ec557b2aadadbffefda458bf22c8216c070527a3fe34e17819151085aff0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104491, "scanner": "repobility-supply-chain", "fingerprint": "8a522945996bfd0ea1d9cb218b8da02da00b839cca0d037b42f05541b7990781", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8a522945996bfd0ea1d9cb218b8da02da00b839cca0d037b42f05541b7990781"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104490, "scanner": "repobility-supply-chain", "fingerprint": "6f5d9a633f89892c597c53f300f13f37dfe65c732c6f61c860383b60d005043f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6f5d9a633f89892c597c53f300f13f37dfe65c732c6f61c860383b60d005043f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104489, "scanner": "repobility-supply-chain", "fingerprint": "aa46025a343625863c9db1659755911de21610a6233c912916258b50dff8fa4a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aa46025a343625863c9db1659755911de21610a6233c912916258b50dff8fa4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `conda-incubator/setup-miniconda` pinned to mutable ref `@v3`: `uses: conda-incubator/setup-miniconda@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104488, "scanner": "repobility-supply-chain", "fingerprint": "8bbe38f2108c87f12518e1ec4309bd8c6bd98294c13ae2e8005469c51af47446", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8bbe38f2108c87f12518e1ec4309bd8c6bd98294c13ae2e8005469c51af47446"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104487, "scanner": "repobility-supply-chain", "fingerprint": "eb6d5d56defeb292394bec13f0b6f9e0d9b23be92f3407994da9f40a87ca482c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eb6d5d56defeb292394bec13f0b6f9e0d9b23be92f3407994da9f40a87ca482c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104486, "scanner": "repobility-supply-chain", "fingerprint": "8ac75999a3e3699a5f94323966d5b6bbb7498a31f36860ceaf7306c9098c6f67", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ac75999a3e3699a5f94323966d5b6bbb7498a31f36860ceaf7306c9098c6f67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104485, "scanner": "repobility-supply-chain", "fingerprint": "8232f3c49ca17d99442c0e456ae367fd2d7e455f2c8a26a1dfe8b8dc32307059", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8232f3c49ca17d99442c0e456ae367fd2d7e455f2c8a26a1dfe8b8dc32307059"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tauri-build.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104484, "scanner": "repobility-supply-chain", "fingerprint": "f2cb55ea3f428f2084ebae8ff2efa60fe491b9596baa4ceaeb5e7849bda2fcd1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f2cb55ea3f428f2084ebae8ff2efa60fe491b9596baa4ceaeb5e7849bda2fcd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/vsix-publish.yml"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104483, "scanner": "repobility-supply-chain", "fingerprint": "7f1f52f1d5bd40f7753512c72472f98e7c9cc6f860b42a33329dbf5244f55e15", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f1f52f1d5bd40f7753512c72472f98e7c9cc6f860b42a33329dbf5244f55e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/vsix-publish.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v5`: `uses: actions/setup-node@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104482, "scanner": "repobility-supply-chain", "fingerprint": "bcdb2b5c82c3a19e30b8d7ac78e5f0969259597485d12fd18fa6f5341624a75a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bcdb2b5c82c3a19e30b8d7ac78e5f0969259597485d12fd18fa6f5341624a75a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/vsix-publish.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104481, "scanner": "repobility-supply-chain", "fingerprint": "39d9426ab944d400a154fb971e449fc0c76c33930c03a0dfa82c4fa0ca3fd3a7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|39d9426ab944d400a154fb971e449fc0c76c33930c03a0dfa82c4fa0ca3fd3a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/vsix-publish.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 104480, "scanner": "repobility-supply-chain", "fingerprint": "16fdd6825df8e696a7cef9b4e7c15dda0e974b2e07afbf663b01ec13f50db1d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|16fdd6825df8e696a7cef9b4e7c15dda0e974b2e07afbf663b01ec13f50db1d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/vsix-publish.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.11-slim-bookworm` not pinned by digest: `FROM python:3.11-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 104479, "scanner": "repobility-supply-chain", "fingerprint": "e15f53adc9ba1781c324101719062c3b4701baa4986298bfb001893f7617c623", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e15f53adc9ba1781c324101719062c3b4701baa4986298bfb001893f7617c623"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hpc/Dockerfile"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-bookworm-slim` not pinned by digest: `FROM node:20-bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 104478, "scanner": "repobility-supply-chain", "fingerprint": "0220349882986965c27bf6bb3bc362d9cf034ce9bf26cb52000536f2057a55aa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0220349882986965c27bf6bb3bc362d9cf034ce9bf26cb52000536f2057a55aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/hpc/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-eslint` pinned to mutable rev `v9.38.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-eslint` at `rev: v9.38.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 104477, "scanner": "repobility-supply-chain", "fingerprint": "e021e8b687ed26dc4d9c328c64ad2ed1cafd3f10d64c8a8a46b2db182008da11", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e021e8b687ed26dc4d9c328c64ad2ed1cafd3f10d64c8a8a46b2db182008da11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/igorshubovych/markdownlint-cli` pinned to mutable rev `v0.45.0`: `.pre-commit-config.yaml` references `https://github.com/igorshubovych/markdownlint-cli` at `rev: v0.45.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 104476, "scanner": "repobility-supply-chain", "fingerprint": "a2f2b0fbd37095c3de8cf9d418cd7cf8780f515fd571a61dd2ea72519a686107", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a2f2b0fbd37095c3de8cf9d418cd7cf8780f515fd571a61dd2ea72519a686107"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/codespell-project/codespell` pinned to mutable rev `v2.4.1`: `.pre-commit-config.yaml` references `https://github.com/codespell-project/codespell` at `rev: v2.4.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 104475, "scanner": "repobility-supply-chain", "fingerprint": "80c1ffb9ed0eb5e8754e4139a7aa1015b313733401a6422f1463606ac805c051", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|80c1ffb9ed0eb5e8754e4139a7aa1015b313733401a6422f1463606ac805c051"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v6.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 104474, "scanner": "repobility-supply-chain", "fingerprint": "291df88a0d8bce3b40d026d626b1abc592d928d5470bac62d8a23f413efa6840", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|291df88a0d8bce3b40d026d626b1abc592d928d5470bac62d8a23f413efa6840"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.11-slim-bookworm` not pinned by digest: `FROM python:3.11-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 104473, "scanner": "repobility-supply-chain", "fingerprint": "25cf7b100c6fd5cf7ad81185e96068288874bf9d8b7896844e697599aa324e33", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25cf7b100c6fd5cf7ad81185e96068288874bf9d8b7896844e697599aa324e33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-bookworm-slim` not pinned by digest: `FROM node:22-bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 104472, "scanner": "repobility-supply-chain", "fingerprint": "f1c0c93aeca091f5b031e483464237cf8ae89dc0c358851312e6c1580c9f102d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1c0c93aeca091f5b031e483464237cf8ae89dc0c358851312e6c1580c9f102d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@catgo/ferrox-wasm` pulled from URL/Git: `dependencies.@catgo/ferrox-wasm` = `link:extensions/rust-wasm` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 104471, "scanner": "repobility-supply-chain", "fingerprint": "fb63d00f0803cf9fd96cf49ad5e50d71e4b3d71e5a0582b12270c83681d5ef57", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fb63d00f0803cf9fd96cf49ad5e50d71e4b3d71e5a0582b12270c83681d5ef57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{workflow_id}/recheck-jobs has no auth: Handler `api_recheck_jobs` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104470, "scanner": "repobility-route-auth", "fingerprint": "dc4c51713c9cdfcf370d8a74be677f9b0d8a929d1bc806f07b8cfcf5052ad7a4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|dc4c51713c9cdfcf370d8a74be677f9b0d8a929d1bc806f07b8cfcf5052ad7a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 469}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{workflow_id}/reset has no auth: Handler `api_reset_workflow` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104469, "scanner": "repobility-route-auth", "fingerprint": "e8941cb630641c7bbd7d5011532a963faced489c6b366e7353b3e72597572d12", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e8941cb630641c7bbd7d5011532a963faced489c6b366e7353b3e72597572d12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 435}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{workflow_id}/steps/{step_id}/retry has no auth: Handler `api_retry_step` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104468, "scanner": "repobility-route-auth", "fingerprint": "027cafc933187f59a2b27065b36bb924c8d269f8e32615314d56a5ffaf47e591", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|027cafc933187f59a2b27065b36bb924c8d269f8e32615314d56a5ffaf47e591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 418}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PUT /{workflow_id}/steps/{step_id} has no auth: Handler `api_update_step` is registered with router/app.put(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104467, "scanner": "repobility-route-auth", "fingerprint": "eaec9a9cd28b17a8b616864e22a1e39a60426f2ad56d49ed3aa02378a6a66a21", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|eaec9a9cd28b17a8b616864e22a1e39a60426f2ad56d49ed3aa02378a6a66a21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 397}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE /{workflow_id} has no auth: Handler `api_delete_workflow` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104466, "scanner": "repobility-route-auth", "fingerprint": "b4d4cc3710a5d6a57d648ba8623fcb140b4d826671b51939937333f57595a07d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|b4d4cc3710a5d6a57d648ba8623fcb140b4d826671b51939937333f57595a07d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 388}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PUT /{workflow_id} has no auth: Handler `api_update_workflow` is registered with router/app.put(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104465, "scanner": "repobility-route-auth", "fingerprint": "6cc580821cd4af552cfe79271f3184bc545defb22ef47458ea93f6f173e3f396", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6cc580821cd4af552cfe79271f3184bc545defb22ef47458ea93f6f173e3f396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 371}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /engine-defs/custom has no auth: Handler `create_custom_engine` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104464, "scanner": "repobility-route-auth", "fingerprint": "dd8b1fa94f60d9de0c48a03816cc255453cd69f79021f1dd95732cc1b59fbcdb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|dd8b1fa94f60d9de0c48a03816cc255453cd69f79021f1dd95732cc1b59fbcdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 336}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /from-template/{template_id} has no auth: Handler `api_create_from_template` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104463, "scanner": "repobility-route-auth", "fingerprint": "50b56db0b8910d163bb607dff1559e47722ae80ef6a44523b99f04e504211988", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|50b56db0b8910d163bb607dff1559e47722ae80ef6a44523b99f04e504211988"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /quickbuild has no auth: Handler `api_quickbuild` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104462, "scanner": "repobility-route-auth", "fingerprint": "f64fbff80375c9c2f89dabdc2e2a43acc405eb6144bb0025cd6d14090ab514fb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f64fbff80375c9c2f89dabdc2e2a43acc405eb6144bb0025cd6d14090ab514fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST / has no auth: Handler `api_create_workflow` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104461, "scanner": "repobility-route-auth", "fingerprint": "0037dd8c8a9794bf4821acb24b00f7362f37204ad16ddf4dfe4c7ebe8107b1a5", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|0037dd8c8a9794bf4821acb24b00f7362f37204ad16ddf4dfe4c7ebe8107b1a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /pending-update has no auth: Handler `push_pending_workflow_update` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104460, "scanner": "repobility-route-auth", "fingerprint": "019469f6d4a69fd77b63e2caaffa2a2a1d3e0c67e46d0a1776d000a672586f27", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|019469f6d4a69fd77b63e2caaffa2a2a1d3e0c67e46d0a1776d000a672586f27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /import-flow has no auth: Handler `import_flow` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104459, "scanner": "repobility-route-auth", "fingerprint": "901f572b1e4a98332a47a8dc56d792cf43a5a890f521447afc8dc6e055de8bab", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|901f572b1e4a98332a47a8dc56d792cf43a5a890f521447afc8dc6e055de8bab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/quacc.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /upload has no auth: Handler `trajectory_upload` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104458, "scanner": "repobility-route-auth", "fingerprint": "29efc5fa84470b10b3f14e2ebc328512d339864bbcd9fbe2c27472fbfccc7fe1", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|29efc5fa84470b10b3f14e2ebc328512d339864bbcd9fbe2c27472fbfccc7fe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/trajectory_stream.py"}, "region": {"startLine": 580}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /import-flow has no auth: Handler `import_flow` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104457, "scanner": "repobility-route-auth", "fingerprint": "6aab6c68babf0254801ca56f08f5f8a3e892ebee23d050df07a09ce23e533e19", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6aab6c68babf0254801ca56f08f5f8a3e892ebee23d050df07a09ce23e533e19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/atomate2.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /refresh has no auth: Handler `refresh_plugins` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104456, "scanner": "repobility-route-auth", "fingerprint": "f75badac8be2ae01cc3bf63b89273aea42f6c08d46a1c0eb9e4de0df1741212d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f75badac8be2ae01cc3bf63b89273aea42f6c08d46a1c0eb9e4de0df1741212d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/plugins.py"}, "region": {"startLine": 604}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /install/upload has no auth: Handler `install_plugin_upload` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104455, "scanner": "repobility-route-auth", "fingerprint": "c3a1f04cc243a86c24e4928ff2e6a85cd6ee0e432b4fd50e34520b3c95a097e2", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|c3a1f04cc243a86c24e4928ff2e6a85cd6ee0e432b4fd50e34520b3c95a097e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/plugins.py"}, "region": {"startLine": 563}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE /{plugin_name} has no auth: Handler `uninstall_plugin` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104454, "scanner": "repobility-route-auth", "fingerprint": "a77e19c06d2890000a4010f3a5425e6df8840f2a96cf18b34e656d7c709e34e6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|a77e19c06d2890000a4010f3a5425e6df8840f2a96cf18b34e656d7c709e34e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/plugins.py"}, "region": {"startLine": 550}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{plugin_name}/disable has no auth: Handler `disable_plugin` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104453, "scanner": "repobility-route-auth", "fingerprint": "4bbccd3ac1c4c152f65cbe011ae0d3bc87fd996842c94dc61543957d2275473d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4bbccd3ac1c4c152f65cbe011ae0d3bc87fd996842c94dc61543957d2275473d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/plugins.py"}, "region": {"startLine": 525}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{plugin_name}/enable has no auth: Handler `enable_plugin` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104452, "scanner": "repobility-route-auth", "fingerprint": "6f893c600c913d51f72f678c88195ececc27cc2c31d515af59cd3ca9f53129ac", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6f893c600c913d51f72f678c88195ececc27cc2c31d515af59cd3ca9f53129ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/plugins.py"}, "region": {"startLine": 500}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /analyzers/{analyzer_id}/run has no auth: Handler `run_analyzer` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104451, "scanner": "repobility-route-auth", "fingerprint": "64ece2b19a9e264920c32ca77b5b58a4a1b6ebefcfffb299975505b3502d9c23", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|64ece2b19a9e264920c32ca77b5b58a4a1b6ebefcfffb299975505b3502d9c23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/plugins.py"}, "region": {"startLine": 432}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /readers/upload has no auth: Handler `upload_to_reader` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104450, "scanner": "repobility-route-auth", "fingerprint": "43f31621ef36b53539288fcd8cdc0131c7cee3b4b62c5b76de09c6b43b83d728", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|43f31621ef36b53539288fcd8cdc0131c7cee3b4b62c5b76de09c6b43b83d728"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/plugins.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /report/upload-text has no auth: Handler `upload_report_text` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104449, "scanner": "repobility-route-auth", "fingerprint": "00ba7aa9f60c10a1d81580a2ae187b09eab2f305d1c072155c0f255e6bde8461", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|00ba7aa9f60c10a1d81580a2ae187b09eab2f305d1c072155c0f255e6bde8461"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/vasp.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /report/upload has no auth: Handler `upload_report_file` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104448, "scanner": "repobility-route-auth", "fingerprint": "edf0f9b4fe4cb3b559bb8fcd343eed9b70f9fddacc6d3e3e6bbd99fd04d46a7e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|edf0f9b4fe4cb3b559bb8fcd343eed9b70f9fddacc6d3e3e6bbd99fd04d46a7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/vasp.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /generate has no auth: Handler `generate_vasp_inputs_endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104447, "scanner": "repobility-route-auth", "fingerprint": "0a2e14b0af3a7fa1f0e379ae94f2594f3a4257a09db5a5f9c1cde472b0ab245d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|0a2e14b0af3a7fa1f0e379ae94f2594f3a4257a09db5a5f9c1cde472b0ab245d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/vasp.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /parse-structure has no auth: Handler `parse_structure` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 104446, "scanner": "repobility-route-auth", "fingerprint": "4b7a9eca37de9d0f4618e00cbcf625e9fd80c164341570b965fa9ce6557ef80c", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4b7a9eca37de9d0f4618e00cbcf625e9fd80c164341570b965fa9ce6557ef80c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/vasp.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_irc_expansion` of class `TestExpandConvergencePoints` reads `self._base_row`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104422, "scanner": "repobility-ast-engine", "fingerprint": "784c8570e507b43ad8cc437778a260b47f0879a845435d95101904c21efc679a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|784c8570e507b43ad8cc437778a260b47f0879a845435d95101904c21efc679a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_services.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_ts_search_expansion` of class `TestExpandConvergencePoints` reads `self._base_row`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104421, "scanner": "repobility-ast-engine", "fingerprint": "e0f64a4694d8d63d86790df9a4c6f6eb2129bf09565f5a27ab7da3a0d7abd006", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0f64a4694d8d63d86790df9a4c6f6eb2129bf09565f5a27ab7da3a0d7abd006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_services.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_neb_ts_expansion` of class `TestExpandConvergencePoints` reads `self._base_row`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104420, "scanner": "repobility-ast-engine", "fingerprint": "1f0ea141894dc0f477fce9e9b3604e04bacc8472cb05e95b2c4306a1ae96e39b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f0ea141894dc0f477fce9e9b3604e04bacc8472cb05e95b2c4306a1ae96e39b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_services.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_opt_expansion` of class `TestExpandConvergencePoints` reads `self._base_row`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104419, "scanner": "repobility-ast-engine", "fingerprint": "16d92ab0ee55ba3551997cb1a0bb2c112bb2130a52ba56df9215f49c74380b4b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16d92ab0ee55ba3551997cb1a0bb2c112bb2130a52ba56df9215f49c74380b4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_services.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_single_point_returns_empty` of class `TestExpandConvergencePoints` reads `self._base_row`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104418, "scanner": "repobility-ast-engine", "fingerprint": "50e32cdde67350b593cbddacfc5298070e89e39706086447b050f2aa2df5d88d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50e32cdde67350b593cbddacfc5298070e89e39706086447b050f2aa2df5d88d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_services.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_empty_points_returns_empty` of class `TestExpandConvergencePoints` reads `self._base_row`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104417, "scanner": "repobility-ast-engine", "fingerprint": "ad6c1e357ca8282a72cc8164878778cdd878de9806f6b454cff3ba4e0828305b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad6c1e357ca8282a72cc8164878778cdd878de9806f6b454cff3ba4e0828305b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_services.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._base_row` used but never assigned in __init__: Method `test_empty_points_returns_empty` of class `TestExpandConvergencePoints` reads `self._base_row`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104416, "scanner": "repobility-ast-engine", "fingerprint": "d2639deda7433d0450c275418dac0c77c2c2a92a0ccbab13458d6d67a9c21923", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d2639deda7433d0450c275418dac0c77c2c2a92a0ccbab13458d6d67a9c21923"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_services.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_solvation_options_include_cpcm_and_smd` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104414, "scanner": "repobility-ast-engine", "fingerprint": "45271d14580c55095b4ac549855331cefaa6be6190e924e41aee9640ecc85283", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45271d14580c55095b4ac549855331cefaa6be6190e924e41aee9640ecc85283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_solvation_show_if_uvvis` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104413, "scanner": "repobility-ast-engine", "fingerprint": "58c0e11a3c8cfb4cd5e933d74d620caafdd0093fe7a47e36d5d179b50b8cdce1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58c0e11a3c8cfb4cd5e933d74d620caafdd0093fe7a47e36d5d179b50b8cdce1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_nroots_show_if_uvvis` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104412, "scanner": "repobility-ast-engine", "fingerprint": "c844e39de464344d9fb0986f4b716624525965f595270a06b89cf95cb95c1f37", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c844e39de464344d9fb0986f4b716624525965f595270a06b89cf95cb95c1f37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_nimages_show_if_ts_search` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104411, "scanner": "repobility-ast-engine", "fingerprint": "7eb05943f3be6afb23b05f4cf5b6048ae72da224ff2574e33389ff4e40ad83f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7eb05943f3be6afb23b05f4cf5b6048ae72da224ff2574e33389ff4e40ad83f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_cartesian_opt_has_show_if` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104410, "scanner": "repobility-ast-engine", "fingerprint": "e7804dacd26c43766200c7be238b7f31bcd5da0a029542342c6d94091aa5f56a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7804dacd26c43766200c7be238b7f31bcd5da0a029542342c6d94091aa5f56a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_custom_inp_text_has_help` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104409, "scanner": "repobility-ast-engine", "fingerprint": "3e5b62a556c2acc0f74ebb8665ced631f5b5ea210fe6bf82396f342463a22923", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e5b62a556c2acc0f74ebb8665ced631f5b5ea210fe6bf82396f342463a22923"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_max_iterations_param_exists` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104408, "scanner": "repobility-ast-engine", "fingerprint": "7571c5ecf23267730774c5e13428444cfe4cd3eb5bdeb3b61b6cfb293dfe5f78", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7571c5ecf23267730774c5e13428444cfe4cd3eb5bdeb3b61b6cfb293dfe5f78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_num_cores_param_default` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104407, "scanner": "repobility-ast-engine", "fingerprint": "40d7a4352ce556ff6b45002045b6a537c649b1c475d6ff56a50292b5061fda7c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40d7a4352ce556ff6b45002045b6a537c649b1c475d6ff56a50292b5061fda7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_multiplicity_param_has_range` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104406, "scanner": "repobility-ast-engine", "fingerprint": "4d0683c6ac579ef64ff222aa10c53b398d3644397273a7147ba65a36351c6930", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d0683c6ac579ef64ff222aa10c53b398d3644397273a7147ba65a36351c6930"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_charge_param_exists` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104405, "scanner": "repobility-ast-engine", "fingerprint": "74dcb8f659466887deae2cb97e9b0ce722f1bad5f4e9dc45de5f199e47b55f9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74dcb8f659466887deae2cb97e9b0ce722f1bad5f4e9dc45de5f199e47b55f9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_basis_set_default_is_def2svp` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104404, "scanner": "repobility-ast-engine", "fingerprint": "c5d814e68d806e3862db0dc01c5b08c6b590e8b32ad124735c7dbce1cca947e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5d814e68d806e3862db0dc01c5b08c6b590e8b32ad124735c7dbce1cca947e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_basis_set_param_exists` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104403, "scanner": "repobility-ast-engine", "fingerprint": "fdf1c0425db02ba36d27a8277cd8679f6c89384afb731974d79fd35de7350707", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fdf1c0425db02ba36d27a8277cd8679f6c89384afb731974d79fd35de7350707"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_method_options_include_dlpno_ccsdt` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104402, "scanner": "repobility-ast-engine", "fingerprint": "e48e4590747527e26efdd6664db49c066e83722532941e38881cddd074bf8191", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e48e4590747527e26efdd6664db49c066e83722532941e38881cddd074bf8191"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_method_default_is_b3lyp` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104401, "scanner": "repobility-ast-engine", "fingerprint": "e7cd46e2b391b010e90799ed236d027890b1646045d73882661e83d3ff713f1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7cd46e2b391b010e90799ed236d027890b1646045d73882661e83d3ff713f1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._param` used but never assigned in __init__: Method `test_method_param_exists` of class `TestOrcaParams` reads `self._param`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104400, "scanner": "repobility-ast-engine", "fingerprint": "3e5f555a5dd839cba22ba3981b05ca6569419afade5421ccc948629ee5003d8e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e5f555a5dd839cba22ba3981b05ca6569419afade5421ccc948629ee5003d8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_orca_engine_def.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.to_frontend_params` used but never assigned in __init__: Method `to_dict` of class `DeclarativeEngineRuntime` reads `self.to_frontend_params`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104399, "scanner": "repobility-ast-engine", "fingerprint": "45f667901cef7b7feecd4762d430ac8af1159ae038ffa37da3621cfebc598f6d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45f667901cef7b7feecd4762d430ac8af1159ae038ffa37da3621cfebc598f6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engine_runtime.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_total` used but never assigned in __init__: Method `label` of class `ICOHPEntry` reads `self.is_total`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104397, "scanner": "repobility-ast-engine", "fingerprint": "84515641e9065af6c09fa78a95ea0dbad2f09f7d89007077d85c56ef29f1860a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84515641e9065af6c09fa78a95ea0dbad2f09f7d89007077d85c56ef29f1860a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/cohp-analysis/catgo_cohp/io.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_structure_ops: Test function `test_structure_ops` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104395, "scanner": "repobility-ast-engine", "fingerprint": "72c8d53687a09ca751a906faa394fe73fd58cbe1b66e1effe0e5441927846a86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72c8d53687a09ca751a906faa394fe73fd58cbe1b66e1effe0e5441927846a86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ai_tools_e2e.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_build_tools: Test function `test_build_tools` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104394, "scanner": "repobility-ast-engine", "fingerprint": "aff6337220696354996b6ae7ecaa45688cb63d3874ff8cb36e544e23490c9e64", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aff6337220696354996b6ae7ecaa45688cb63d3874ff8cb36e544e23490c9e64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ai_tools_e2e.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_lammps_tools: Test function `test_lammps_tools` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104393, "scanner": "repobility-ast-engine", "fingerprint": "0b96f77f4c92b504ad6af3ef416f7b9cf3a6d8d48d94da815a54cac85b30d371", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b96f77f4c92b504ad6af3ef416f7b9cf3a6d8d48d94da815a54cac85b30d371"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ai_tools_e2e.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_qe_tools: Test function `test_qe_tools` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104392, "scanner": "repobility-ast-engine", "fingerprint": "4b102698d4605aba0dc2b12a02e33b722eb17d9e2330685e98088210e9b9644e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b102698d4605aba0dc2b12a02e33b722eb17d9e2330685e98088210e9b9644e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ai_tools_e2e.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_vasp_tools: Test function `test_vasp_tools` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104391, "scanner": "repobility-ast-engine", "fingerprint": "20fb8b989cc30eff11cf00b1f66ec389418ca19a3e2dd6e1d679bf72bae2fe8f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20fb8b989cc30eff11cf00b1f66ec389418ca19a3e2dd6e1d679bf72bae2fe8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ai_tools_e2e.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_health: Test function `test_health` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104390, "scanner": "repobility-ast-engine", "fingerprint": "b636a0054f62efc4501c47d960727c672d3c8b469ef8762bf9be0b25d4529258", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b636a0054f62efc4501c47d960727c672d3c8b469ef8762bf9be0b25d4529258"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ai_tools_e2e.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_lammps_via_api: Test function `test_lammps_via_api` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104389, "scanner": "repobility-ast-engine", "fingerprint": "64d277ae79fb8dcd433af28ee0cb38d5d821e56b4ef35d28cad7e71ea7be5af3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64d277ae79fb8dcd433af28ee0cb38d5d821e56b4ef35d28cad7e71ea7be5af3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lammps_simple.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_lammps_direct: Test function `test_lammps_direct` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104388, "scanner": "repobility-ast-engine", "fingerprint": "e99ada7f60b7ad2e671097cfa34b5e12a4aba61266482c764cc378d928c60cda", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e99ada7f60b7ad2e671097cfa34b5e12a4aba61266482c764cc378d928c60cda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lammps_simple.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_vasp_to_dict_serializable: Test function `test_vasp_to_dict_serializable` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104387, "scanner": "repobility-ast-engine", "fingerprint": "22b8ca67dbdb63d333ee590ce5be3632cd501e3f901433204cc319ac9b84c6e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22b8ca67dbdb63d333ee590ce5be3632cd501e3f901433204cc319ac9b84c6e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_engine_runtime.py"}, "region": {"startLine": 331}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_spec_missing_engine: Test function `test_invalid_spec_missing_engine` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104386, "scanner": "repobility-ast-engine", "fingerprint": "e3d48fd5fe27894e8f0118135243b598742ef8c88ad40a9943b860c4fd42d357", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e3d48fd5fe27894e8f0118135243b598742ef8c88ad40a9943b860c4fd42d357"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_engine_runtime.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_polymer_build_endpoint: Test function `test_polymer_build_endpoint` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104378, "scanner": "repobility-ast-engine", "fingerprint": "9fde52b66147dab3079c5069baff0cc715bcf307d5b0d99c940c07bec216fadd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9fde52b66147dab3079c5069baff0cc715bcf307d5b0d99c940c07bec216fadd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_kremer_grest_polymer.py"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cp2k_reader_no_pdos_files: Test function `test_cp2k_reader_no_pdos_files` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104377, "scanner": "repobility-ast-engine", "fingerprint": "d8f94b7d0d4ad1286a8baa596b54da31ad3cc1936e453ccef21b5d7b328f8f4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8f94b7d0d4ad1286a8baa596b54da31ad3cc1936e453ccef21b5d7b328f8f4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_reader_plugin.py"}, "region": {"startLine": 449}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_list_jobs: Test function `test_list_jobs` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104373, "scanner": "repobility-ast-engine", "fingerprint": "069caa2b921b24f53f59cf74940a758cf19ca6916582330549854bac0c0911fa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|069caa2b921b24f53f59cf74940a758cf19ca6916582330549854bac0c0911fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lammps_api.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_lammps_results: Test function `test_lammps_results` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104372, "scanner": "repobility-ast-engine", "fingerprint": "255c72b5d786030ae68504965c224d2c5887c3a48f5aff7c9c1daaa0d6a408cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|255c72b5d786030ae68504965c224d2c5887c3a48f5aff7c9c1daaa0d6a408cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lammps_api.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_lammps_status: Test function `test_lammps_status` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104371, "scanner": "repobility-ast-engine", "fingerprint": "bfdbf0ad32c89f7750d8bccc708f5d9f023a26c621570579ae8cee8a9207a319", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bfdbf0ad32c89f7750d8bccc708f5d9f023a26c621570579ae8cee8a9207a319"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lammps_api.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_lammps_run_local: Test function `test_lammps_run_local` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104370, "scanner": "repobility-ast-engine", "fingerprint": "c0d61c298efe84a597b050afa24e05c4f6972c516abca40ede61fedd7d4bac9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0d61c298efe84a597b050afa24e05c4f6972c516abca40ede61fedd7d4bac9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lammps_api.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_lj_units_fene: Test function `test_lj_units_fene` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104368, "scanner": "repobility-ast-engine", "fingerprint": "7c00be6521aa836085fdd29195f0729b621d657d3e3289789f58f88cbf772e67", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c00be6521aa836085fdd29195f0729b621d657d3e3289789f58f88cbf772e67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_polymer_workflow.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_single_stage_workflow: Test function `test_single_stage_workflow` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104367, "scanner": "repobility-ast-engine", "fingerprint": "9f79ff4799c3dfd07c3210bad955a2963ff026cfc4b4dd2ca06a3105c8d5cf7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9f79ff4799c3dfd07c3210bad955a2963ff026cfc4b4dd2ca06a3105c8d5cf7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_polymer_workflow.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_polymer_workflow: Test function `test_polymer_workflow` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104366, "scanner": "repobility-ast-engine", "fingerprint": "61ed24213c5b4d136047d22fc3d0220a27779ab43c5d2d833c4fe1e4903283c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61ed24213c5b4d136047d22fc3d0220a27779ab43c5d2d833c4fe1e4903283c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_polymer_workflow.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_5_request_validation: Test function `test_5_request_validation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104356, "scanner": "repobility-ast-engine", "fingerprint": "ddc9a7f2f71b9515f76870d8bda659742b928323bb00da33d6e6a7b5783a6369", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddc9a7f2f71b9515f76870d8bda659742b928323bb00da33d6e6a7b5783a6369"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_4_api_calculators_list: Test function `test_4_api_calculators_list` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104355, "scanner": "repobility-ast-engine", "fingerprint": "61b654727584aafae8885ac19c99ec6d0e7ce2ea9cfdafb017add0aad3053fad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61b654727584aafae8885ac19c99ec6d0e7ce2ea9cfdafb017add0aad3053fad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_3_lj_optimization: Test function `test_3_lj_optimization` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104354, "scanner": "repobility-ast-engine", "fingerprint": "4f04b119e4e350f0149ed7859bae3d53911a26af50d1c10038deeac2b0581c2f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f04b119e4e350f0149ed7859bae3d53911a26af50d1c10038deeac2b0581c2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_2_get_calculator_fallback: Test function `test_2_get_calculator_fallback` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104353, "scanner": "repobility-ast-engine", "fingerprint": "f02ec8f3b188f285c9c8dc79fcf9e0ee234085b3f6cb6363476a5aee223c89bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f02ec8f3b188f285c9c8dc79fcf9e0ee234085b3f6cb6363476a5aee223c89bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_1_plugin_discovery: Test function `test_1_plugin_discovery` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104352, "scanner": "repobility-ast-engine", "fingerprint": "c018843483de57167b14886e2de898fd4c89ef2898e1ee98c3aae734050cbb22", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c018843483de57167b14886e2de898fd4c89ef2898e1ee98c3aae734050cbb22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_phase0.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.app` used but never assigned in __init__: Method `__call__` of class `_SSEAwareGZipMiddleware` reads `self.app`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 104349, "scanner": "repobility-ast-engine", "fingerprint": "892bb9a97ddc3a47b3950ea00c247b9a2f64f7b6e193ffc6952329ee0ab3c7f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|892bb9a97ddc3a47b3950ea00c247b9a2f64f7b6e193ffc6952329ee0ab3c7f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/main.py"}, "region": {"startLine": 452}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_vasp_generation: Test function `test_vasp_generation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 104345, "scanner": "repobility-ast-engine", "fingerprint": "a19d6a339ad355b8c459b76157bdf069ba66ad75b2356cf819bec6a87353f31a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a19d6a339ad355b8c459b76157bdf069ba66ad75b2356cf819bec6a87353f31a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/test_vasp.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 104339, "scanner": "repobility-journey-contract", "fingerprint": "12c1bd416c970b8de6e5a0fbdab9a0c675982a99d8c0aef61f9a07b9cfd3df5d", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|1492|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/structure/ServerPane.svelte"}, "region": {"startLine": 1492}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 104338, "scanner": "repobility-journey-contract", "fingerprint": "8ccc3568c5ab2ff95d9edd1bf30b1bc272e2906695f9eea2b0d023d00af430e3", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|445|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/mobile/MobileConnect.svelte"}, "region": {"startLine": 445}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 104337, "scanner": "repobility-journey-contract", "fingerprint": "9470184f85bf7fd1ab0ac3007c0484cc6c7b4f3cc34bdb3e4467798017f73096", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|1207|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/chat/ChatPane.svelte"}, "region": {"startLine": 1207}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 104336, "scanner": "repobility-journey-contract", "fingerprint": "043e812faa7dd2a2c416c9b06231cb4f4c51ac503765d698f5020729e045ac3f", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|466|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/ConnectDialog.svelte"}, "region": {"startLine": 466}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 104327, "scanner": "repobility-docker", "fingerprint": "0d4c4a0a0e4fda1ecf45092f11739c40bc90eb07a0b9f8e3025dadef0b70f435", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0d4c4a0a0e4fda1ecf45092f11739c40bc90eb07a0b9f8e3025dadef0b70f435"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 104283, "scanner": "repobility-threat-engine", "fingerprint": "534c675b3f2bf07b2d0829a378ca2b13a2b6bef4f4365f927df37af79a104347", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|534c675b3f2bf07b2d0829a378ca2b13a2b6bef4f4365f927df37af79a104347"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engines/sella.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 104282, "scanner": "repobility-threat-engine", "fingerprint": "141470e50324bfedf08c04330a25c46a946ad5d26e1ee51f9a9d4c42f20e8ce9", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(\"input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|215|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engines/sella.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 104279, "scanner": "repobility-threat-engine", "fingerprint": "c19ec69b8818ea8ae2a77e2b6cc18951cae192f4ffb51f7bd41603871a334140", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c19ec69b8818ea8ae2a77e2b6cc18951cae192f4ffb51f7bd41603871a334140"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/run_cp2k_sp.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 104278, "scanner": "repobility-threat-engine", "fingerprint": "5ade17261f0531ef5679795e8774d98c8e4ccc77ba0c4da1e0fa398fd9ab109d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5ade17261f0531ef5679795e8774d98c8e4ccc77ba0c4da1e0fa398fd9ab109d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/plugin_loader.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 104268, "scanner": "repobility-threat-engine", "fingerprint": "6cc81c9d54eb9eea66afd1be3c0c20094a2aab4e0b7ae8bd1529eb1edea34088", "category": "credential_exposure", "severity": "high", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Log line prints a slice or partial view of a credential-bearing value.", "evidence": {"match": "print(f\"[MP DEBUG] Validating API key: {x_api_key[:8]}...\")", "reason": "Log line prints a slice or partial view of a credential-bearing value.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.72, "correlation_key": "secret|token|2|print f mp debug validating api key: x_api_key :8 ..."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/materials_project.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 104266, "scanner": "repobility-threat-engine", "fingerprint": "3064223bfaa9afc04fa668780407fb2a25ff6b0fd319e81654b157a7833b0685", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/upload-cohpcar\", response_model=COHPUploadResponse)\nasync def upload_cohpcar(file: Up", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3064223bfaa9afc04fa668780407fb2a25ff6b0fd319e81654b157a7833b0685"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/cohp.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 104265, "scanner": "repobility-threat-engine", "fingerprint": "07d51ff08b0a64d83ae129525330c9302ca88240b46c39b34a6e59372fa673f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/convert-to-cube\")\nasync def convert_chgcar_to_cube(file: UploadFile = File(...)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|07d51ff08b0a64d83ae129525330c9302ca88240b46c39b34a6e59372fa673f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/chgcar.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 104264, "scanner": "repobility-threat-engine", "fingerprint": "44d725854825473fbb296cbd98cab136fabb99e495040e0bd57e5686bed5d34d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/import-flow\")\nasync def import_flow(file: UploadFile = File(...)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|44d725854825473fbb296cbd98cab136fabb99e495040e0bd57e5686bed5d34d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/atomate2.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 104258, "scanner": "repobility-threat-engine", "fingerprint": "3670ff049d3614c027192eba2070e0c89c8b89644df6aa0b912ebe5eab037c0f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3670ff049d3614c027192eba2070e0c89c8b89644df6aa0b912ebe5eab037c0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/patch-linuxdeploy-sidecars.mjs"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 104257, "scanner": "repobility-threat-engine", "fingerprint": "c074a4d67daaf48c36497463f6f0f89b4e4f6deed2100d16b211117a49c0ed30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c074a4d67daaf48c36497463f6f0f89b4e4f6deed2100d16b211117a49c0ed30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/setup.mjs"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 104256, "scanner": "repobility-threat-engine", "fingerprint": "20499d814ed39b15151c6217534e59cd1362baa37e19c59b77bfff74761d6945", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|20499d814ed39b15151c6217534e59cd1362baa37e19c59b77bfff74761d6945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/agent-dev.mjs"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 104254, "scanner": "repobility-threat-engine", "fingerprint": "75acc6e60450dfaced9d4e529a0f80c27196f458df3054289d269c9256e34464", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"=\\s+(-?\\d+\\.\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|scripts/parse_gaussian.py|46|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/parse_gaussian.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 104253, "scanner": "repobility-threat-engine", "fingerprint": "2ebef7ff794a841a11920ff0f275bae0948b2c6590e881761382e079ddbd402b", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"atomic kind\\s+(\\w+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|200|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/cp2k-dos-reader/tool.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 104252, "scanner": "repobility-threat-engine", "fingerprint": "29427420cf43be90ad6d0168ac5f7fdd2b44eb05a7966df384e479d6a0408044", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"atomic kind\\s+(\\w+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|196|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/cp2k-dos-reader/plugin.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 104250, "scanner": "repobility-threat-engine", "fingerprint": "d3f6e30a7232d53344af4785acd17edda9db558530aa6baaee8cec3c090b3e1e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d3f6e30a7232d53344af4785acd17edda9db558530aa6baaee8cec3c090b3e1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/mcp_sse.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 104249, "scanner": "repobility-threat-engine", "fingerprint": "f9706b24c44763b8bd7c6ae9f8bd6dcf92b81213954beaf6fa3c7dcf147ac832", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f9706b24c44763b8bd7c6ae9f8bd6dcf92b81213954beaf6fa3c7dcf147ac832"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/cli/server_link.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 104248, "scanner": "repobility-threat-engine", "fingerprint": "9de58745d62f7cdef55cf8721b8d95fe833598f985a9446ddc330db07a004c9c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9de58745d62f7cdef55cf8721b8d95fe833598f985a9446ddc330db07a004c9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/vscode/src/sidecar.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 104246, "scanner": "repobility-threat-engine", "fingerprint": "7a4023276ee4a6ef83f197b9a6ab71821598a1a4f9870fc445a7da0686a3092c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7a4023276ee4a6ef83f197b9a6ab71821598a1a4f9870fc445a7da0686a3092c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/setup.mjs"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 104245, "scanner": "repobility-threat-engine", "fingerprint": "d230b989e6a07562618037083c8b7bde5f8f14efcc75119e38470e9d6e466f0d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(cmd", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d230b989e6a07562618037083c8b7bde5f8f14efcc75119e38470e9d6e466f0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/build-agent-sidecar.mjs"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 104244, "scanner": "repobility-threat-engine", "fingerprint": "a50deffda571549ab33b6a00482412a6611e0fe765f416746049d05c02ab0db4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(formula", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a50deffda571549ab33b6a00482412a6611e0fe765f416746049d05c02ab0db4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/vscode/src/optimade-backend.ts"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 104238, "scanner": "repobility-threat-engine", "fingerprint": "845fa635d451058fd03e92fb8cdbd8e4eb0dd0e41457fd54335eba4a3f92310b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|845fa635d451058fd03e92fb8cdbd8e4eb0dd0e41457fd54335eba4a3f92310b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/cli/_legacy.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 104237, "scanner": "repobility-threat-engine", "fingerprint": "1f883767403643cd35996c5e201506c6ad55ab1a9514eed586f33716c1fdcdd6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1f883767403643cd35996c5e201506c6ad55ab1a9514eed586f33716c1fdcdd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/calculators/base.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 104236, "scanner": "repobility-threat-engine", "fingerprint": "cfdac5a3dd782664b28aaf6ef81ab7489f466577d637aae5a3d1169baf76793e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cfdac5a3dd782664b28aaf6ef81ab7489f466577d637aae5a3d1169baf76793e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/dos-analysis/catgo_dos/orbital.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 104231, "scanner": "repobility-threat-engine", "fingerprint": "2889cf793136848a9dc2a683c53593fd88ad00b72cdbe42b5a294d44da2e2863", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2889cf793136848a9dc2a683c53593fd88ad00b72cdbe42b5a294d44da2e2863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/models/cohp.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 104230, "scanner": "repobility-threat-engine", "fingerprint": "54d90605fb6419f952917f70b545244f89e457bbeea1093fc0a9c7f0fe0daa00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54d90605fb6419f952917f70b545244f89e457bbeea1093fc0a9c7f0fe0daa00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/dos-analysis/catgo_dos/dband.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 104226, "scanner": "repobility-threat-engine", "fingerprint": "7e824650917edbd6595d9142c875825fb48b428797e3ae3e5e11886296ca737e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "session.save(args.out)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7e824650917edbd6595d9142c875825fb48b428797e3ae3e5e11886296ca737e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/cli/__init__.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 104225, "scanner": "repobility-threat-engine", "fingerprint": "44f57be26030ef07d36bcf4668550f61704fe1e10d50a8443320cf18c958ba1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "result.update(idx for idx, _ in cmap[l_by_name[key]])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|44f57be26030ef07d36bcf4668550f61704fe1e10d50a8443320cf18c958ba1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/dos-analysis/catgo_dos/orbital.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 104224, "scanner": "repobility-threat-engine", "fingerprint": "604eb56a278990f5a6da01b82da606a82821948917b0c5d7b26ed97d3ccdb750", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "diagram.save(\"keyboard_adjusted.png\", dpi=300)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|604eb56a278990f5a6da01b82da606a82821948917b0c5d7b26ed97d3ccdb750"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "energy_diagram/examples/keyboard_demo.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 104207, "scanner": "repobility-threat-engine", "fingerprint": "2b4005121e33779921f8f2cafb2e3260a72f36ab3aca5457004472251f22e629", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((m) => `node:${m}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2b4005121e33779921f8f2cafb2e3260a72f36ab3aca5457004472251f22e629"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/vscode/vite.webview.config.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 104206, "scanner": "repobility-threat-engine", "fingerprint": "137109ad0da22014bd65c67b78b26d8ecaccc999a55f166d047f6877713659d6", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((e) => `\"${e}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|137109ad0da22014bd65c67b78b26d8ecaccc999a55f166d047f6877713659d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/vscode/src/optimade-backend.ts"}, "region": {"startLine": 165}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 104205, "scanner": "repobility-threat-engine", "fingerprint": "dd6ad3e17b34ca99450d5b2dd05d5a5edfb6d930a4d2ca62c630adc97b659b8d", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `<div style=\"display:flex;align-items:center;justify-content:center;height:100%;font-fa", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dd6ad3e17b34ca99450d5b2dd05d5a5edfb6d930a4d2ca62c630adc97b659b8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/main.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 104191, "scanner": "repobility-threat-engine", "fingerprint": "ade2f41c656ec70f37020037ea2cf9e2338abda7954ad8786be01ec0969aac68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ade2f41c656ec70f37020037ea2cf9e2338abda7954ad8786be01ec0969aac68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/tools/file_writer.rs"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 104190, "scanner": "repobility-threat-engine", "fingerprint": "152e1fb13850dc5e71b933709019d49e29de1a5f0fcd52194acc799945d7ce5b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|152e1fb13850dc5e71b933709019d49e29de1a5f0fcd52194acc799945d7ce5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/runtime/lifecycle.rs"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 104189, "scanner": "repobility-threat-engine", "fingerprint": "a0ae26b89a7eb82d92fc5edfc7a92ba707bf9789e439105af376111aa31ca3e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a0ae26b89a7eb82d92fc5edfc7a92ba707bf9789e439105af376111aa31ca3e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/catgo-graph/src/repair/traits.rs"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104445, "scanner": "repobility-ast-engine", "fingerprint": "545bc4607e0eed42f0f81fb0b6ad544907af6f5af131783fdd63e72ac80dd6db", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|545bc4607e0eed42f0f81fb0b6ad544907af6f5af131783fdd63e72ac80dd6db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/workflow/service.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104444, "scanner": "repobility-ast-engine", "fingerprint": "92846aa06b7cb7287aecc4427b020d833abda917e1fb00dcf96d5d2946256a19", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|92846aa06b7cb7287aecc4427b020d833abda917e1fb00dcf96d5d2946256a19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/mcp_tools/helpers.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104443, "scanner": "repobility-ast-engine", "fingerprint": "00665040d330558af0d0cb8251421f6f89a462d1519a9f143fff9653db37e136", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00665040d330558af0d0cb8251421f6f89a462d1519a9f143fff9653db37e136"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/mcp_tools/workflow_tools.py"}, "region": {"startLine": 1033}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104442, "scanner": "repobility-ast-engine", "fingerprint": "cc01789c4beaef81fb28f56fa55f9ad70625c5d3c1304377154f9797f0fa8f6f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc01789c4beaef81fb28f56fa55f9ad70625c5d3c1304377154f9797f0fa8f6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/mcp_tools/workflow_tools.py"}, "region": {"startLine": 869}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104441, "scanner": "repobility-ast-engine", "fingerprint": "995471507ba8900730c0268629f3b2253daba66881d93d23b538149c3fb22073", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|995471507ba8900730c0268629f3b2253daba66881d93d23b538149c3fb22073"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/mcp_tools/server_claude_code.py"}, "region": {"startLine": 1070}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104440, "scanner": "repobility-ast-engine", "fingerprint": "476750e5b573720df5c7b20ed936a91ba115533eae97bd6f6de7b808943e9e0d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|476750e5b573720df5c7b20ed936a91ba115533eae97bd6f6de7b808943e9e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/services/workflow_service.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104439, "scanner": "repobility-ast-engine", "fingerprint": "3694506572f624ee1fe3553eed5460559086a3dc8b09ae6b23e20df4e2851e1d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3694506572f624ee1fe3553eed5460559086a3dc8b09ae6b23e20df4e2851e1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/tools/file_sandbox.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104438, "scanner": "repobility-ast-engine", "fingerprint": "7a4d81e929bf6416d5e0f40247d1d78f99af8ac5b596db5b29b20ee7a70a5637", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a4d81e929bf6416d5e0f40247d1d78f99af8ac5b596db5b29b20ee7a70a5637"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/view_state.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104437, "scanner": "repobility-ast-engine", "fingerprint": "e16a282e03d02f6cb2de31a6eae2852b37fbc4d5796b58d28a1094970281d50b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e16a282e03d02f6cb2de31a6eae2852b37fbc4d5796b58d28a1094970281d50b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/structure_ops.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104436, "scanner": "repobility-ast-engine", "fingerprint": "8a7692483e7cd4a627e26db43aa365937718132482287328a869c1f8fa1fafd0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a7692483e7cd4a627e26db43aa365937718132482287328a869c1f8fa1fafd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/forcefield_utils.py"}, "region": {"startLine": 1106}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104435, "scanner": "repobility-ast-engine", "fingerprint": "2a22cc767f022c6accad65d519ef9fbf8eb98bbaab741b1320c7dc84f44bf5aa", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a22cc767f022c6accad65d519ef9fbf8eb98bbaab741b1320c7dc84f44bf5aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/view_capture.py"}, "region": {"startLine": 345}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104434, "scanner": "repobility-ast-engine", "fingerprint": "256a5e00a938fe4f590a6d19cc7617de771dc657c8767e72dccfd1b5a47439ce", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|256a5e00a938fe4f590a6d19cc7617de771dc657c8767e72dccfd1b5a47439ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/view_capture.py"}, "region": {"startLine": 803}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104432, "scanner": "repobility-ast-engine", "fingerprint": "b7e4bf26fcb6919e36f754b6f2d881e612b9f2108d40723b67c33b1ad693ec87", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7e4bf26fcb6919e36f754b6f2d881e612b9f2108d40723b67c33b1ad693ec87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/heterostructure.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104431, "scanner": "repobility-ast-engine", "fingerprint": "884472525631eb879e94ac5cc82846df57e2fc6788bd14a52f175c112bae6895", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|884472525631eb879e94ac5cc82846df57e2fc6788bd14a52f175c112bae6895"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 3090}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104430, "scanner": "repobility-ast-engine", "fingerprint": "4cdefa528ecaad40fa5cc80c0668e1bab6a9d5a1533a01172ed214b72f3382e2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4cdefa528ecaad40fa5cc80c0668e1bab6a9d5a1533a01172ed214b72f3382e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 1246}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104429, "scanner": "repobility-ast-engine", "fingerprint": "7f30a7c78f743bfd5d574cc4ec0d48a48b4bbbd67b9d67648965834a6819de4c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f30a7c78f743bfd5d574cc4ec0d48a48b4bbbd67b9d67648965834a6819de4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/catgo/routers/workflow.py"}, "region": {"startLine": 2400}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104428, "scanner": "repobility-ast-engine", "fingerprint": "e13b18b196006c0aaae5cb6caca6fd9b59195f1546956c7789cb47bd60fdc5d8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e13b18b196006c0aaae5cb6caca6fd9b59195f1546956c7789cb47bd60fdc5d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engines/analysis.py"}, "region": {"startLine": 1231}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104427, "scanner": "repobility-ast-engine", "fingerprint": "2942135b1f3bd7cc12882a3109df1011f09765b42a2c1ee88d86294aba8cfb10", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2942135b1f3bd7cc12882a3109df1011f09765b42a2c1ee88d86294aba8cfb10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engines/cp2k.py"}, "region": {"startLine": 368}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104426, "scanner": "repobility-ast-engine", "fingerprint": "0874028da84337b234ea72f4d997a29bf0db780a6e20ab335479ece942c84ba9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0874028da84337b234ea72f4d997a29bf0db780a6e20ab335479ece942c84ba9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engines/lammps.py"}, "region": {"startLine": 273}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104425, "scanner": "repobility-ast-engine", "fingerprint": "f5ec5db02db4341084136a17ae14dd925c80a2c663bf730c75030dd834a44ab3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5ec5db02db4341084136a17ae14dd925c80a2c663bf730c75030dd834a44ab3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engines/__init__.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104424, "scanner": "repobility-ast-engine", "fingerprint": "16850d66d956590a7684273f44fabb0950c3a14ea5bf0e6fffdd446f12ed87cb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16850d66d956590a7684273f44fabb0950c3a14ea5bf0e6fffdd446f12ed87cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engines/vasp.py"}, "region": {"startLine": 435}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104423, "scanner": "repobility-ast-engine", "fingerprint": "6ab4caae9fdb52e0c32ec6cd2b1816b3fb4119a3a047ef8f77d74f6149682ae6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ab4caae9fdb52e0c32ec6cd2b1816b3fb4119a3a047ef8f77d74f6149682ae6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_mofdb.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104415, "scanner": "repobility-ast-engine", "fingerprint": "23159c70e9498aba57a4825805af8b827f37ce1e56eac78d5199cf1b3edab217", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23159c70e9498aba57a4825805af8b827f37ce1e56eac78d5199cf1b3edab217"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_reticular.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104398, "scanner": "repobility-ast-engine", "fingerprint": "5dcb4a2de9b72386ab1bd47b78c58c11d9ecd74445e155b767f8dc46d7c5ce92", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5dcb4a2de9b72386ab1bd47b78c58c11d9ecd74445e155b767f8dc46d7c5ce92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/engine_runtime.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 104396, "scanner": "repobility-ast-engine", "fingerprint": "65ad1db7426be3b4678d3c476026aa32e8e196c46b1fbd2f98e14e581f673883", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65ad1db7426be3b4678d3c476026aa32e8e196c46b1fbd2f98e14e581f673883"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ai_tools_e2e.py"}, "region": {"startLine": 334}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 104284, "scanner": "repobility-threat-engine", "fingerprint": "0779853fe410c2fdaf9d6851c1f010c566e4366b7675fedf94e89dcbc5fb3fe5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0779853fe410c2fdaf9d6851c1f010c566e4366b7675fedf94e89dcbc5fb3fe5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/workflow/presets/templates.py"}, "region": {"startLine": 194}}}]}]}]}