{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:i"}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /detail/:id."}, "fullDescription": {"text": "An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /detail/:id."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKC017", "name": "Database password is wired through an environment variable placeholder", "shortDescription": {"text": "Database password is wired through an environment variable placeholder"}, "fullDescription": {"text": "Environment placeholders are not committed secrets, but database official images often support *_FILE variables so Compose secrets can provide narrower filesystem-based access."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.58, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id."}, "fullDescription": {"text": "A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "CWE-639", "owasp": "API1:2023 Broken Object Level Authorization"}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/448"}, "properties": {"repository": "leyu-data-collection-platform/leyu-backend", "repoUrl": "https://github.com/leyu-data-collection-platform/leyu-backend.git", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 23313, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23311, "scanner": "repobility-access-control", "fingerprint": "f497cbc3f2524ac8fa3f01954236b047e8e95ded8aeb0437ddd5d3c34d373534", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|89|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Language.controller.ts"}, "region": {"startLine": 89}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23310, "scanner": "repobility-access-control", "fingerprint": "5019d744ba7d11354f663f2636397be2e9e625cb795ea76de1d000c19aec2731", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|131|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Organization.controller.ts"}, "region": {"startLine": 131}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23309, "scanner": "repobility-access-control", "fingerprint": "4f1c7ef41faad335846ee355f61357845ea5f332b0a61d16353715a7cf0a05eb", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|145|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Dialect.controller.ts"}, "region": {"startLine": 145}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /add-alternative-name/:id."}, "properties": {"repobilityId": 23308, "scanner": "repobility-access-control", "fingerprint": "15e6548bffbe0919b3415915c47266845dab3f6adf87f1639c1f0b21033f8e52", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/add-alternative-name/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|108|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Dialect.controller.ts"}, "region": {"startLine": 108}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23307, "scanner": "repobility-access-control", "fingerprint": "61aacafdabe1b224d751fa27e0095cd4e03b391233b72461f8a579291d7d919f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|101|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Dialect.controller.ts"}, "region": {"startLine": 101}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23306, "scanner": "repobility-access-control", "fingerprint": "d5080aad861202df2431078c21583324361bfff05f66ba15c27a2504fe93eaca", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|138|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Country.controller.ts"}, "region": {"startLine": 138}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23305, "scanner": "repobility-access-control", "fingerprint": "37c2827566da2d5564fcdf6158700de82dccf93027ddd16d6310a5708ba03b3f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|102|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Country.controller.ts"}, "region": {"startLine": 102}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23304, "scanner": "repobility-access-control", "fingerprint": "9ea61988c377ea44e0dfc0b43737df82206301e4b9182c478cccbd6925095a96", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|91|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Country.controller.ts"}, "region": {"startLine": 91}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23303, "scanner": "repobility-access-control", "fingerprint": "50e6899eb2b6f0fa4285e5d7e080f6010361a86feb1bc9abbab730ffdb286cba", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|146|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/DataSetAnnotation.controller.ts"}, "region": {"startLine": 146}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /hello."}, "properties": {"repobilityId": 23302, "scanner": "repobility-access-control", "fingerprint": "f8a7e9ea45d58fda5ed5d50e662ab09c61daf484f4b1d55c60335b8c8321dbd1", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/hello", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|src/app.controller.ts|13|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app.controller.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /detail/:id."}, "properties": {"repobilityId": 23301, "scanner": "repobility-access-control", "fingerprint": "23ac700f4c27157fae28ceae846cb04ebfb9b06bb161c813b0e40a3cf4482aa0", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/detail/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|408|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 408}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /qa/microtasks/:task_id."}, "properties": {"repobilityId": 23300, "scanner": "repobility-access-control", "fingerprint": "0f4378626ab1f77d6a34c90688a381ac4000caf7e8d13eb7aa1887e8cba35c83", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/qa/microtasks/:task_id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|397|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 397}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /qa/tasks."}, "properties": {"repobilityId": 23299, "scanner": "repobility-access-control", "fingerprint": "9046cdb6f163c16eddd84222584d109d2b8b451700242a1f3487dc306fcdd0ee", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/qa/tasks", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|389|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 389}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /qa/reject/:dataset_id."}, "properties": {"repobilityId": 23298, "scanner": "repobility-access-control", "fingerprint": "edf410211f5aec38e74385ee57a01f7367654df396d1e125891ff18f131056ce", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/qa/reject/:dataset_id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|342|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 342}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /qa/approve/:dataset_id."}, "properties": {"repobilityId": 23297, "scanner": "repobility-access-control", "fingerprint": "52542433918ae25cb793fbda5ef311cbe3c2493a93d50b2ac4f9d102a4d103bc", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/qa/approve/:dataset_id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|296|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 296}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /pm/reject/:dataset_id."}, "properties": {"repobilityId": 23296, "scanner": "repobility-access-control", "fingerprint": "ae95e15b780db1cd775123c7e18003de4cb1278c8b43343ac0ca99bbcf207c96", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/pm/reject/:dataset_id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|249|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 249}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /pm/approve/:dataset_id."}, "properties": {"repobilityId": 23295, "scanner": "repobility-access-control", "fingerprint": "d0f66ac5d99a861f9ec357290088fc69e34d9c509499c94b5f98911db854eb62", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/pm/approve/:dataset_id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|203|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 203}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /reject/:id."}, "properties": {"repobilityId": 23294, "scanner": "repobility-access-control", "fingerprint": "a9175a5b9ce1643533e0bc62a2a8ec2d37432319b28df4807affb4d84ab5410e", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/reject/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|143|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 143}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /approve/:id."}, "properties": {"repobilityId": 23293, "scanner": "repobility-access-control", "fingerprint": "b16e499192a7d96874f41d5e6157ec9a785e95caaee13493d0dde4177a04fce2", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/approve/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|88|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 88}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /my-tasks/:task_id."}, "properties": {"repobilityId": 23292, "scanner": "repobility-access-control", "fingerprint": "3bce1dde40fb859d9ec10f7da31efb2fdb61c051f912ae5931db63eaba2aa697", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/my-tasks/:task_id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|56|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/controllers/ReviewerTask.controller.ts"}, "region": {"startLine": 56}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 23281, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express", "NestJS"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 23275, "scanner": "repobility-docker", "fingerprint": "7c8556e9810f610f5c7f73bc4c7f62596336b98404171203ea3e5ac900f007a1", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|7c8556e9810f610f5c7f73bc4c7f62596336b98404171203ea3e5ac900f007a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 23272, "scanner": "repobility-docker", "fingerprint": "a198cab1bf137a955baa13be0f357b4ca15c96f548f6a685b95178a5a497542c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:22-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a198cab1bf137a955baa13be0f357b4ca15c96f548f6a685b95178a5a497542c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 23271, "scanner": "repobility-docker", "fingerprint": "0887371c73d2b6563c6630d8915c9434e54cd334b1b339086a789dc4b05da121", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0887371c73d2b6563c6630d8915c9434e54cd334b1b339086a789dc4b05da121", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 23270, "scanner": "repobility-threat-engine", "fingerprint": "393b79f459f6ad300d35b6d432fd889bfe718a1dec30bbb87bbbdd5bba141ec5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (releaseError) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|393b79f459f6ad300d35b6d432fd889bfe718a1dec30bbb87bbbdd5bba141ec5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task_distribution/service/TaskSubmission.service.ts"}, "region": {"startLine": 141}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 23267, "scanner": "repobility-threat-engine", "fingerprint": "d3b7dbf8ba0c55f4bdd849a6ba2b8c8173c53e1a77db5bce5ba107bf7d4be9bd", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "Math.random()", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|590|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/project/service/Task.service.ts"}, "region": {"startLine": 590}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 23266, "scanner": "repobility-threat-engine", "fingerprint": "19298f7803a9535e2e186a9cabdaa9ec3f9917afa5836b83870649cd8d27af5d", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "Math.random()", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|270|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/project/service/Project.service.ts"}, "region": {"startLine": 270}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 23231, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 23312, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express", "NestJS"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 23280, "scanner": "repobility-docker", "fingerprint": "9496e433a48f529e70917db33d28861f178abca3bdea7aa3d6bcc9f656d4072a", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "app", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9496e433a48f529e70917db33d28861f178abca3bdea7aa3d6bcc9f656d4072a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 23279, "scanner": "repobility-docker", "fingerprint": "699f68cbcc070db6bf3f8436097705f6efb10a308da791bc3e8787a4103a9c60", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "app", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|699f68cbcc070db6bf3f8436097705f6efb10a308da791bc3e8787a4103a9c60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "DKC017", "level": "note", "message": {"text": "Database password is wired through an environment variable placeholder"}, "properties": {"repobilityId": 23276, "scanner": "repobility-docker", "fingerprint": "fca4a19916007dae711a94383ec52edcbbab43c0c262289a8825cba39429e5ba", "category": "docker", "severity": "low", "confidence": 0.58, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Database image supports file-based secret variables, but only placeholder environment variables were found.", "evidence": {"rule_id": "DKC017", "scanner": "repobility-docker", "service": "postgres", "variables": ["POSTGRES_PASSWORD"], "references": ["https://docs.docker.com/compose/how-tos/use-secrets/"], "correlation_key": "fp|fca4a19916007dae711a94383ec52edcbbab43c0c262289a8825cba39429e5ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 23273, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23261, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85bc813c5ff8e2aeab228b71567f8a41faaffa17957a8f40275b9c2fad93ec14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/RejectionType.controller.ts", "duplicate_line": 10, "correlation_key": "fp|85bc813c5ff8e2aeab228b71567f8a41faaffa17957a8f40275b9c2fad93ec14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/project/controller/Facilitator.controller.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23260, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b9acb5221c3dca5ac73d94a0ddb67c81c2395cd68807e9da133eb551d61693a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/Organization.controller.ts", "duplicate_line": 7, "correlation_key": "fp|6b9acb5221c3dca5ac73d94a0ddb67c81c2395cd68807e9da133eb551d61693a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/project/controller/Facilitator.controller.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23259, "scanner": "repobility-ai-code-hygiene", "fingerprint": "933f4fb009f6d63433b6028132039c20935671eef53f340ed39c1f48770d47be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/data_set/rto/MicroTask.rto.ts", "duplicate_line": 58, "correlation_key": "fp|933f4fb009f6d63433b6028132039c20935671eef53f340ed39c1f48770d47be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/data_set/sanitize.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23258, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a8354bb8c868a2b49af742b3abb9e192b87c41f46be6f86d02bbd1cea6d20305", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/data_set/rto/DataSet.rto.ts", "duplicate_line": 24, "correlation_key": "fp|a8354bb8c868a2b49af742b3abb9e192b87c41f46be6f86d02bbd1cea6d20305"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/data_set/sanitize.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23257, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ad053e1e1b0fd528de8a6382d28339e0e1ea1f08b1ee038845871b571806b8e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/data_set/rto/DataSet.rto.ts", "duplicate_line": 24, "correlation_key": "fp|8ad053e1e1b0fd528de8a6382d28339e0e1ea1f08b1ee038845871b571806b8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/data_set/rto/MicroTask.rto.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23256, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73d3b8ddc14ba36ad1485073164206179f28fbf5d778fe81c83f70ec2fcddd8c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/Organization.controller.ts", "duplicate_line": 1, "correlation_key": "fp|73d3b8ddc14ba36ad1485073164206179f28fbf5d778fe81c83f70ec2fcddd8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/data_set/controller/FlagReason.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23255, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4e79cc8b069dd4fcdb22e83c1853520f2c808a4d208e6b0c820d9a9cab9e2ff4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/background_task/service/FileUploadProcessor.service.ts", "duplicate_line": 10, "correlation_key": "fp|4e79cc8b069dd4fcdb22e83c1853520f2c808a4d208e6b0c820d9a9cab9e2ff4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cache/FileUploadProcessor.service.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23254, "scanner": "repobility-ai-code-hygiene", "fingerprint": "156055006d2cbef9f78f3b3ac9c32eec4f1b780d10129e5658fdee80842ff928", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 89, "correlation_key": "fp|156055006d2cbef9f78f3b3ac9c32eec4f1b780d10129e5658fdee80842ff928"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/Zone.service.ts"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23253, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82333c51d4bf000947bc7db22a79b8b592d43699cba847b0156cdda8920f2867", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 89, "correlation_key": "fp|82333c51d4bf000947bc7db22a79b8b592d43699cba847b0156cdda8920f2867"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/Sector.service.ts"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23252, "scanner": "repobility-ai-code-hygiene", "fingerprint": "465bd5b8a40819fa6370ed1f3ed05fff7f2d69bca840750afe60f93fe31f9592", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 89, "correlation_key": "fp|465bd5b8a40819fa6370ed1f3ed05fff7f2d69bca840750afe60f93fe31f9592"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/Region.service.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23251, "scanner": "repobility-ai-code-hygiene", "fingerprint": "631ebedd2361270ccf44d9c381d8d8a62f174fe9676b7044f24740705797e8c8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 89, "correlation_key": "fp|631ebedd2361270ccf44d9c381d8d8a62f174fe9676b7044f24740705797e8c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/Organization.service.ts"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23250, "scanner": "repobility-ai-code-hygiene", "fingerprint": "862e5627e2d1eb0e39033b8d8d9f89dd95773204063b6558a73ae77cfb618ea7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 89, "correlation_key": "fp|862e5627e2d1eb0e39033b8d8d9f89dd95773204063b6558a73ae77cfb618ea7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/Language.service.ts"}, "region": {"startLine": 101}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23249, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d22e6acd019159c0785add6187ddca0ff98b9aacd9f2c51f66f8608e8186ab7b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 64, "correlation_key": "fp|d22e6acd019159c0785add6187ddca0ff98b9aacd9f2c51f66f8608e8186ab7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/FlagType.service.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23248, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0dbb310c230612079ce6781d0ba4aa47a2358023ecbaac564671e147baeb53e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 64, "correlation_key": "fp|0dbb310c230612079ce6781d0ba4aa47a2358023ecbaac564671e147baeb53e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/Dialect.service.ts"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23247, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8623424524cf440e6d061afb8e992c5aa3c553054f7e04f56be6a50342304c2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 64, "correlation_key": "fp|8623424524cf440e6d061afb8e992c5aa3c553054f7e04f56be6a50342304c2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/DataSetAnnotation.service.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23246, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2c5311b71cdff9ab7c812204e3f67b366d6c30826c4e8c0d4d7f9c3de8a0073", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/service/AnnotationType.service.ts", "duplicate_line": 89, "correlation_key": "fp|f2c5311b71cdff9ab7c812204e3f67b366d6c30826c4e8c0d4d7f9c3de8a0073"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/service/Country.service.ts"}, "region": {"startLine": 136}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23245, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d201e016f188d72ff926895ce5a388e2f1c12fe8e02413970f07fac77d7e4b0a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/entities/AnnotationType.entity.ts", "duplicate_line": 18, "correlation_key": "fp|d201e016f188d72ff926895ce5a388e2f1c12fe8e02413970f07fac77d7e4b0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/entities/RejectionType.entity.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23244, "scanner": "repobility-ai-code-hygiene", "fingerprint": "739377253117896cc6a65b01a8ae4b99babe601b3cbdf12f820934aa56ef940a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/entities/DataSetAnnotation.entity.ts", "duplicate_line": 18, "correlation_key": "fp|739377253117896cc6a65b01a8ae4b99babe601b3cbdf12f820934aa56ef940a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/entities/RejectionType.entity.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23243, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51e8cda6cdaded467414cd6c8c2714eb9f7962c44c2e777ef662dd959366b094", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/entities/Dialect.entity.ts", "duplicate_line": 22, "correlation_key": "fp|51e8cda6cdaded467414cd6c8c2714eb9f7962c44c2e777ef662dd959366b094"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/entities/Region.entity.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23242, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d83e4390d21acae43cb0fb2649ababb67b5409d6eaffbe148d14cd2935c95cf0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/entities/AnnotationType.entity.ts", "duplicate_line": 18, "correlation_key": "fp|d83e4390d21acae43cb0fb2649ababb67b5409d6eaffbe148d14cd2935c95cf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/entities/FlagType.entity.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23241, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d845722853d3dc42d584fe42949179d3a79327b272e1d149c25c9aa9b6fb5e10", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/entities/DataSetAnnotation.entity.ts", "duplicate_line": 18, "correlation_key": "fp|d845722853d3dc42d584fe42949179d3a79327b272e1d149c25c9aa9b6fb5e10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/entities/FlagType.entity.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23240, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d8bc5264700b76402ae124bd2bc4d8236e626d8977b05fb7530d47193cf0597", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/entities/AnnotationType.entity.ts", "duplicate_line": 18, "correlation_key": "fp|1d8bc5264700b76402ae124bd2bc4d8236e626d8977b05fb7530d47193cf0597"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/entities/DataSetAnnotation.entity.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23239, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9fcf9206480b516fa235a14c0f66b2ec192167fb6e89377b818d8c7c01931da1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/Country.controller.ts", "duplicate_line": 8, "correlation_key": "fp|9fcf9206480b516fa235a14c0f66b2ec192167fb6e89377b818d8c7c01931da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Sector.controller.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23238, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ea0c259d405bf6621542389dacd2b33e22233de56635f297cd253baa7f181e50", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/AnnotationType.controller.ts", "duplicate_line": 1, "correlation_key": "fp|ea0c259d405bf6621542389dacd2b33e22233de56635f297cd253baa7f181e50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Sector.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23237, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5051794fe0b9df622b011f1775e3bd3cfd8938735f6501c932489d71135d7441", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/Organization.controller.ts", "duplicate_line": 1, "correlation_key": "fp|5051794fe0b9df622b011f1775e3bd3cfd8938735f6501c932489d71135d7441"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/RejectionType.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23236, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0b8f2eb3cb5e93b256e97d8f71ef02a4b710e164494cf0169c0ac14733892aa3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/Organization.controller.ts", "duplicate_line": 1, "correlation_key": "fp|0b8f2eb3cb5e93b256e97d8f71ef02a4b710e164494cf0169c0ac14733892aa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Region.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23235, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f15ecf088dccf91ec9993095317574c2512eb88698b6551383e4ef38ab91de4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/AnnotationType.controller.ts", "duplicate_line": 1, "correlation_key": "fp|7f15ecf088dccf91ec9993095317574c2512eb88698b6551383e4ef38ab91de4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Language.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23234, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23e56d98abdacca7f14e1ca46c99a5fbe583891c691d2f77bbc6377e77343ef5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/AnnotationType.controller.ts", "duplicate_line": 1, "correlation_key": "fp|23e56d98abdacca7f14e1ca46c99a5fbe583891c691d2f77bbc6377e77343ef5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/FlagType.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23233, "scanner": "repobility-ai-code-hygiene", "fingerprint": "69fb008eb6d1154d5143a0a1cb455139e96c7e3e0067a9b57c69690f8f068d06", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/AnnotationType.controller.ts", "duplicate_line": 1, "correlation_key": "fp|69fb008eb6d1154d5143a0a1cb455139e96c7e3e0067a9b57c69690f8f068d06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/DataSetAnnotation.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23232, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7b0189532113485f2cdfa2466e1a47e045044e0f65856ed6fe663834e36da38f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/base_data/controller/AnnotationType.controller.ts", "duplicate_line": 1, "correlation_key": "fp|7b0189532113485f2cdfa2466e1a47e045044e0f65856ed6fe663834e36da38f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/Country.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 23269, "scanner": "repobility-threat-engine", "fingerprint": "ed3769a4ea3a3aeb3b1fd74c33a316d9452004c8aff6770390b3265ad0543e09", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ed3769a4ea3a3aeb3b1fd74c33a316d9452004c8aff6770390b3265ad0543e09"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 23268, "scanner": "repobility-threat-engine", "fingerprint": "c40f97faa0c0e9eea52b0b6a976fd2407851a9b17e8f608c81346175aa304129", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|284|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/auth/service/User.service.ts"}, "region": {"startLine": 284}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 23265, "scanner": "repobility-threat-engine", "fingerprint": "d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa"}}}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23291, "scanner": "repobility-access-control", "fingerprint": "38a9c6b3e4eed8d93c1147762e947939bdcd6fc5710c78e7edc14766bb6d0c7c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|130|cwe-639", "identity_targets": ["unknown", "owner", "admin", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/RejectionType.controller.ts"}, "region": {"startLine": 130}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /update-alternative-name/:id."}, "properties": {"repobilityId": 23290, "scanner": "repobility-access-control", "fingerprint": "7c99c7cf5916670f37b6e81850a4458fb054960f6eae01897006511f39be0c6a", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/update-alternative-name/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|121|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/RejectionType.controller.ts"}, "region": {"startLine": 121}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /add-alternative-name/:id."}, "properties": {"repobilityId": 23289, "scanner": "repobility-access-control", "fingerprint": "970d21b7cf51b4721c10ffb2d66145d7539e6c1f3dcb559953a5340d94a13b0a", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/add-alternative-name/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|108|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/RejectionType.controller.ts"}, "region": {"startLine": 108}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23288, "scanner": "repobility-access-control", "fingerprint": "851843691bf923602e32acd8df585b49bf5ff4ec5a72416fda5757a5ffdfb54d", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|95|cwe-639", "identity_targets": ["unknown", "owner", "admin", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/RejectionType.controller.ts"}, "region": {"startLine": 95}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23287, "scanner": "repobility-access-control", "fingerprint": "e4c5918cebe87a2368471963a8baf7b62228a834f8d7ca23193410b4251805e4", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|90|cwe-639", "identity_targets": ["unknown", "owner", "admin", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/RejectionType.controller.ts"}, "region": {"startLine": 90}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23286, "scanner": "repobility-access-control", "fingerprint": "14dcc13a4dba5c8309a292c0763f7dfeb9128b59ec9ec0385fe04ec2ab31ea23", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|146|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/DataSetAnnotation.controller.ts"}, "region": {"startLine": 146}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /update-alternative-name/:id."}, "properties": {"repobilityId": 23285, "scanner": "repobility-access-control", "fingerprint": "cbe1e6f68e7eb58308ef00f08e1f0cfa1feb69907b8d96a13636d2b95ecaa129", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/update-alternative-name/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|137|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/DataSetAnnotation.controller.ts"}, "region": {"startLine": 137}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /add-alternative-name/:id."}, "properties": {"repobilityId": 23284, "scanner": "repobility-access-control", "fingerprint": "fc25ae9b3b4621006fb72d9109c203c3bc2d17dc70ea5deff6e3aa3abac592a9", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/add-alternative-name/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|125|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/DataSetAnnotation.controller.ts"}, "region": {"startLine": 125}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23283, "scanner": "repobility-access-control", "fingerprint": "9a7b77f48fc58d0dfa4b671dec4be05501a2caed128a8e45fe8a37235873afe4", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|113|cwe-639", "identity_targets": ["unknown", "owner", "admin", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/DataSetAnnotation.controller.ts"}, "region": {"startLine": 113}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id."}, "properties": {"repobilityId": 23282, "scanner": "repobility-access-control", "fingerprint": "dce9d8b9dd77e3d12a6aa14df36707bcc33e37a8d318077b992f28ead2d3487f", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "ANY", "scanner": "repobility-access-control", "framework": "NestJS", "correlation_key": "code|auth|token|104|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/base_data/controller/DataSetAnnotation.controller.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 23278, "scanner": "repobility-docker", "fingerprint": "3e9fb600d21d53881b5ff3ce152fb728749112fe26000d428fb5faa5a80d9a88", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5672:5672", "target": "5672", "host_ip": "", "published": "5672"}, {"raw": "15672:15672", "target": "15672", "host_ip": "", "published": "15672"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "rabbitmq", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|3e9fb600d21d53881b5ff3ce152fb728749112fe26000d428fb5faa5a80d9a88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 23277, "scanner": "repobility-docker", "fingerprint": "5a203802db9183cc014c6d75fe6a8b0765a17055c430859608dd3ea306a99b9b", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "6379:6379", "target": "6379", "host_ip": "", "published": "6379"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "redis", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|5a203802db9183cc014c6d75fe6a8b0765a17055c430859608dd3ea306a99b9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 23274, "scanner": "repobility-docker", "fingerprint": "b677a05f2e17b9ce5b746176df50ad29f11e19aae873fc7262009cd1575745f2", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5433:5432", "target": "5432", "host_ip": "", "published": "5433"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|b677a05f2e17b9ce5b746176df50ad29f11e19aae873fc7262009cd1575745f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23264, "scanner": "repobility-threat-engine", "fingerprint": "0bd9c4cc27ff71468f354e8ce521fbf4160ece70e80bb159e84efe29395e8df7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n        u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0bd9c4cc27ff71468f354e8ce521fbf4160ece70e80bb159e84efe29395e8df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/auth/service/auth.service.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23263, "scanner": "repobility-threat-engine", "fingerprint": "2d960c276686cd4e99c1e7887dd599942e3669a3493d501adf74f0835baa900e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n        u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2d960c276686cd4e99c1e7887dd599942e3669a3493d501adf74f0835baa900e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/auth/service/User.service.ts"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23262, "scanner": "repobility-threat-engine", "fingerprint": "78fd07cb4dd530e1883a88095c5ad878da15cc09f39101ebf4868c64285b854d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|78fd07cb4dd530e1883a88095c5ad878da15cc09f39101ebf4868c64285b854d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/auth/controller/user.controller.ts"}, "region": {"startLine": 594}}}]}]}]}