{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/328"}, "properties": {"repository": "magic-wormhole/magic-wormhole", "repoUrl": "https://github.com/magic-wormhole/magic-wormhole", "branch": "master"}, "results": [{"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10324, "scanner": "repobility-threat-engine", "fingerprint": "66d3ef17108e8cb9ef787539ddba46d2e365856182fd3ac4568bde1fa3a91045", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|66d3ef17108e8cb9ef787539ddba46d2e365856182fd3ac4568bde1fa3a91045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/wormhole/cli/cmd_send.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10323, "scanner": "repobility-threat-engine", "fingerprint": "9afc14212b6e7c01a09802777227feabd70e7ed4e3b1a61f175b456c5fea6a06", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9afc14212b6e7c01a09802777227feabd70e7ed4e3b1a61f175b456c5fea6a06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/wormhole/cli/cmd_receive.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10321, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e403bd12eff60fe481eea16bb4e548810ecd71360d970d3da4f12b9cfbfd2806", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/wormhole/cli/cmd_receive.py", "duplicate_line": 64, "correlation_key": "fp|e403bd12eff60fe481eea16bb4e548810ecd71360d970d3da4f12b9cfbfd2806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/wormhole/cli/cmd_send.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10320, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a47494375dea80ef3f4dd7d0c845a60fef551e4dfb778815484e8e73f4a450b1", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/wormhole/_mailbox.py", "duplicate_line": 21, "correlation_key": "fp|a47494375dea80ef3f4dd7d0c845a60fef551e4dfb778815484e8e73f4a450b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/wormhole/_nameplate.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 10322, "scanner": "repobility-threat-engine", "fingerprint": "a06ce0b26b18e3b6800a9f0eef49b6a2521927c518692dc19141081fdad4a1bf", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|misc/demo-journal.py|167|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/demo-journal.py"}, "region": {"startLine": 167}}}]}]}]}