{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Intervals created in React hooks or components should be cleared on unmount. Missing cleanup can keep stale callbacks alive after recording, polling, or overlay components close."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/269"}, "properties": {"repository": "reduxjs/redux-devtools", "repoUrl": "https://github.com/reduxjs/redux-devtools", "branch": "main"}, "results": [{"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 8359, "scanner": "repobility-threat-engine", "fingerprint": "073628c950335c03f501d2c7d758f1108dce281b543c835a1f19f3108bda8944", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|073628c950335c03f501d2c7d758f1108dce281b543c835a1f19f3108bda8944"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-inspector-monitor/src/utils/getInspectedState.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 8353, "scanner": "repobility-agent-runtime", "fingerprint": "df5c0cd22ccc089550510201f0f4edf082bafd4caa12614e62c74a5e28296dff", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|df5c0cd22ccc089550510201f0f4edf082bafd4caa12614e62c74a5e28296dff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-inspector-monitor-test-tab/demo/src/DemoApp.tsx"}, "region": {"startLine": 85}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 8352, "scanner": "repobility-agent-runtime", "fingerprint": "89edac391a53d682fa0c3504de8f5d2b75eb1e9d3f3972b368ab3c52ef6318e6", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|89edac391a53d682fa0c3504de8f5d2b75eb1e9d3f3972b368ab3c52ef6318e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-inspector-monitor/demo/src/DemoApp.tsx"}, "region": {"startLine": 183}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8351, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1087d2cc8206e3dd10c8cb8340c83359574e050226b1f5345c608456de63bac9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-inspector-monitor/src/tabs/getItemString.tsx", "duplicate_line": 10, "correlation_key": "fp|1087d2cc8206e3dd10c8cb8340c83359574e050226b1f5345c608456de63bac9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-rtk-query-monitor/src/styles/tree.tsx"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8350, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0c29c2ba5672c53146bbf6c95d62c8d679d8d075e35a2605c66595c0fde92e0", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-inspector-monitor/src/tabs/getJsonTreeTheme.ts", "duplicate_line": 5, "correlation_key": "fp|b0c29c2ba5672c53146bbf6c95d62c8d679d8d075e35a2605c66595c0fde92e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-rtk-query-monitor/src/styles/themes.ts"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8349, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23e6a11768d27179e95592860e3853c75b15b987333dbc8749017b60e647e76f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-inspector-monitor/src/utils/themes.ts", "duplicate_line": 10, "correlation_key": "fp|23e6a11768d27179e95592860e3853c75b15b987333dbc8749017b60e647e76f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-rtk-query-monitor/src/styles/themes.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8348, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0e001021f83d61350859f5e5bf2fd7e576631a1f080a60eb05450a2c27ff61ad", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-inspector-monitor/src/utils/selectorButtonStyles.ts", "duplicate_line": 7, "correlation_key": "fp|0e001021f83d61350859f5e5bf2fd7e576631a1f080a60eb05450a2c27ff61ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-rtk-query-monitor/src/components/QueryPreviewHeader.tsx"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8347, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ff0835e7e9e9d9fe5e04b2a360c081a020dd9dd988d850ceb5229fac8e8fe614", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-inspector-monitor-test-tab/jest.config.ts", "duplicate_line": 1, "correlation_key": "fp|ff0835e7e9e9d9fe5e04b2a360c081a020dd9dd988d850ceb5229fac8e8fe614"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-rtk-query-monitor/jest.config.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8346, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4cc4bb0fc95dc0bb301eac5a56ba133d150494771e464a3615e325154e8c8a4b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-app-core/src/components/TopButtons.tsx", "duplicate_line": 24, "correlation_key": "fp|4cc4bb0fc95dc0bb301eac5a56ba133d150494771e464a3615e325154e8c8a4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-log-monitor/src/LogMonitorButtonBar.tsx"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8345, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fd388d9201c85608aadf3c92d4f307540deede180e8c4882d3eb77890b2f310f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-extension/src/developmentOnly.ts", "duplicate_line": 3, "correlation_key": "fp|fd388d9201c85608aadf3c92d4f307540deede180e8c4882d3eb77890b2f310f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-extension/src/logOnlyInProduction.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8344, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ee8ca9c8a76b40507b96120a46c9315c5b8087e5c32bce4b13d2462801eb2b54", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-extension/src/developmentOnly.ts", "duplicate_line": 14, "correlation_key": "fp|ee8ca9c8a76b40507b96120a46c9315c5b8087e5c32bce4b13d2462801eb2b54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-extension/src/index.ts"}, "region": {"startLine": 93}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8343, "scanner": "repobility-ai-code-hygiene", "fingerprint": "654722b2e3812611caab4ad3eebf97680f0dec1f7f3f718ad9ea509cc6391a30", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/redux-devtools-app-core/src/containers/monitors/InspectorWrapper/ChartTab.tsx", "duplicate_line": 60, "correlation_key": "fp|654722b2e3812611caab4ad3eebf97680f0dec1f7f3f718ad9ea509cc6391a30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-chart-monitor/src/ChartMonitor.tsx"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8342, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1dd90eeb0575e7c3d52c07e077a500173537236262bb59459aa27949abc57bff", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extension/src/app/App.tsx", "duplicate_line": 43, "correlation_key": "fp|1dd90eeb0575e7c3d52c07e077a500173537236262bb59459aa27949abc57bff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-app-core/src/containers/App.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8341, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a60c3481178c552d9b5ed13e9c5a2b02f2258c3b3baa7a09bf7eff48eca53622", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extension/src/app/Actions.tsx", "duplicate_line": 57, "correlation_key": "fp|a60c3481178c552d9b5ed13e9c5a2b02f2258c3b3baa7a09bf7eff48eca53622"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-app-core/src/containers/Actions.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8340, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b04e45746707985063482040382ed895f42d8ac840d0ecfce1a2b3cddb28a809", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/react-base16-styling/src/themes/solarized.ts", "duplicate_line": 1, "correlation_key": "fp|b04e45746707985063482040382ed895f42d8ac840d0ecfce1a2b3cddb28a809"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/react-json-tree/src/themes/solarized.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 8354, "scanner": "repobility-threat-engine", "fingerprint": "277aac80cf8f3b8577317150299fe090e8f172745bd5828fe7829aa633b1a066", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|72|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-inspector-monitor-trace-tab/src/react-error-overlay/containers/StackFrameCodeBlock.tsx"}, "region": {"startLine": 72}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 8358, "scanner": "repobility-threat-engine", "fingerprint": "7b9ccdd419b3878e3d2ec8efb74d8ee23f94729fa3ed8ff97305e33614909ea3", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7b9ccdd419b3878e3d2ec8efb74d8ee23f94729fa3ed8ff97305e33614909ea3"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8357, "scanner": "repobility-threat-engine", "fingerprint": "15ee592b5e283f1021f371b47e03422d1438a7ebeeb3d18c7493f3165fd09528", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|7|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-rtk-query-monitor/demo/src/features/pokemon/PokemonView.tsx"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8356, "scanner": "repobility-threat-engine", "fingerprint": "d46bc299831e50111eae2c58af878dff43e87053a029047b638dd7d5323c9556", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|209|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-inspector-monitor/demo/src/reducers.ts"}, "region": {"startLine": 209}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8355, "scanner": "repobility-threat-engine", "fingerprint": "1aced66f36b5fff6384a30fcde26646079dfb08e70c1714622a349eb76c44c14", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|48|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/redux-devtools-remote/src/devTools.ts"}, "region": {"startLine": 48}}}]}]}]}