{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `parse_dynamic_line` (list): `def parse_dynamic_line(... = []/{}/set())` \u2014 Python", "shortDescription": {"text": "[MINED109] Mutable default argument in `parse_dynamic_line` (list): `def parse_dynamic_line(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mu"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def parse_dynamic_line(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Combine update and install in the same RUN instruction and clean package indexes in that layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Pin the image to a supported version tag or digest, for example python:3.13-slim or image@sha256:..."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `run_iwyu_on` has cognitive complexity 17 (SonarSource scale). Cognitive c", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `run_iwyu_on` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion a"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 17."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 550 lines (recommend <300)", "shortDescription": {"text": "Average file size is 550 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED036] Python Os System Call (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `android/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `android/gradle/wrapper/gra", "shortDescription": {"text": "[MINED134] Binary file `android/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `android/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (58,910 bytes) committed to a repo that otherwise has 1780 source files. Trojan binari"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves", "shortDescription": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files co"}, "fullDescription": {"text": "Replace with: `uses: actions/download-artifact@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED117", "name": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workfl", "shortDescription": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter "}, "fullDescription": {"text": "Replace with a scoped block: `permissions:\\n  contents: read\\n  issues: write` (only the scopes you need)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `ubuntu:focal` not pinned by digest: `FROM ubuntu:focal` resolves the tag at build time. The ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `ubuntu:focal` not pinned by digest: `FROM ubuntu:focal` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images shou"}, "fullDescription": {"text": "Replace with: `FROM ubuntu:focal@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.summ_desc` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self", "shortDescription": {"text": "[MINED108] `self.summ_desc` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.summ_desc`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the fi"}, "fullDescription": {"text": "Initialize `self.summ_desc = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = %s', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. T", "shortDescription": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import json` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1256"}, "properties": {"repository": "CleverRaven/Cataclysm-DDA", "repoUrl": "https://github.com/CleverRaven/Cataclysm-DDA", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126883, "scanner": "repobility-ast-engine", "fingerprint": "7812238821b4814f0147b058bef52314d4d6d30451c9d6a66599c94115b14087", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7812238821b4814f0147b058bef52314d4d6d30451c9d6a66599c94115b14087"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/cddatags.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126882, "scanner": "repobility-ast-engine", "fingerprint": "8264af5e418a99a48166258a7c9e653df5c2dd2bc3d88745e7456bb1e83812c1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8264af5e418a99a48166258a7c9e653df5c2dd2bc3d88745e7456bb1e83812c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/update-translate-dialogue-mod.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126881, "scanner": "repobility-ast-engine", "fingerprint": "b31bb041f6f554d2fb00fc5ede984e7d500fdadea44fd2b3528465ff8a6e8299", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b31bb041f6f554d2fb00fc5ede984e7d500fdadea44fd2b3528465ff8a6e8299"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/lister.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 126880, "scanner": "repobility-ast-engine", "fingerprint": "843f6a76c5a18bc665d9595427ca1f992713bb557f4869b595cbcb67c524e7b6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|843f6a76c5a18bc665d9595427ca1f992713bb557f4869b595cbcb67c524e7b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/util.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `parse_dynamic_line` (list): `def parse_dynamic_line(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 126879, "scanner": "repobility-ast-engine", "fingerprint": "ca45f10b9a84da3ba138ba37c523d9cf7b11ef4738541eb12effcaf206e26e08", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca45f10b9a84da3ba138ba37c523d9cf7b11ef4738541eb12effcaf206e26e08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/talk_topic.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `write_to_pot` (list): `def write_to_pot(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 126855, "scanner": "repobility-ast-engine", "fingerprint": "73b4432a899f2092f947a76a725a283627aca8cf6d4f086388b9eb2957848491", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|73b4432a899f2092f947a76a725a283627aca8cf6d4f086388b9eb2957848491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/pot_export.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126827, "scanner": "repobility-docker", "fingerprint": "c883296593d5f290cf2af147e9bf52a0b65e9171c3210230da68921a36e4cbae", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:focal", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c883296593d5f290cf2af147e9bf52a0b65e9171c3210230da68921a36e4cbae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/llama/gcc-focal/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 126826, "scanner": "repobility-docker", "fingerprint": "d6b595a11aa336f18a604a5a7c5e1b1d7834b9d37d2d1664c723b48472a0fa0d", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d6b595a11aa336f18a604a5a7c5e1b1d7834b9d37d2d1664c723b48472a0fa0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/llama/gcc-focal/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 126825, "scanner": "repobility-docker", "fingerprint": "306c58d68f7f8d6d3ac29d30f459aa56262e2bc1606ec581358493d465503e35", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "ghcr.io/nelhage/llama", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|306c58d68f7f8d6d3ac29d30f459aa56262e2bc1606ec581358493d465503e35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/llama/gcc-focal/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126823, "scanner": "repobility-docker", "fingerprint": "ad522b6561c6296ec0cf0de478db0b401cb77a099c36bc1010f3a588546bf54a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ad522b6561c6296ec0cf0de478db0b401cb77a099c36bc1010f3a588546bf54a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/graphical/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 126822, "scanner": "repobility-docker", "fingerprint": "6f8db676db74b83f7b9a11ccb861330ea1a332fac13e7315eebbce6b7952ec0a", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6f8db676db74b83f7b9a11ccb861330ea1a332fac13e7315eebbce6b7952ec0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/graphical/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126821, "scanner": "repobility-docker", "fingerprint": "72c4815f33cfd41d369d205d1482b6b0af066b336858bf54ae2ad19ddfbbb286", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|72c4815f33cfd41d369d205d1482b6b0af066b336858bf54ae2ad19ddfbbb286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/cross-compile/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 126820, "scanner": "repobility-docker", "fingerprint": "9b61e585adc520864c87534c100102e524d678bec725c0ef624c12d49ac971fc", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9b61e585adc520864c87534c100102e524d678bec725c0ef624c12d49ac971fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/cross-compile/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 126819, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126818, "scanner": "repobility-docker", "fingerprint": "2d2208484c91d91d396bb391119712bf46319d44b21645394b977aa95113373d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2d2208484c91d91d396bb391119712bf46319d44b21645394b977aa95113373d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 126817, "scanner": "repobility-docker", "fingerprint": "2b0e9360d22902673559b1a80b39e2423de78e11fdf60d1c50192157169cad8f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2b0e9360d22902673559b1a80b39e2423de78e11fdf60d1c50192157169cad8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 126815, "scanner": "repobility-ai-code-hygiene", "fingerprint": "02a3f3f5ad2b243b6332b5414c06be122ea8e12e96a9fdf7e00bc29366bf815f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|02a3f3f5ad2b243b6332b5414c06be122ea8e12e96a9fdf7e00bc29366bf815f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/gfx_tools/png_update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 126813, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a08a66f3e6f3f896602edbd59c5084b6554b88fcf704ee820d064768efc6e7e7", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "src/overmap_special.cpp", "correlation_key": "fp|a08a66f3e6f3f896602edbd59c5084b6554b88fcf704ee820d064768efc6e7e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/overmap_special_fixed.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 126812, "scanner": "repobility-ai-code-hygiene", "fingerprint": "143df86a47c0d7995009b43c38018ad5076f47f19faffe67e56e6f72c9b41e54", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fix", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "lang/string_extractor/parsers/fault.py", "correlation_key": "fp|143df86a47c0d7995009b43c38018ad5076f47f19faffe67e56e6f72c9b41e54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/fault_fix.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 126809, "scanner": "repobility-threat-engine", "fingerprint": "1df6f87fe4be4da0d82972395cef9b6decd1a09b16a949799383a066e4f4e741", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1df6f87fe4be4da0d82972395cef9b6decd1a09b16a949799383a066e4f4e741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/spell_checker/__init__.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 126797, "scanner": "repobility-threat-engine", "fingerprint": "c8ff854cce75f0d0fbbe83ac53082c7946201bfd258e4f74c005966a86d5004d", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f\"", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|119|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/convert_item_damage.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 126796, "scanner": "repobility-threat-engine", "fingerprint": "d5f1221c1e0dcbb239308694fa9fb00b4f373b3084c63468e87c8f33cc62a807", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f\"", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|298|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/convert_armor.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 126795, "scanner": "repobility-threat-engine", "fingerprint": "18c501131144995527bf174b34f0db1e9a8ef8a7a12841017ecf3bf95ad43909", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f\"", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|32|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/adjust_values.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 126791, "scanner": "repobility-threat-engine", "fingerprint": "74110281f6e7b170407437dc3881e373b5243155d3821deb239951b163331aa3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|74110281f6e7b170407437dc3881e373b5243155d3821deb239951b163331aa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third-party/snmalloc/ds_core/defines.h"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 126784, "scanner": "repobility-threat-engine", "fingerprint": "7069a090901cfc79ff0ab1926ee1ebf42f46fc8f4d20e5c93c11211ec6b05654", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ":eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/math_parser_jmath.cpp|77|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/math_parser_jmath.cpp"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 126783, "scanner": "repobility-threat-engine", "fingerprint": "f96e8bdb0c100f336918d69e5c229ce3797256b16d897fd239707b28ac283b6a", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/math_parser_impl.h|69|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/math_parser_impl.h"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 126782, "scanner": "repobility-threat-engine", "fingerprint": "810d0acaaeedc61f1172f8d2070fb5597286a6a1ff878a87325609ec90b452c0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/math_parser.h|27|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/math_parser.h"}, "region": {"startLine": 27}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `run_iwyu_on` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, elif=2, else=1, for=1, if=4, nested_bonus=7, while=1."}, "properties": {"repobilityId": 126770, "scanner": "repobility-threat-engine", "fingerprint": "174126b664eb92599ca450e1643dab5c775cfb50d1e78bc45df6399cfed92e0e", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run_iwyu_on", "breakdown": {"if": 4, "for": 1, "elif": 2, "else": 1, "break": 1, "while": 1, "nested_bonus": 7}, "complexity": 17, "correlation_key": "fp|174126b664eb92599ca450e1643dab5c775cfb50d1e78bc45df6399cfed92e0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/ci-iwyu-run.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 550 lines (recommend <300)"}, "properties": {"repobilityId": 126765, "scanner": "repobility-core", "fingerprint": "232a2ae4fbbdbe5eaae63c327a4e8ca3b480130def668ba98ced906123dac04b", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|232a2ae4fbbdbe5eaae63c327a4e8ca3b480130def668ba98ced906123dac04b"}}}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 126816, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca1bce416a5d710b8b928cfe79b80441a27b2fda8c3a63e3e476159ae7c0dbbb", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "write_to_json", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "tools/gfx_tools/compose.py", "correlation_key": "fp|ca1bce416a5d710b8b928cfe79b80441a27b2fda8c3a63e3e476159ae7c0dbbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/gfx_tools/png_update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 126814, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bf6057e142353cb52b4ac269af6aabe170c0093cf7d742c70bacedf6183e9a78", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|bf6057e142353cb52b4ac269af6aabe170c0093cf7d742c70bacedf6183e9a78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/gfx_tools/png_update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 126811, "scanner": "repobility-threat-engine", "fingerprint": "f012b93ba52c33af43101b6ed4e024e1e7a682994ccb0db20c1f2f9b588d4a27", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "' -rotate ' + str(initial_rotation) + '", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f012b93ba52c33af43101b6ed4e024e1e7a682994ccb0db20c1f2f9b588d4a27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utilities/make_iso.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_affected_files` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=2, if=3, nested_bonus=2."}, "properties": {"repobilityId": 126772, "scanner": "repobility-threat-engine", "fingerprint": "9231e341f862b6521517566af955082e939069ef53316f55b7066522ec260531", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_affected_files", "breakdown": {"if": 3, "for": 2, "continue": 1, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|9231e341f862b6521517566af955082e939069ef53316f55b7066522ec260531"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/ci-iwyu-run.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `filter_analyzable_files` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, for=2, if=3, nested_bonus=3."}, "properties": {"repobilityId": 126771, "scanner": "repobility-threat-engine", "fingerprint": "eba2ca0fb8157540305e0106fe107f89bad989ec44c9b324b173715c8ac55e93", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "filter_analyzable_files", "breakdown": {"if": 3, "for": 2, "continue": 2, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|eba2ca0fb8157540305e0106fe107f89bad989ec44c9b324b173715c8ac55e93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/ci-iwyu-run.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 126810, "scanner": "repobility-threat-engine", "fingerprint": "37023795357e88995b123c2e2a5e57a1fa58686cb0a2007ac48b4dbf76240f54", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37023795357e88995b123c2e2a5e57a1fa58686cb0a2007ac48b4dbf76240f54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/spell_checker/__init__.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 126807, "scanner": "repobility-threat-engine", "fingerprint": "5dac03e6bf00229ef668986f0f4ce7520b0eb8a19d3f0ec8594297f2dc0eaebf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5dac03e6bf00229ef668986f0f4ce7520b0eb8a19d3f0ec8594297f2dc0eaebf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/name_strings_to_objects.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 126806, "scanner": "repobility-threat-engine", "fingerprint": "8bc060830fd4ae0c5d131519a1955595b02724cbe27cebed5da964a7982cca60", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8bc060830fd4ae0c5d131519a1955595b02724cbe27cebed5da964a7982cca60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utilities/make_iso.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 126805, "scanner": "repobility-threat-engine", "fingerprint": "33a396ea53bf19298d923d568e05ed69596e35e21dfc98376a0a2e200b2345f7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|33a396ea53bf19298d923d568e05ed69596e35e21dfc98376a0a2e200b2345f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/cddatags.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED036", "level": "none", "message": {"text": "[MINED036] Python Os System Call (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 126802, "scanner": "repobility-threat-engine", "fingerprint": "15bd7de645737769eb6be28949f795b3b160cbf3872de2e8951d4461d1fe5796", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|15bd7de645737769eb6be28949f795b3b160cbf3872de2e8951d4461d1fe5796", "aggregated_count": 12}}}, {"ruleId": "SEC005", "level": "none", "message": {"text": "[SEC005] Command Injection Risk (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 126798, "scanner": "repobility-threat-engine", "fingerprint": "5d4d93e1fc9471bf6dfa4cd4ce61de0938bfcc6061ac9b8d4e4faa0b06e9fe02", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5d4d93e1fc9471bf6dfa4cd4ce61de0938bfcc6061ac9b8d4e4faa0b06e9fe02"}}}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 126792, "scanner": "repobility-threat-engine", "fingerprint": "a60664179b19adde2d5e1b9561055a839701e05156bda77f40b9e11012412753", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a60664179b19adde2d5e1b9561055a839701e05156bda77f40b9e11012412753"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third-party/snmalloc/ds_core/defines.h"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 126790, "scanner": "repobility-threat-engine", "fingerprint": "5382daf0b9e73697bb1d9718beebfad2d0792ee977a87bf4c3449cb10a74e1e4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5382daf0b9e73697bb1d9718beebfad2d0792ee977a87bf4c3449cb10a74e1e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mmap_file.cpp"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 126789, "scanner": "repobility-threat-engine", "fingerprint": "8d22d234ff6e522558f501e2b961809b56638e20faacee3f5f64166e5b05aa03", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8d22d234ff6e522558f501e2b961809b56638e20faacee3f5f64166e5b05aa03", "aggregated_count": 2}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 126788, "scanner": "repobility-threat-engine", "fingerprint": "0bf853f59c32dc58ecda2796d00f602cd7d55a51069f9a84f3cb7d7714c49ec6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0bf853f59c32dc58ecda2796d00f602cd7d55a51069f9a84f3cb7d7714c49ec6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pimpl.h"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 126787, "scanner": "repobility-threat-engine", "fingerprint": "7946069b0fce94036061f4bd11c8e776ec59c93231066700ee0ae45879fda20e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7946069b0fce94036061f4bd11c8e776ec59c93231066700ee0ae45879fda20e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mmap_file.cpp"}, "region": {"startLine": 337}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 126786, "scanner": "repobility-threat-engine", "fingerprint": "e8127b2fe7cd420dded5d2113733dffe7584cac608e0f79e6e4ed101109ee0d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8127b2fe7cd420dded5d2113733dffe7584cac608e0f79e6e4ed101109ee0d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mingw.thread.h"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 126785, "scanner": "repobility-threat-engine", "fingerprint": "c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 126781, "scanner": "repobility-threat-engine", "fingerprint": "61b540b61313366d294882c4ff6259fcca709713d7a9ee943acdeda2a7a0725a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|61b540b61313366d294882c4ff6259fcca709713d7a9ee943acdeda2a7a0725a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/dependency_tree.h"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 126780, "scanner": "repobility-threat-engine", "fingerprint": "3b74edc717f3f9cf05be2689a21cb63ebf6df88d27887f2b8e9a751666b3e48c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b74edc717f3f9cf05be2689a21cb63ebf6df88d27887f2b8e9a751666b3e48c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/strip_line_numbers.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 126778, "scanner": "repobility-threat-engine", "fingerprint": "c3704dc23c9d7fb72bb959e6e0c3e7f7316db26f4d474da64a76b00f92326037", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3704dc23c9d7fb72bb959e6e0c3e7f7316db26f4d474da64a76b00f92326037"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/post-diff-as-comments.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 126777, "scanner": "repobility-threat-engine", "fingerprint": "b8b62525e808000a437fa7e672f91bcfbfdacba8940e433b132285ab03a34efa", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print('reading ' + old_tileset_name + '/tile_config.json')", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|utilities/make_iso.py|21|print reading + old_tileset_name + /tile_config.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utilities/make_iso.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 126776, "scanner": "repobility-threat-engine", "fingerprint": "e04e7e5f185b3394e110714dd2914df48b84d935e71fdee2be9a6cf4edb62206", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "print(\"missing token\", file=sys.stderr)", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|5|print missing token file sys.stderr"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/post-diff-as-comments.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 126775, "scanner": "repobility-threat-engine", "fingerprint": "ab4d07757b0c1ff8c47bc1df0cf9d72f3ef4c19dbd227572ccbd8ff3b7782d4d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ab4d07757b0c1ff8c47bc1df0cf9d72f3ef4c19dbd227572ccbd8ff3b7782d4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/cddaUpdateJsonVolume.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 126774, "scanner": "repobility-threat-engine", "fingerprint": "b49cc9dd69d2aea411d6a95bafb710e9d9b8aeb28a793457e442738cbc0ed208", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b49cc9dd69d2aea411d6a95bafb710e9d9b8aeb28a793457e442738cbc0ed208"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/generate-release-notes.js"}, "region": {"startLine": 103}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 91 more): Same pattern found in 91 additional files. Review if needed."}, "properties": {"repobilityId": 126773, "scanner": "repobility-threat-engine", "fingerprint": "fac85f64b5795f6fa2f490dd9f97a42f2ae314ce1c2f82d90c83f2b322a16715", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 91 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "run_iwyu_on", "breakdown": {"if": 4, "for": 1, "elif": 2, "else": 1, "break": 1, "while": 1, "nested_bonus": 7}, "aggregated": true, "complexity": 17, "correlation_key": "fp|fac85f64b5795f6fa2f490dd9f97a42f2ae314ce1c2f82d90c83f2b322a16715", "aggregated_count": 91}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 126769, "scanner": "repobility-threat-engine", "fingerprint": "2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58"}}}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `android/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `android/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (58,910 bytes) committed to a repo that otherwise has 1780 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 126896, "scanner": "repobility-supply-chain", "fingerprint": "ebbfe36075c6ee6956bbc571f42cd1f1518ea1613a137b77bced50e291b5bef3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ebbfe36075c6ee6956bbc571f42cd1f1518ea1613a137b77bced50e291b5bef3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "android/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 126895, "scanner": "repobility-supply-chain", "fingerprint": "72827cb89250ab72b648df4dc5fafab4fded9f431e35e5e47e5c0b7ffa7ff3ca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|72827cb89250ab72b648df4dc5fafab4fded9f431e35e5e47e5c0b7ffa7ff3ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdl3-matrix.yml"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 126894, "scanner": "repobility-supply-chain", "fingerprint": "4572f5551f74efb1f333a4df90b360a035f510de1735c0c5d593db3227cd6813", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4572f5551f74efb1f333a4df90b360a035f510de1735c0c5d593db3227cd6813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdl3-matrix.yml"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 126893, "scanner": "repobility-supply-chain", "fingerprint": "fef1a444b8befb3566d3634adc88f9c5058c5c5c5f44c1af7c97ecb34161ba44", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fef1a444b8befb3566d3634adc88f9c5058c5c5c5f44c1af7c97ecb34161ba44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-android-bundle.yaml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 126892, "scanner": "repobility-supply-chain", "fingerprint": "84198648b9e497e121d1fc0db4e8848e19c0d79fd0c54f6b7422425c147b1e77", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84198648b9e497e121d1fc0db4e8848e19c0d79fd0c54f6b7422425c147b1e77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 126891, "scanner": "repobility-supply-chain", "fingerprint": "4eecc57e539c8b2d0b036eee593f6ccb151db91aa4d8d66b4585b8b00fc1b756", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4eecc57e539c8b2d0b036eee593f6ccb151db91aa4d8d66b4585b8b00fc1b756"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 126890, "scanner": "repobility-supply-chain", "fingerprint": "ff425477be6fe7294e2c701e6535f12f699de8808d3279d8589481e72352706e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff425477be6fe7294e2c701e6535f12f699de8808d3279d8589481e72352706e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:focal` not pinned by digest: `FROM ubuntu:focal` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 126889, "scanner": "repobility-supply-chain", "fingerprint": "1db3b104fe5f8a50ba2c570239f4d25be61b36c1de036267e7a77596e6ae0c64", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1db3b104fe5f8a50ba2c570239f4d25be61b36c1de036267e7a77596e6ae0c64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/llama/gcc-focal/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ghcr.io/nelhage/llama (no tag)` not pinned by digest: `FROM ghcr.io/nelhage/llama (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 126888, "scanner": "repobility-supply-chain", "fingerprint": "13eb2c8296fe6857e002a6cbe63124f4f10997f4b1994865b90dae1adf1f14ae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|13eb2c8296fe6857e002a6cbe63124f4f10997f4b1994865b90dae1adf1f14ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/llama/gcc-focal/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04` not pinned by digest: `FROM mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 126887, "scanner": "repobility-supply-chain", "fingerprint": "1984c97075c399b5dcdc0eb959465cba0a7b5535831e185d9989c8a8ac572ba5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1984c97075c399b5dcdc0eb959465cba0a7b5535831e185d9989c8a8ac572ba5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/cross-compile/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04` not pinned by digest: `FROM mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 126886, "scanner": "repobility-supply-chain", "fingerprint": "95a209fa2b3959c498466f5d7fdbb8f4776a1bfef51e14647767a9b725ff3cec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|95a209fa2b3959c498466f5d7fdbb8f4776a1bfef51e14647767a9b725ff3cec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/graphical/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `debian:testing` not pinned by digest: `FROM debian:testing` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 126885, "scanner": "repobility-supply-chain", "fingerprint": "ca50db9a638e6aa263dd9e2b64cbbf226cb0517c9aab6da5ca19c69473819761", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ca50db9a638e6aa263dd9e2b64cbbf226cb0517c9aab6da5ca19c69473819761"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/Dockerfile.debian-build"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04` not pinned by digest: `FROM mcr.microsoft.com/devcontainers/cpp:0-ubuntu-22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 126884, "scanner": "repobility-supply-chain", "fingerprint": "60ec956ca607272d98e70c323dfff90e79b24e190b1a096aafbdcee043215af7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60ec956ca607272d98e70c323dfff90e79b24e190b1a096aafbdcee043215af7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.summ_desc` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.summ_desc`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126852, "scanner": "repobility-ast-engine", "fingerprint": "19d40e8c8b4f1ef587e332e5d6f96f6eab74b0e08acf6e8195118dba87cab24c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|19d40e8c8b4f1ef587e332e5d6f96f6eab74b0e08acf6e8195118dba87cab24c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.summ_type` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.summ_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126851, "scanner": "repobility-ast-engine", "fingerprint": "65e16cc619380e7b9dbf041fe5aaf7d73c0eb09bb315cdf6c5a80fa417f2f0c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65e16cc619380e7b9dbf041fe5aaf7d73c0eb09bb315cdf6c5a80fa417f2f0c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.merge_dttm` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.merge_dttm`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126850, "scanner": "repobility-ast-engine", "fingerprint": "f8382d81c64e75c1a09d0a78cb5416988c8645e51ca01865b8fa44f25c405e89", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8382d81c64e75c1a09d0a78cb5416988c8645e51ca01865b8fa44f25c405e89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.id` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.id`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126849, "scanner": "repobility-ast-engine", "fingerprint": "c0194b75e0c85819cc6cf606dc4437dadc06b2758c8df65047092eb3f3289390", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0194b75e0c85819cc6cf606dc4437dadc06b2758c8df65047092eb3f3289390"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.author` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.author`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126848, "scanner": "repobility-ast-engine", "fingerprint": "009655834ed79f65af3a35411ab8c26a3550e816a4b94ac64c56d660555534a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|009655834ed79f65af3a35411ab8c26a3550e816a4b94ac64c56d660555534a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.title` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.title`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126847, "scanner": "repobility-ast-engine", "fingerprint": "6c9552f5e2d36db236d8af527684b4f11c82e2e8e4c2f2f4b88675a68885303b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c9552f5e2d36db236d8af527684b4f11c82e2e8e4c2f2f4b88675a68885303b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.summ_type` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.summ_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126846, "scanner": "repobility-ast-engine", "fingerprint": "88f3a1f994733bc34ae3634dd015456326ea99937d107703edbac78dd79b863e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88f3a1f994733bc34ae3634dd015456326ea99937d107703edbac78dd79b863e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.merge_dttm` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.merge_dttm`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126845, "scanner": "repobility-ast-engine", "fingerprint": "70195e688227bb1260e314913d3fd6e8fbf6c52b0d5242003a53fcbf4b968506", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70195e688227bb1260e314913d3fd6e8fbf6c52b0d5242003a53fcbf4b968506"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.id` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.id`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126844, "scanner": "repobility-ast-engine", "fingerprint": "ff0801f822471c80870e5e04d8dbe489a1cf8efcabdde135c9e7ec37c772bec1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff0801f822471c80870e5e04d8dbe489a1cf8efcabdde135c9e7ec37c772bec1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.summ_type` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.summ_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126843, "scanner": "repobility-ast-engine", "fingerprint": "9e29bd766db3b1d79b76fa0a2afff9224d6791a354e1c69b7b3eb30c5701643b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e29bd766db3b1d79b76fa0a2afff9224d6791a354e1c69b7b3eb30c5701643b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.has_valid_summary` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.has_valid_summary`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126842, "scanner": "repobility-ast-engine", "fingerprint": "0b06a8347339636930c01b99fce9e344afa5185bb62611c95621a5a1774de8bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b06a8347339636930c01b99fce9e344afa5185bb62611c95621a5a1774de8bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.has_valid_summary` used but never assigned in __init__: Method `__str__` of class `CDDAPullRequest` reads `self.has_valid_summary`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126841, "scanner": "repobility-ast-engine", "fingerprint": "bdf8da6315d81db61cc684445f3cca83858110b72f1b783c8875c91dabe24ce3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bdf8da6315d81db61cc684445f3cca83858110b72f1b783c8875c91dabe24ce3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.id` used but never assigned in __init__: Method `_get_summary` of class `CDDAPullRequest` reads `self.id`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126840, "scanner": "repobility-ast-engine", "fingerprint": "3ae832b861e05dfa19aa3cf961d116ebbfaaf1ff8e7739747ec162f4f03593f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ae832b861e05dfa19aa3cf961d116ebbfaaf1ff8e7739747ec162f4f03593f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.summ_desc` used but never assigned in __init__: Method `has_valid_summary` of class `CDDAPullRequest` reads `self.summ_desc`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126839, "scanner": "repobility-ast-engine", "fingerprint": "2e28477ac0c8ef3fa5ab35385a8dcd7ac691c4a6b1d9ce98b8d4f41aa3525498", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e28477ac0c8ef3fa5ab35385a8dcd7ac691c4a6b1d9ce98b8d4f41aa3525498"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.summ_type` used but never assigned in __init__: Method `has_valid_summary` of class `CDDAPullRequest` reads `self.summ_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126838, "scanner": "repobility-ast-engine", "fingerprint": "390b59a67fc49ab9667b3ac9fe05d52c82174e587985b0417507d0b9e79e7dac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|390b59a67fc49ab9667b3ac9fe05d52c82174e587985b0417507d0b9e79e7dac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.summ_type` used but never assigned in __init__: Method `has_valid_summary` of class `CDDAPullRequest` reads `self.summ_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126837, "scanner": "repobility-ast-engine", "fingerprint": "77b405624b1aeca035a4a85752d8413e21d1bf609765f07c97e08dc0542aed4a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|77b405624b1aeca035a4a85752d8413e21d1bf609765f07c97e08dc0542aed4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._summ_type` used but never assigned in __init__: Method `summ_type` of class `CDDAPullRequest` reads `self._summ_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126836, "scanner": "repobility-ast-engine", "fingerprint": "db996bfcd421e3b0f74e82f7a4670e0c71364100e9eb499037387a179d9d2f9b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db996bfcd421e3b0f74e82f7a4670e0c71364100e9eb499037387a179d9d2f9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._summ_type` used but never assigned in __init__: Method `summ_type` of class `CDDAPullRequest` reads `self._summ_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126835, "scanner": "repobility-ast-engine", "fingerprint": "5df7cf7281c60434e181e2133c7571bd4447bcdbcb1d8245edd3ad3d0b069af3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5df7cf7281c60434e181e2133c7571bd4447bcdbcb1d8245edd3ad3d0b069af3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/generate_changelog.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._resume_main_thread` used but never assigned in __init__: Method `wait_for_job` of class `ProcessLimiter` reads `self._resume_main_thread`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126834, "scanner": "repobility-ast-engine", "fingerprint": "50e2ddb61208d7c038d84dc8e8a60e2586650f75dc8d3131a862a44b3418d37a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50e2ddb61208d7c038d84dc8e8a60e2586650f75dc8d3131a862a44b3418d37a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/windows_limit_memory.py"}, "region": {"startLine": 650}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.has_io_port` used but never assigned in __init__: Method `wait_for_job` of class `ProcessLimiter` reads `self.has_io_port`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126833, "scanner": "repobility-ast-engine", "fingerprint": "23c80eaf904400731d386147ad733986c45a9b8f1f73b49d41afcdd33e545b90", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23c80eaf904400731d386147ad733986c45a9b8f1f73b49d41afcdd33e545b90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/windows_limit_memory.py"}, "region": {"startLine": 651}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_started_process` used but never assigned in __init__: Method `wait_for_job` of class `ProcessLimiter` reads `self.is_started_process`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126832, "scanner": "repobility-ast-engine", "fingerprint": "1dbac7db83e17b38903c0d674cd0304f52bb2ec156002dd3bfaf96618cd9361e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1dbac7db83e17b38903c0d674cd0304f52bb2ec156002dd3bfaf96618cd9361e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/windows_limit_memory.py"}, "region": {"startLine": 648}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._set_information_job_object` used but never assigned in __init__: Method `limit_process_memory` of class `ProcessLimiter` reads `self._set_information_job_object`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126831, "scanner": "repobility-ast-engine", "fingerprint": "ab28dbfe563dfcfabc0ced32f487bd579ecd0d032fb81affcf7fb5f7b23c8d51", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab28dbfe563dfcfabc0ced32f487bd579ecd0d032fb81affcf7fb5f7b23c8d51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/windows_limit_memory.py"}, "region": {"startLine": 633}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._query_information_job_object` used but never assigned in __init__: Method `limit_process_memory` of class `ProcessLimiter` reads `self._query_information_job_object`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126830, "scanner": "repobility-ast-engine", "fingerprint": "a59f8f3ac053bfa8c6039090727e30aedee5901e17616a76797d226e0bc0db8c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a59f8f3ac053bfa8c6039090727e30aedee5901e17616a76797d226e0bc0db8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/windows_limit_memory.py"}, "region": {"startLine": 624}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._set_information_job_object` used but never assigned in __init__: Method `create_job` of class `ProcessLimiter` reads `self._set_information_job_object`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126829, "scanner": "repobility-ast-engine", "fingerprint": "b907894b53ba2262f9e9267a1bd58213a848646e2c2a387b5f48c528722c06f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b907894b53ba2262f9e9267a1bd58213a848646e2c2a387b5f48c528722c06f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/windows_limit_memory.py"}, "region": {"startLine": 533}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.as_string` used but never assigned in __init__: Method `__str__` of class `QuarterMap` reads `self.as_string`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 126828, "scanner": "repobility-ast-engine", "fingerprint": "ab764184a3031356dbaa2faa97c52a7918a23a87384f1c836803c10f97d138fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab764184a3031356dbaa2faa97c52a7918a23a87384f1c836803c10f97d138fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/tileset_test.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126824, "scanner": "repobility-docker", "fingerprint": "bcb3f7c1fb8cc8871daaa455ae5d64a41ef599ad6d499363fed5116cf67d695a", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|bcb3f7c1fb8cc8871daaa455ae5d64a41ef599ad6d499363fed5116cf67d695a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/Dockerfile.debian-build"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 126808, "scanner": "repobility-threat-engine", "fingerprint": "07cfdda1b391f529958c787f6c3c0f06814adce9dc812e2e0b325ff39111256c", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|75|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/update-translate-dialogue-mod.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 126804, "scanner": "repobility-threat-engine", "fingerprint": "ce4ea5264fff085c5a86a3e78854eb0df7ad8f61b519f393efd8585c984960a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce4ea5264fff085c5a86a3e78854eb0df7ad8f61b519f393efd8585c984960a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utilities/make_iso.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 126803, "scanner": "repobility-threat-engine", "fingerprint": "42ccc35b1622dc6a4856503d5028fe3321d522121e55eb1e6d8e17f7111a617e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|42ccc35b1622dc6a4856503d5028fe3321d522121e55eb1e6d8e17f7111a617e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/cddatags.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 126801, "scanner": "repobility-threat-engine", "fingerprint": "c03124c0a1744a472e6f1e8e806eef37084ba1cf4f2b9dadad28435624194251", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c03124c0a1744a472e6f1e8e806eef37084ba1cf4f2b9dadad28435624194251"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/convert_item_damage.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 126800, "scanner": "repobility-threat-engine", "fingerprint": "c22c929714601461d2cdd07fb555aab578944c667b9c9322b764cdeea0906bb3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c22c929714601461d2cdd07fb555aab578944c667b9c9322b764cdeea0906bb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/convert_armor.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 126799, "scanner": "repobility-threat-engine", "fingerprint": "c55981ce8d3b4e002bfb5c67ccb7a7579f7a67b79747e311e3ec8feaa13bdda3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c55981ce8d3b4e002bfb5c67ccb7a7579f7a67b79747e311e3ec8feaa13bdda3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/json_tools/adjust_values.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 126779, "scanner": "repobility-threat-engine", "fingerprint": "dff8140813792e390d3a07a81f9f6c57330ec4cd89746b93b8582be8ffa346f7", "category": "injection", "severity": "high", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "SQL string interpolation found, but user-controlled taint was not proven from local context.", "evidence": {"match": "om=f\"update", "reason": "SQL string interpolation found, but user-controlled taint was not proven from local context.", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|26|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/mission_definition.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 126768, "scanner": "repobility-threat-engine", "fingerprint": "153aeacf57d1c412950bf69c888a5fa551c5dd9453d432e16d66e1e5767efa9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pofile.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|153aeacf57d1c412950bf69c888a5fa551c5dd9453d432e16d66e1e5767efa9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/pot_export.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 126767, "scanner": "repobility-threat-engine", "fingerprint": "c762aabc08acf1981d368c02bfd279666074ad9b9cb93f295f23aab99b2ee43a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "comment.delete()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c762aabc08acf1981d368c02bfd279666074ad9b9cb93f295f23aab99b2ee43a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build-scripts/post-diff-as-comments.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 126766, "scanner": "repobility-threat-engine", "fingerprint": "4e338d77bc997eb046fa6b91cd5e5d61d8ce75004a89bed5ad0183aa5ed76e84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "file.delete();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4e338d77bc997eb046fa6b91cd5e5d61d8ce75004a89bed5ad0183aa5ed76e84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "android/app/src/main/java/com/cleverraven/cataclysmdda/CDDADocumentsProvider.java"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126878, "scanner": "repobility-ast-engine", "fingerprint": "a35769def3f2d84950407b7db9b18a6ebd21084e1501082c4eac9b31e4370c3d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a35769def3f2d84950407b7db9b18a6ebd21084e1501082c4eac9b31e4370c3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/npc_class.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126877, "scanner": "repobility-ast-engine", "fingerprint": "4869ccfc70b59bbcf8818d15985a749453e18e936d3b17f5163de521f8bb4585", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4869ccfc70b59bbcf8818d15985a749453e18e936d3b17f5163de521f8bb4585"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/item_category.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126876, "scanner": "repobility-ast-engine", "fingerprint": "3f07d1b102259ca0082a82b2e55fbb7cf80b6edcf30d1f1ecbe21a48d2970934", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f07d1b102259ca0082a82b2e55fbb7cf80b6edcf30d1f1ecbe21a48d2970934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/recipe.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126875, "scanner": "repobility-ast-engine", "fingerprint": "e6331193deb71654a92d1d40a6fcc9f526e73c4277a89051548a10572f97b499", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6331193deb71654a92d1d40a6fcc9f526e73c4277a89051548a10572f97b499"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/map_extra.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126874, "scanner": "repobility-ast-engine", "fingerprint": "0776c358843ad06bc280c9d9e7bfbd22e98f6777f4244be768599efe2c3987f8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0776c358843ad06bc280c9d9e7bfbd22e98f6777f4244be768599efe2c3987f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/ammunition_type.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126873, "scanner": "repobility-ast-engine", "fingerprint": "6a7f6f58e9e29a2ec28e7e89d02cad63f569b5758a6500c286a1d8304d3957c4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a7f6f58e9e29a2ec28e7e89d02cad63f569b5758a6500c286a1d8304d3957c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/body_part.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126872, "scanner": "repobility-ast-engine", "fingerprint": "593210773a11be775ac8ab5538f8e68531457482a893c3f80c4fbbfefa72b9b4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|593210773a11be775ac8ab5538f8e68531457482a893c3f80c4fbbfefa72b9b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/palette.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126871, "scanner": "repobility-ast-engine", "fingerprint": "ff926baeed4b4b04c8e996e4e3a7bdd03101abfbe35e0be19695d8c22cc37b1b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff926baeed4b4b04c8e996e4e3a7bdd03101abfbe35e0be19695d8c22cc37b1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/recipe_category.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126870, "scanner": "repobility-ast-engine", "fingerprint": "a8c1f119567bc9cfd87c54b1147a7fdbb8690b11269ca3edf52a96c3f7a37abd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8c1f119567bc9cfd87c54b1147a7fdbb8690b11269ca3edf52a96c3f7a37abd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/sub_body_part.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126869, "scanner": "repobility-ast-engine", "fingerprint": "c419941e9f2450f4608e49a8e7f0ee6da4afe166d705f420dc761a2ce5f99266", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c419941e9f2450f4608e49a8e7f0ee6da4afe166d705f420dc761a2ce5f99266"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/fault_fix.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126868, "scanner": "repobility-ast-engine", "fingerprint": "80e132cbcca48393adaaf7bf6046207c666d5793e9e6cedbf9fe7a066e133ce5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80e132cbcca48393adaaf7bf6046207c666d5793e9e6cedbf9fe7a066e133ce5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/city.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126867, "scanner": "repobility-ast-engine", "fingerprint": "dd555f50dc7784054c41d8adfb7bb6dd8c167e9f6263b6e6da65fc9ba01e9f1e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd555f50dc7784054c41d8adfb7bb6dd8c167e9f6263b6e6da65fc9ba01e9f1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/morale_type.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126866, "scanner": "repobility-ast-engine", "fingerprint": "df4b26cc27d54bcf5a32a48cf0afcc8187f54dc12214a8af14711cac1113ccea", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df4b26cc27d54bcf5a32a48cf0afcc8187f54dc12214a8af14711cac1113ccea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/mutation_category.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126865, "scanner": "repobility-ast-engine", "fingerprint": "6a6ac5399a72783fdceef22e60f1de9bc1837a716372c3731b85bface31bc56c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a6ac5399a72783fdceef22e60f1de9bc1837a716372c3731b85bface31bc56c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/speed_description.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126864, "scanner": "repobility-ast-engine", "fingerprint": "ccef7272d2258b905248dc55fba20e4c89c211c0202fd36c3abb6eb45642f32a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ccef7272d2258b905248dc55fba20e4c89c211c0202fd36c3abb6eb45642f32a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/weakpoint_set.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126863, "scanner": "repobility-ast-engine", "fingerprint": "39292132d50117ed4bdc57412b54de791b6b8f1ebb113c31800cc81db686960e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|39292132d50117ed4bdc57412b54de791b6b8f1ebb113c31800cc81db686960e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/martial_art.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126862, "scanner": "repobility-ast-engine", "fingerprint": "161be120757f1382cd177a724c9170e1963d00848abf69937a13ff1c98fed136", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|161be120757f1382cd177a724c9170e1963d00848abf69937a13ff1c98fed136"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/examine_action.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126861, "scanner": "repobility-ast-engine", "fingerprint": "37158a113858f6afa98e2a5ec3fba0697c01ec9f66b2a2f44df4a10851b07512", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37158a113858f6afa98e2a5ec3fba0697c01ec9f66b2a2f44df4a10851b07512"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/proficiency_category.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126860, "scanner": "repobility-ast-engine", "fingerprint": "43d3093ceb2ab3ae27d436caf3dd9d197f706e413bd23c7060e28736adebfea0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43d3093ceb2ab3ae27d436caf3dd9d197f706e413bd23c7060e28736adebfea0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/keybinding.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126859, "scanner": "repobility-ast-engine", "fingerprint": "a0124423a02cfae6b10381e8819d6da11735471842215eea2224c31355254631", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0124423a02cfae6b10381e8819d6da11735471842215eea2224c31355254631"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/faction.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126858, "scanner": "repobility-ast-engine", "fingerprint": "cf082ee02b0e4eb6ea861671f93594fb45ba1c2c983843a034135e75b5314832", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf082ee02b0e4eb6ea861671f93594fb45ba1c2c983843a034135e75b5314832"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/gate.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126857, "scanner": "repobility-ast-engine", "fingerprint": "5c6a48e8e363f7f09b0f8b6bee1f05dad86ef461aa432b8131eccbc3ec892d6a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c6a48e8e363f7f09b0f8b6bee1f05dad86ef461aa432b8131eccbc3ec892d6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/item_action.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126856, "scanner": "repobility-ast-engine", "fingerprint": "0a72dae8c9ff33b4ef92f2003ea1d6cbddab7023cc9f466e42987c0394a4a26e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a72dae8c9ff33b4ef92f2003ea1d6cbddab7023cc9f466e42987c0394a4a26e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/parsers/npc.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126854, "scanner": "repobility-ast-engine", "fingerprint": "5f2b6f5c9c08c66621491e964746cedd4b59f47dacf38c06212a3d2a37a304da", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f2b6f5c9c08c66621491e964746cedd4b59f47dacf38c06212a3d2a37a304da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/pot_export.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 126853, "scanner": "repobility-ast-engine", "fingerprint": "e67beb0a0a9ad7abe2ad4412dab4cdf20277ce547e0962f064a0d273381c6d9c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e67beb0a0a9ad7abe2ad4412dab4cdf20277ce547e0962f064a0d273381c6d9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lang/string_extractor/write_text.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 126794, "scanner": "repobility-threat-engine", "fingerprint": "8a2ce0c193e13fc405e4a0f3e1b5f72f325f3e1f2dd237921856c6cf9789baec", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a2ce0c193e13fc405e4a0f3e1b5f72f325f3e1f2dd237921856c6cf9789baec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/format/getpost.h"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 126793, "scanner": "repobility-threat-engine", "fingerprint": "7bd17162f19bb450c3960c818792ded9c0cf328e9c9f3e34b0a8e6e30b03ee0a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7bd17162f19bb450c3960c818792ded9c0cf328e9c9f3e34b0a8e6e30b03ee0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/clang-tidy-plugin/Utils.h"}, "region": {"startLine": 224}}}]}]}]}