{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `get_chart` has cognitive complexity 20 (SonarSource scale). Cognitive com", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `get_chart` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 20."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 21 more): Same pattern found in 21 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `mariadb:10.6` unpinned: `container/services image: mariadb:10.6` without `", "shortDescription": {"text": "[MINED126] Workflow container/services image `mariadb:10.6` unpinned: `container/services image: mariadb:10.6` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain di"}, "fullDescription": {"text": "Replace with `mariadb:10.6@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-r", "shortDescription": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025"}, "fullDescription": {"text": "Replace with: `uses: actions/setup-node@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_sample_statement_import_log: Test function `test_sample_statement_import_log` run", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_sample_statement_import_log: Test function `test_sample_statement_import_log` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without ver"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.enable_accounting_dimensions` used but never assigned in __init__: Method `validate` of class `Accounts", "shortDescription": {"text": "[MINED108] `self.enable_accounting_dimensions` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.enable_accounting_dimensions`, but no assignment to it exists in __init__ (and no class-level fall"}, "fullDescription": {"text": "Initialize `self.enable_accounting_dimensions = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, ", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/541"}, "properties": {"repository": "frappe/erpnext", "repoUrl": "https://github.com/frappe/erpnext.git", "branch": "develop"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 33352, "scanner": "repobility-ast-engine", "fingerprint": "e97738217b215eb96ee69085c6925046f6268c2f9d00d31de5f952aa5fcaf23b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e97738217b215eb96ee69085c6925046f6268c2f9d00d31de5f952aa5fcaf23b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank_statement_import/bank_statement_import.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 33326, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 33320, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 33319, "scanner": "repobility-threat-engine", "fingerprint": "59e367dceb1c6dc061f2c041b1a0c739f6caab6a77528a0d8a810aa815a4ca2c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n\t\t\tpass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|59e367dceb1c6dc061f2c041b1a0c739f6caab6a77528a0d8a810aa815a4ca2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank_transaction_rule/bank_transaction_rule.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 33310, "scanner": "repobility-threat-engine", "fingerprint": "6354be1b91ab3cd998f7445efccd110736de45f7082bfbdbbd84cc3f4ec894df", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def generate_key", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|93|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/account_closing_balance/account_closing_balance.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `get_chart` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, else=1, for=2, if=4, nested_bonus=11."}, "properties": {"repobilityId": 33308, "scanner": "repobility-threat-engine", "fingerprint": "baf336b2f78c40b14aad625b20443812d956228f5276cfc621a7ad24458df5a3", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 20 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_chart", "breakdown": {"if": 4, "for": 2, "elif": 2, "else": 1, "nested_bonus": 11}, "complexity": 20, "correlation_key": "fp|baf336b2f78c40b14aad625b20443812d956228f5276cfc621a7ad24458df5a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/account/chart_of_accounts/chart_of_accounts.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 33294, "scanner": "repobility-threat-engine", "fingerprint": "db6e6a368ad95e9f2ac0983fd7cf8e6905fc47d918b26f74000f487fae643c87", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href='/banking/statement-importer' target='_blank' style='text-decoration: underline;'>", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|8|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank_statement_import_log/bank_statement_import_log.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 33293, "scanner": "repobility-threat-engine", "fingerprint": "e2d1f0ef62f078d426a692bb41059201102d7a5f94f857e383c47a8003fe83ca", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a\n                                    href={item.file}\n                                    target=\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|237|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/pages/BankStatementImporter.tsx"}, "region": {"startLine": 237}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 33292, "scanner": "repobility-threat-engine", "fingerprint": "be51b722af77c754493dcc51cba7376229cf451f7f7e975919b9aef6a3550404", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href={`/desk/${slug(doctype)}/${value}`} target=\"_blank\" className=\"group-hover:block hidden\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|246|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/common/LinkFieldCombobox.tsx"}, "region": {"startLine": 246}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33325, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0fd9e229dc8fa3eccebcc48a9201299715512dc253c41d429c64ef15e6f9c2a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "banking/src/components/ui/input.tsx", "duplicate_line": 17, "correlation_key": "fp|b0fd9e229dc8fa3eccebcc48a9201299715512dc253c41d429c64ef15e6f9c2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/ui/textarea.tsx"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33324, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70a6e6534407cd41782777749a9003422e46f3458daf5fe0cc0a22dbacfa0d7f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "banking/src/components/ui/input.tsx", "duplicate_line": 7, "correlation_key": "fp|70a6e6534407cd41782777749a9003422e46f3458daf5fe0cc0a22dbacfa0d7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/ui/select.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33323, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbe5edba23d54292ff9bef081bd86e30bae58c5ee29fc51d73bc1bc4a63d79f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "banking/src/components/features/BankReconciliation/BankEntryModal.tsx", "duplicate_line": 261, "correlation_key": "fp|cbe5edba23d54292ff9bef081bd86e30bae58c5ee29fc51d73bc1bc4a63d79f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/features/BankReconciliation/TransferModal.tsx"}, "region": {"startLine": 180}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33322, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6beec49653b9c3941a1b2db7f2b9f8830e2db51c1a119adcd716f012e9e6feb9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "banking/src/components/features/BankReconciliation/BankEntryModal.tsx", "duplicate_line": 425, "correlation_key": "fp|6beec49653b9c3941a1b2db7f2b9f8830e2db51c1a119adcd716f012e9e6feb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/features/BankReconciliation/Rules/RuleForm.tsx"}, "region": {"startLine": 444}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33321, "scanner": "repobility-ai-code-hygiene", "fingerprint": "305c0d41e8fe0aa5d14eb65ac98863a985a49a8d42fe1c9bf34b86ff7d04c11d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "banking/src/components/features/BankReconciliation/BankTransactionList.tsx", "duplicate_line": 310, "correlation_key": "fp|305c0d41e8fe0aa5d14eb65ac98863a985a49a8d42fe1c9bf34b86ff7d04c11d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/features/BankReconciliation/MatchAndReconcile.tsx"}, "region": {"startLine": 137}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `build_result` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=3, if=3, nested_bonus=5, while=1."}, "properties": {"repobilityId": 33307, "scanner": "repobility-threat-engine", "fingerprint": "f186f1f2310b49b97dc96807c9a11b0d3fc55a1cf5633ec28f942ab41f9d543b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "build_result", "breakdown": {"if": 3, "for": 3, "while": 1, "nested_bonus": 5}, "complexity": 12, "correlation_key": "fp|f186f1f2310b49b97dc96807c9a11b0d3fc55a1cf5633ec28f942ab41f9d543b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/dashboard_chart_source/account_balance_timeline/account_balance_timeline.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, if=8, nested_bonus=1, or=1, recursion=2."}, "properties": {"repobilityId": 33306, "scanner": "repobility-threat-engine", "fingerprint": "b7eacaf474a343451ea959b40a67705bca8692c81f49d6fd9d1d14f089f2090e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get", "breakdown": {"if": 8, "or": 1, "else": 1, "recursion": 2, "nested_bonus": 1}, "complexity": 13, "correlation_key": "fp|b7eacaf474a343451ea959b40a67705bca8692c81f49d6fd9d1d14f089f2090e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/dashboard_chart_source/account_balance_timeline/account_balance_timeline.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 33316, "scanner": "repobility-threat-engine", "fingerprint": "898a9696d9e8c998d0cc4fdf1ed3aff68df4db362aeea6e40dc91e080ae8ecdd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|898a9696d9e8c998d0cc4fdf1ed3aff68df4db362aeea6e40dc91e080ae8ecdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank/bank.js"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 33315, "scanner": "repobility-threat-engine", "fingerprint": "3fc48416039aa8c32be6dda4340598ab3f28e72cc6f5e4f76fbc93f9ad4149aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3fc48416039aa8c32be6dda4340598ab3f28e72cc6f5e4f76fbc93f9ad4149aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounting_period/accounting_period.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 33314, "scanner": "repobility-threat-engine", "fingerprint": "4892c4c75ca2a80d57af21598378172e3bfb9e1f7e24cdd7f4c773abcdde2ffa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4892c4c75ca2a80d57af21598378172e3bfb9e1f7e24cdd7f4c773abcdde2ffa", "aggregated_count": 21}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 33313, "scanner": "repobility-threat-engine", "fingerprint": "35248ab05536ecbbe910005fb46492c69588cffdd47ea61b3795088f0d6b8fd5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35248ab05536ecbbe910005fb46492c69588cffdd47ea61b3795088f0d6b8fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounting_period/accounting_period.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 33312, "scanner": "repobility-threat-engine", "fingerprint": "a6156af7480af3dbebca2b3698ed310744bc5ad1235eeceadf289d25479ebccc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a6156af7480af3dbebca2b3698ed310744bc5ad1235eeceadf289d25479ebccc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounting_dimension_detail/accounting_dimension_detail.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 33311, "scanner": "repobility-threat-engine", "fingerprint": "3328d591a26687fd38c01ee0b604192d56b918c74a8177293fe44446b4432664", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3328d591a26687fd38c01ee0b604192d56b918c74a8177293fe44446b4432664"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/account_closing_balance/account_closing_balance.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 33309, "scanner": "repobility-threat-engine", "fingerprint": "49c7adc690aaef0cba0539e188460f8671984ef7c4ebdb1c821d1535a2aa7f56", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get", "breakdown": {"if": 8, "or": 1, "else": 1, "recursion": 2, "nested_bonus": 1}, "aggregated": true, "complexity": 13, "correlation_key": "fp|49c7adc690aaef0cba0539e188460f8671984ef7c4ebdb1c821d1535a2aa7f56", "aggregated_count": 15}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 33305, "scanner": "repobility-threat-engine", "fingerprint": "f3554231f2d32a33a651c3b39559f3d21263dabefeb5c7ba90040f806b6ba0ca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f3554231f2d32a33a651c3b39559f3d21263dabefeb5c7ba90040f806b6ba0ca"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 33301, "scanner": "repobility-threat-engine", "fingerprint": "a4169d0cf2c204ea755a47f7ab4c406b0506e0a36b2093b09d4eca1f462b88c0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a4169d0cf2c204ea755a47f7ab4c406b0506e0a36b2093b09d4eca1f462b88c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/hooks/useDocType.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 33300, "scanner": "repobility-threat-engine", "fingerprint": "8c5beb5151fa2da277301d0f8a37deadfdec862eb4fe258b6c15051e8fa73a08", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c5beb5151fa2da277301d0f8a37deadfdec862eb4fe258b6c15051e8fa73a08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/ui/dropdown-menu.tsx"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 33299, "scanner": "repobility-threat-engine", "fingerprint": "43097bff21b46c6083a538ddf997474fcc2a1d2d30f9eb30bd4b89d8a2f4de7e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|43097bff21b46c6083a538ddf997474fcc2a1d2d30f9eb30bd4b89d8a2f4de7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/ui/loaders.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 33298, "scanner": "repobility-threat-engine", "fingerprint": "e3e070f0858fc64409524ad0d080fac921667339c8f8d948205f7d242562f38f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e3e070f0858fc64409524ad0d080fac921667339c8f8d948205f7d242562f38f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/ui/error-banner.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 33297, "scanner": "repobility-threat-engine", "fingerprint": "f8adaba52afaea1da02e0d352a53afe6aefb081f62c9e898218d83fa1daf72a0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f8adaba52afaea1da02e0d352a53afe6aefb081f62c9e898218d83fa1daf72a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/features/BankStatementImporter/CSV/CSVRawDataPreview.tsx"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 33296, "scanner": "repobility-threat-engine", "fingerprint": "0a4336e67cdc0fabc958ec1fde921d93374c253918db054124d3291ef268f0c4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a4336e67cdc0fabc958ec1fde921d93374c253918db054124d3291ef268f0c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/src/components/features/BankReconciliation/IncorrectlyClearedEntries.tsx"}, "region": {"startLine": 184}}}]}, {"ruleId": "SEC041", "level": "none", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\" (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 33295, "scanner": "repobility-threat-engine", "fingerprint": "445e143bfb9fa42d815d6c9ae398165a70589a79a844fb4f61e3e95a91105bbd", "category": "security", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|445e143bfb9fa42d815d6c9ae398165a70589a79a844fb4f61e3e95a91105bbd"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 33291, "scanner": "repobility-threat-engine", "fingerprint": "0381b7975e9df7ce6c8e8ab6b62835a9ef68dea9a22d8e9f6229528a862aae15", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0381b7975e9df7ce6c8e8ab6b62835a9ef68dea9a22d8e9f6229528a862aae15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "banking/proxyOptions.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 33290, "scanner": "repobility-threat-engine", "fingerprint": "f956228aab5742c4a4d183de9b00298198287653d48c082a1540ba76b97b6939", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f956228aab5742c4a4d183de9b00298198287653d48c082a1540ba76b97b6939"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/helper/documentation.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `mariadb:10.6` unpinned: `container/services image: mariadb:10.6` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 33386, "scanner": "repobility-supply-chain", "fingerprint": "5782cfa5c0ffb882d9b026f6f4e21debe34ba04d51e5c0373ed09602ac28b986", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5782cfa5c0ffb882d9b026f6f4e21debe34ba04d51e5c0373ed09602ac28b986"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/server-tests-mariadb.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `postgres:13.3` unpinned: `container/services image: postgres:13.3` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 33384, "scanner": "repobility-supply-chain", "fingerprint": "3a61a11e7d0cbe35d33600374f839bc683666a0b1eaf2d679ef5fbd601082450", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a61a11e7d0cbe35d33600374f839bc683666a0b1eaf2d679ef5fbd601082450"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/server-tests-postgres.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33383, "scanner": "repobility-supply-chain", "fingerprint": "af81d9ae1d1d54225cef10106d1e7d1994bd323b0bdd3298e4cd94596253d098", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af81d9ae1d1d54225cef10106d1e7d1994bd323b0bdd3298e4cd94596253d098"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/server-tests-postgres.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33382, "scanner": "repobility-supply-chain", "fingerprint": "991312020b319abd23eb3dfba996fd7a56c9de11f0a9b1e5bf1f47b4f5d97f1d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|991312020b319abd23eb3dfba996fd7a56c9de11f0a9b1e5bf1f47b4f5d97f1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/server-tests-postgres.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33381, "scanner": "repobility-supply-chain", "fingerprint": "60c34e57a4dc6f3908ac8cabc3fa4d896b5bf15a51ba0f1d2ce94da3f506ea6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60c34e57a4dc6f3908ac8cabc3fa4d896b5bf15a51ba0f1d2ce94da3f506ea6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/server-tests-postgres.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `alpine:latest` unpinned: `container/services image: alpine:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 33380, "scanner": "repobility-supply-chain", "fingerprint": "f159559b826c40c3c39b329fb398270346f9b0068d4c16703acb2296550e8247", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f159559b826c40c3c39b329fb398270346f9b0068d4c16703acb2296550e8247"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker-release.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33379, "scanner": "repobility-supply-chain", "fingerprint": "35bf1a552f0907a57885ca0f328ade26237cc1cf3deca67e4f15a387d9f128fd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35bf1a552f0907a57885ca0f328ade26237cc1cf3deca67e4f15a387d9f128fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/generate-pot-file.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33378, "scanner": "repobility-supply-chain", "fingerprint": "f33b8514a01633cfb52a7306e9356afcc9c8b6e7841813a8f6cb3819b126992e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f33b8514a01633cfb52a7306e9356afcc9c8b6e7841813a8f6cb3819b126992e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/generate-pot-file.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33377, "scanner": "repobility-supply-chain", "fingerprint": "60622b605f64df7e422c9ddda66ad7f3b7bf6e3ae7332b1dbd25897e5d042052", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60622b605f64df7e422c9ddda66ad7f3b7bf6e3ae7332b1dbd25897e5d042052"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/generate-pot-file.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33376, "scanner": "repobility-supply-chain", "fingerprint": "c9666a6100501bb9f0b09ee8a91318a699412910aacceafdad7c26eacc483bd6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c9666a6100501bb9f0b09ee8a91318a699412910aacceafdad7c26eacc483bd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/semantic-commits.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33375, "scanner": "repobility-supply-chain", "fingerprint": "fb1b4920913104c00e9af6e71204e02e2eb1374e31832d3e9abc2480db955581", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fb1b4920913104c00e9af6e71204e02e2eb1374e31832d3e9abc2480db955581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/semantic-commits.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33374, "scanner": "repobility-supply-chain", "fingerprint": "d44baf680e7bbcdeffb9c00d119d30fa74b6fd42b59b90eb5cd3c7c5757e6ed7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d44baf680e7bbcdeffb9c00d119d30fa74b6fd42b59b90eb5cd3c7c5757e6ed7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-checker.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33373, "scanner": "repobility-supply-chain", "fingerprint": "574e80f018174c218e657bc855dc6794f91de28bbbbde911bd53a2773d223503", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|574e80f018174c218e657bc855dc6794f91de28bbbbde911bd53a2773d223503"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-checker.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/labeler` pinned to mutable ref `@v3`: `uses: actions/labeler@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33372, "scanner": "repobility-supply-chain", "fingerprint": "2abad59ac12b7dd48e589f5461d770f41eb014a6fe629972167b09bd86755a85", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2abad59ac12b7dd48e589f5461d770f41eb014a6fe629972167b09bd86755a85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/labeller.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `mariadb:11.8` unpinned: `container/services image: mariadb:11.8` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 33371, "scanner": "repobility-supply-chain", "fingerprint": "01ea59b8947480a601f23150b340f2ff698dc5cc2b4afb296b68c2cebd15454e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|01ea59b8947480a601f23150b340f2ff698dc5cc2b4afb296b68c2cebd15454e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/patch.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33370, "scanner": "repobility-supply-chain", "fingerprint": "eb74832e67f4230c3a6054d64e52e22a90017ebe9a4100ec0c1a343d29490caf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eb74832e67f4230c3a6054d64e52e22a90017ebe9a4100ec0c1a343d29490caf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/patch.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33369, "scanner": "repobility-supply-chain", "fingerprint": "998d6c960fa0bbce0c663c27dc02dc11e66985a08e530bc65ff46bca010c04e4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|998d6c960fa0bbce0c663c27dc02dc11e66985a08e530bc65ff46bca010c04e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/patch.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33368, "scanner": "repobility-supply-chain", "fingerprint": "d96827de1952375901e8f1376ad792012f65553e1a3ec61e093f92c2c46e4872", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d96827de1952375901e8f1376ad792012f65553e1a3ec61e093f92c2c46e4872"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/patch.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33367, "scanner": "repobility-supply-chain", "fingerprint": "f19415fd715b7f90ae06c3a3a8d9c772085e505eea5e31cb4d4a0d32fa36d3c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f19415fd715b7f90ae06c3a3a8d9c772085e505eea5e31cb4d4a0d32fa36d3c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/patch.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33366, "scanner": "repobility-supply-chain", "fingerprint": "82ebc6fefece7c3ab5f13a9488606334982b0e074fa19a5c176f514f2098e524", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|82ebc6fefece7c3ab5f13a9488606334982b0e074fa19a5c176f514f2098e524"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/patch.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33365, "scanner": "repobility-supply-chain", "fingerprint": "a967b77671269b46bfe466528f94ab37b00a472b1005091be161f129cb06b774", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a967b77671269b46bfe466528f94ab37b00a472b1005091be161f129cb06b774"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/patch.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `mariadb:10.6` unpinned: `container/services image: mariadb:10.6` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 33364, "scanner": "repobility-supply-chain", "fingerprint": "f1fbd76cd79016dbf260d290676a41125932879dd6f090a1fc9787a5f8c4d447", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1fbd76cd79016dbf260d290676a41125932879dd6f090a1fc9787a5f8c4d447"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-individual-tests.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33363, "scanner": "repobility-supply-chain", "fingerprint": "8bc469ba502e06b40f68c933a6d5b42fd39f2962ba8bf84820e91b64059174a4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8bc469ba502e06b40f68c933a6d5b42fd39f2962ba8bf84820e91b64059174a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-individual-tests.yml"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33362, "scanner": "repobility-supply-chain", "fingerprint": "22bfb0c2d25e375cfa4a6ae667989091128e37077c7ca156d222aacb1b87a1e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|22bfb0c2d25e375cfa4a6ae667989091128e37077c7ca156d222aacb1b87a1e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-individual-tests.yml"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33361, "scanner": "repobility-supply-chain", "fingerprint": "7d89602c0b1cef83e04e3b491141a6c565a786c093b5659215b30d618a6bf5f9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d89602c0b1cef83e04e3b491141a6c565a786c093b5659215b30d618a6bf5f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-individual-tests.yml"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33360, "scanner": "repobility-supply-chain", "fingerprint": "fea9bfa143b668d3a4fdc1e2254c682f062e44c831240513d04b23e72afe1007", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fea9bfa143b668d3a4fdc1e2254c682f062e44c831240513d04b23e72afe1007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-individual-tests.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33359, "scanner": "repobility-supply-chain", "fingerprint": "18d98918676c1000c3d8e288bf1906a7af0a44ab817bd04301372e8b917deffe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|18d98918676c1000c3d8e288bf1906a7af0a44ab817bd04301372e8b917deffe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-individual-tests.yml"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33358, "scanner": "repobility-supply-chain", "fingerprint": "313927bf76fe01d07c439e84c8f0d9c8b890b633cbc4d5df092fbf173679768c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|313927bf76fe01d07c439e84c8f0d9c8b890b633cbc4d5df092fbf173679768c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-individual-tests.yml"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33357, "scanner": "repobility-supply-chain", "fingerprint": "e6dc51fc189a2327350b916bd10fe4b3de33a851e2e051c07ff242820d2f2642", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6dc51fc189a2327350b916bd10fe4b3de33a851e2e051c07ff242820d2f2642"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-individual-tests.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 33356, "scanner": "repobility-supply-chain", "fingerprint": "0027dcd54ef6b337545ecfa0ed57c0be37a3e9e774da1be7f9a00ba89148cc31", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0027dcd54ef6b337545ecfa0ed57c0be37a3e9e774da1be7f9a00ba89148cc31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/label-base-on-title.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_sample_statement_import_log: Test function `test_sample_statement_import_log` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 33355, "scanner": "repobility-ast-engine", "fingerprint": "21b39f8c89817c2b21d76a8f352685a6a4fb3a33990ebe99f68d2200bc7d441b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21b39f8c89817c2b21d76a8f352685a6a4fb3a33990ebe99f68d2200bc7d441b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank_statement_import_log/test_bank_statement_import_log.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_included_fee_allows_for_deposit: Test function `test_included_fee_allows_for_deposit` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 33354, "scanner": "repobility-ast-engine", "fingerprint": "d828475fc751fd10f2eb3a24a35ca8812022cce70774d50abb61acfaa589029c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d828475fc751fd10f2eb3a24a35ca8812022cce70774d50abb61acfaa589029c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank_transaction/test_bank_transaction_fees.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_included_fee_allows_equal: Test function `test_included_fee_allows_equal` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 33353, "scanner": "repobility-ast-engine", "fingerprint": "97e94ac9acec6b3f1b9b7d0e14611fe83d1ac725e7181271ea0eb6ba3d6a76a2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97e94ac9acec6b3f1b9b7d0e14611fe83d1ac725e7181271ea0eb6ba3d6a76a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank_transaction/test_bank_transaction_fees.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.enable_accounting_dimensions` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.enable_accounting_dimensions`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33351, "scanner": "repobility-ast-engine", "fingerprint": "cfa80a4e7d1baf51efac5f25179e7d7a1703e78849b4f6ee84d5f09f4f2fe167", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfa80a4e7d1baf51efac5f25179e7d7a1703e78849b4f6ee84d5f09f4f2fe167"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.get`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33350, "scanner": "repobility-ast-engine", "fingerprint": "4ea22b4ee919e2c1037a0eb54e1150448b6c2f19e80ffe2afe19a5bb32ad9efd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ea22b4ee919e2c1037a0eb54e1150448b6c2f19e80ffe2afe19a5bb32ad9efd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.get`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33349, "scanner": "repobility-ast-engine", "fingerprint": "3ff654c0707453687b3f162bc3e88e18821036f74673855adb115a2c2a5c9aa9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ff654c0707453687b3f162bc3e88e18821036f74673855adb115a2c2a5c9aa9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.enable_payment_schedule_in_print` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.enable_payment_schedule_in_print`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33348, "scanner": "repobility-ast-engine", "fingerprint": "2338a0957110ddabef4d8f2fd4f99e77c9c683997ea880e95d8f77f5b148d873", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2338a0957110ddabef4d8f2fd4f99e77c9c683997ea880e95d8f77f5b148d873"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.update_property_for_accounting_dimension` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.update_property_for_accounting_dimension`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33347, "scanner": "repobility-ast-engine", "fingerprint": "7b2368df62b2077652d7c4c1856f2111a49afd7a149635bd64d5abdc5e825bec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b2368df62b2077652d7c4c1856f2111a49afd7a149635bd64d5abdc5e825bec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.validate_and_sync_auto_reconcile_config` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.validate_and_sync_auto_reconcile_config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33346, "scanner": "repobility-ast-engine", "fingerprint": "555e5018ad4a2c006febc04a117439d6bf15e6aed0c5a74473250779001389b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|555e5018ad4a2c006febc04a117439d6bf15e6aed0c5a74473250779001389b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.enable_subscription` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.enable_subscription`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33345, "scanner": "repobility-ast-engine", "fingerprint": "9e91c8560c05f6f43aa76d614ba4918909535cf10d66e8f8ae0c61f71fc2793a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e91c8560c05f6f43aa76d614ba4918909535cf10d66e8f8ae0c61f71fc2793a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.enable_loyalty_point_program` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.enable_loyalty_point_program`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33344, "scanner": "repobility-ast-engine", "fingerprint": "2bc526d22391fc3d27be4beb5fa8419d10caca8447c9ed8fa835731d93fb7134", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bc526d22391fc3d27be4beb5fa8419d10caca8447c9ed8fa835731d93fb7134"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.enable_discounts_and_margin` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.enable_discounts_and_margin`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33343, "scanner": "repobility-ast-engine", "fingerprint": "1eeb1efba7d5bd102c6d7fd7e4a42e8944ece44f11c578383eeb7609586f6a01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1eeb1efba7d5bd102c6d7fd7e4a42e8944ece44f11c578383eeb7609586f6a01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.enable_accounting_dimensions` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.enable_accounting_dimensions`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33342, "scanner": "repobility-ast-engine", "fingerprint": "71ce0c2fc5d0ed7b53e6515c2f5302a692c641ef809c924b80edfcda1f5b1f5a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71ce0c2fc5d0ed7b53e6515c2f5302a692c641ef809c924b80edfcda1f5b1f5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.show_payment_schedule_in_print` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.show_payment_schedule_in_print`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33341, "scanner": "repobility-ast-engine", "fingerprint": "911e0fc64293b734a91fb365cca9876b340827193db2ce5fc016bd2805e57349", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|911e0fc64293b734a91fb365cca9876b340827193db2ce5fc016bd2805e57349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.validate_stale_days` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.validate_stale_days`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33340, "scanner": "repobility-ast-engine", "fingerprint": "bd7e2848e458256ff6be3e753e1dcc242f762073b15a721e7595cc610361f425", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd7e2848e458256ff6be3e753e1dcc242f762073b15a721e7595cc610361f425"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.enable_common_party_accounting` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.enable_common_party_accounting`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33339, "scanner": "repobility-ast-engine", "fingerprint": "5eb018e5f03d5757940c1ce75ecab26216585750b17a8a8a888d0dfb7ca970ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5eb018e5f03d5757940c1ce75ecab26216585750b17a8a8a888d0dfb7ca970ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_taxes_from_item_tax_template` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.add_taxes_from_item_tax_template`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33338, "scanner": "repobility-ast-engine", "fingerprint": "d466914f67d54b95db25495df40ff5b7468ac7059ea6d0a864e1b2a0b6e09cf8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d466914f67d54b95db25495df40ff5b7468ac7059ea6d0a864e1b2a0b6e09cf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_doc_before_save` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.get_doc_before_save`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33337, "scanner": "repobility-ast-engine", "fingerprint": "1478fb8df277464d9e1bdac45963f6b890f6233381fa664a7916f35955e2c795", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1478fb8df277464d9e1bdac45963f6b890f6233381fa664a7916f35955e2c795"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.validate_auto_tax_settings` used but never assigned in __init__: Method `validate` of class `AccountsSettings` reads `self.validate_auto_tax_settings`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33336, "scanner": "repobility-ast-engine", "fingerprint": "4ebff53735277b2fd90a278086ea008f01e7d352ea50199a9b2c37b9a42e63ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ebff53735277b2fd90a278086ea008f01e7d352ea50199a9b2c37b9a42e63ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounts_settings/accounts_settings.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.as_dict` used but never assigned in __init__: Method `on_update` of class `ERPNextAddress` reads `self.as_dict`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33335, "scanner": "repobility-ast-engine", "fingerprint": "d7a977daeb485ad200a0125838eea5332f49164535ed410798b345d4e53f2ebc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7a977daeb485ad200a0125838eea5332f49164535ed410798b345d4e53f2ebc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `on_update` of class `ERPNextAddress` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33334, "scanner": "repobility-ast-engine", "fingerprint": "71c287385f4af6ff14393aa42e019a3396c1aaebe79c59ce109cdc0061282f10", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71c287385f4af6ff14393aa42e019a3396c1aaebe79c59ce109cdc0061282f10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.links` used but never assigned in __init__: Method `validate_reference` of class `ERPNextAddress` reads `self.links`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33333, "scanner": "repobility-ast-engine", "fingerprint": "619ef05b99475a9e394d4842340edf5c99ed2abe51147e67bb911863a22991e5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|619ef05b99475a9e394d4842340edf5c99ed2abe51147e67bb911863a22991e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_your_company_address` used but never assigned in __init__: Method `validate_reference` of class `ERPNextAddress` reads `self.is_your_company_address`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33332, "scanner": "repobility-ast-engine", "fingerprint": "c293f5fbde45b8bc3464776fab76f64d559807554861dfef41703d9808a031ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c293f5fbde45b8bc3464776fab76f64d559807554861dfef41703d9808a031ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_your_company_address` used but never assigned in __init__: Method `update_company_address` of class `ERPNextAddress` reads `self.is_your_company_address`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33331, "scanner": "repobility-ast-engine", "fingerprint": "a535a81ad4b0443d36ed99afad86f5e6d649b4c5dabec0d364a1bc60b008614b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a535a81ad4b0443d36ed99afad86f5e6d649b4c5dabec0d364a1bc60b008614b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get` used but never assigned in __init__: Method `update_company_address` of class `ERPNextAddress` reads `self.get`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33330, "scanner": "repobility-ast-engine", "fingerprint": "4d706d5a43153c549509f5bef8ad6b87bbc7b3dcfb13d3b93acd26b4cdeaedb2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d706d5a43153c549509f5bef8ad6b87bbc7b3dcfb13d3b93acd26b4cdeaedb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_your_company_address` used but never assigned in __init__: Method `link_address` of class `ERPNextAddress` reads `self.is_your_company_address`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33329, "scanner": "repobility-ast-engine", "fingerprint": "5909415e1bb9cb8193b48ddc9e3c6f3c920d225c9a99bbe2d4c3c3598c160a79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5909415e1bb9cb8193b48ddc9e3c6f3c920d225c9a99bbe2d4c3c3598c160a79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.update_company_address` used but never assigned in __init__: Method `validate` of class `ERPNextAddress` reads `self.update_company_address`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33328, "scanner": "repobility-ast-engine", "fingerprint": "42fd7dc27e6b18c7958baf6502254fc6d72a95b4631a5406821bf74cceebe7f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42fd7dc27e6b18c7958baf6502254fc6d72a95b4631a5406821bf74cceebe7f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.validate_reference` used but never assigned in __init__: Method `validate` of class `ERPNextAddress` reads `self.validate_reference`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33327, "scanner": "repobility-ast-engine", "fingerprint": "2c4dd4a5fa259eddc833598b099a6dd57a3828447f7fa8d4ad5a1088ec6a7e36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c4dd4a5fa259eddc833598b099a6dd57a3828447f7fa8d4ad5a1088ec6a7e36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/custom/address.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 33318, "scanner": "repobility-threat-engine", "fingerprint": "3693c2283317ca876ef8395f8140d70a9f05f4cd8e16846cd64e683751713435", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3693c2283317ca876ef8395f8140d70a9f05f4cd8e16846cd64e683751713435"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank_transaction_rule/bank_transaction_rule.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 33317, "scanner": "repobility-threat-engine", "fingerprint": "662daf8d7eb769efa2998d451d0b3d964c2a98ab5c107ceb24768f3b257085cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|662daf8d7eb769efa2998d451d0b3d964c2a98ab5c107ceb24768f3b257085cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/bank_account/bank_account.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33304, "scanner": "repobility-threat-engine", "fingerprint": "a8b6417a386f1aea514be6c2549e27d2438d977c84cb56e8647ba84a0842cc75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "frm.save();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a8b6417a386f1aea514be6c2549e27d2438d977c84cb56e8647ba84a0842cc75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/accounting_dimension/accounting_dimension.js"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33303, "scanner": "repobility-threat-engine", "fingerprint": "25d79b33bb5d1f7a9e283c43bff42646d582932b450d0ed3ad1752d6f7ecff21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "cle.update(value)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|25d79b33bb5d1f7a9e283c43bff42646d582932b450d0ed3ad1752d6f7ecff21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/accounts/doctype/account_closing_balance/account_closing_balance.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33302, "scanner": "repobility-threat-engine", "fingerprint": "0cee5644224f130fddeb843b579ddfd085e6675a4aa281d683b90544df515ef1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "company.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0cee5644224f130fddeb843b579ddfd085e6675a4aa281d683b90544df515ef1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "erpnext/__init__.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 33289, "scanner": "repobility-threat-engine", "fingerprint": "40617b6029a9c539224da14a536f32c9566006c960260333bb87ac85285f4fe2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|40617b6029a9c539224da14a536f32c9566006c960260333bb87ac85285f4fe2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/helper/documentation.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 33288, "scanner": "repobility-threat-engine", "fingerprint": "6dd527b9b770de3d3e8dd35ce6ffbcd89cbd50b5c83ae67d2d6c302f22545e63", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6dd527b9b770de3d3e8dd35ce6ffbcd89cbd50b5c83ae67d2d6c302f22545e63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/helper/documentation.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 33385, "scanner": "repobility-supply-chain", "fingerprint": "ae1af1db23ab482162d426d52990a5be1b4bd19da6b11ab545689747ee898172", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ae1af1db23ab482162d426d52990a5be1b4bd19da6b11ab545689747ee898172"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/server-tests-mariadb.yml"}, "region": {"startLine": 164}}}]}]}]}