{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is ", "shortDescription": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every f"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC011", "name": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted", "shortDescription": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "fullDescription": {"text": "Use torch.load(..., weights_only=True) or use safetensors format."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `generate` has cognitive complexity 17 (SonarSource scale). Cognitive comp", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `generate` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 17."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 560 lines (recommend <300)", "shortDescription": {"text": "Average file size is 560 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED079", "name": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk.", "shortDescription": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-193 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED005", "name": "[MINED005] Lua Loadstring (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED005] Lua Loadstring (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED030] Python Pickle Loads (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data (and 5 more): Same pattern found in 5 additional files. ", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 18 more): Same pattern found in 18 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images shou"}, "fullDescription": {"text": "Replace with: `FROM ubuntu:22.04@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /v1/chat/completions has no auth: Handler `chat_completions` is registered with router/app.post(", "shortDescription": {"text": "[MINED112] FastAPI POST /v1/chat/completions has no auth: Handler `chat_completions` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_setitem_consecutive_inplace_operator: Test function `test_setitem_consecutive_inp", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_setitem_consecutive_inplace_operator: Test function `test_setitem_consecutive_inplace_operator` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line co"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._buffer` used but never assigned in __init__: Method `_data` of class `Tensor` reads `self._buffer`, bu", "shortDescription": {"text": "[MINED108] `self._buffer` used but never assigned in __init__: Method `_data` of class `Tensor` reads `self._buffer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the me"}, "fullDescription": {"text": "Initialize `self._buffer = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC113", "name": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impe", "shortDescription": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "fullDescription": {"text": "Python: load `~/.ssh/known_hosts` and use `paramiko.RejectPolicy()`. Go: implement a `ssh.HostKeyCallback` that compares against a known fingerprint. Java JSch: load known_hosts via `jsch.setKnownHosts(...)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping.", "shortDescription": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED027", "name": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated ", "shortDescription": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `sign", "shortDescription": {"text": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import signal` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/693"}, "properties": {"repository": "tinygrad/tinygrad", "repoUrl": "https://github.com/tinygrad/tinygrad", "branch": "master"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54675, "scanner": "repobility-ast-engine", "fingerprint": "6600479e466c74a744efc4b5c0efec02081cb5be0a2fd1d4b8f20bb8e20d445b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6600479e466c74a744efc4b5c0efec02081cb5be0a2fd1d4b8f20bb8e20d445b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/support/c.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `findlib` (list): `def findlib(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54674, "scanner": "repobility-ast-engine", "fingerprint": "89207371809e625b49ddb89501e4d47093e5b9afe1c6073227e121bb0e98424c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89207371809e625b49ddb89501e4d47093e5b9afe1c6073227e121bb0e98424c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/support/c.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54673, "scanner": "repobility-ast-engine", "fingerprint": "b36c2594c306aff8cb21fef7effc82d865d780d15de4a6f5c7a509ee40abb876", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b36c2594c306aff8cb21fef7effc82d865d780d15de4a6f5c7a509ee40abb876"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/support/compiler_cuda.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54672, "scanner": "repobility-ast-engine", "fingerprint": "5042b1c393aa294652d9e984baf82d58eb4844a3b73b8ba11bbe8ff611f79d44", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5042b1c393aa294652d9e984baf82d58eb4844a3b73b8ba11bbe8ff611f79d44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_qcom.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54666, "scanner": "repobility-ast-engine", "fingerprint": "275d296bb68f05485d07e8219281d9457f086600a243963539597eb6b8985d7e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|275d296bb68f05485d07e8219281d9457f086600a243963539597eb6b8985d7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_cl.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54662, "scanner": "repobility-ast-engine", "fingerprint": "de853caa08984f4c9453ae0110f62574b590e9869ae91581973318b2ca997302", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de853caa08984f4c9453ae0110f62574b590e9869ae91581973318b2ca997302"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/models/convnext.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54661, "scanner": "repobility-ast-engine", "fingerprint": "e9cd036516fe77343e793b3610bf7c2b76faec5f66992eb14635501464cb4b46", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9cd036516fe77343e793b3610bf7c2b76faec5f66992eb14635501464cb4b46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/models/retinanet.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `avg_pool` (list): `def avg_pool(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54659, "scanner": "repobility-ast-engine", "fingerprint": "5b14fc4baba11c47d8e3ecb7f2d20f41a3636d11261d09e1ef1f7a25dac0f4be", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b14fc4baba11c47d8e3ecb7f2d20f41a3636d11261d09e1ef1f7a25dac0f4be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/torch_backend/backend.py"}, "region": {"startLine": 316}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `step_tf` (dict): `def step_tf(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54651, "scanner": "repobility-ast-engine", "fingerprint": "b52bbbbc783b0bdfad8699c1243390a66a76199b61ba67f157ee32b6b5285b40", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b52bbbbc783b0bdfad8699c1243390a66a76199b61ba67f157ee32b6b5285b40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/external/external_test_optim.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `step` (dict): `def step(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54650, "scanner": "repobility-ast-engine", "fingerprint": "18e08c45d3cfb33dfa10a126d214f231fa1af2e69b0c82809e5b1afddf57f3ef", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18e08c45d3cfb33dfa10a126d214f231fa1af2e69b0c82809e5b1afddf57f3ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/external/external_test_optim.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54649, "scanner": "repobility-ast-engine", "fingerprint": "e8d80387501b20d339e91f1e9a892ef973c12685b4e3a955e59bd123207807c1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8d80387501b20d339e91f1e9a892ef973c12685b4e3a955e59bd123207807c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/amd/test_roundtrip.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54647, "scanner": "repobility-ast-engine", "fingerprint": "8a5be4a34bd6032024d7a0a74874e51a0804298e25b7b07c19c5ddf05bfba452", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a5be4a34bd6032024d7a0a74874e51a0804298e25b7b07c19c5ddf05bfba452"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/amd/test_sqttmap.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_test_vectorized` (list): `def _test_vectorized(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54645, "scanner": "repobility-ast-engine", "fingerprint": "59e03201d74d3e9b9b0b7bac8b9f88dbbf45b5935312510bc454a94753474cc5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59e03201d74d3e9b9b0b7bac8b9f88dbbf45b5935312510bc454a94753474cc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/null/test_transcendental_helpers.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54644, "scanner": "repobility-ast-engine", "fingerprint": "6a5eebbc4cf04a52f7bb72a404f9e9911e2676f19d7c1911977825ff2afd58ac", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a5eebbc4cf04a52f7bb72a404f9e9911e2676f19d7c1911977825ff2afd58ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/null/test_device.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54643, "scanner": "repobility-ast-engine", "fingerprint": "2d52b61635e096b962f476b078f9321e41b4b907bdaefa5bd36dda961202b4c6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d52b61635e096b962f476b078f9321e41b4b907bdaefa5bd36dda961202b4c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/null/test_device.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54642, "scanner": "repobility-ast-engine", "fingerprint": "72e1e07abbd37247234abb28a916f738a37ee24fc59e096a5945a10c0d32e98b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72e1e07abbd37247234abb28a916f738a37ee24fc59e096a5945a10c0d32e98b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/null/test_device.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54641, "scanner": "repobility-ast-engine", "fingerprint": "fef8378c85e50b791983668f5fcf6f12481308fc2abae234105e6669716c8bc6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fef8378c85e50b791983668f5fcf6f12481308fc2abae234105e6669716c8bc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/null/test_device.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_test_gemm_unrolled_permute_l` (list): `def _test_gemm_unrolled_permute_l(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54638, "scanner": "repobility-ast-engine", "fingerprint": "a5c7427ad020265f2629ec72eac57591aec09bcc3acbf497c5a870c317fdb38b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5c7427ad020265f2629ec72eac57591aec09bcc3acbf497c5a870c317fdb38b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_opt_gemm.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_helper_linearizer_opt_ast` (list): `def _helper_linearizer_opt_ast(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54637, "scanner": "repobility-ast-engine", "fingerprint": "d08af05904f3ceca3e71c670463749812643f5eb14d35722fe960e1103041fce", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d08af05904f3ceca3e71c670463749812643f5eb14d35722fe960e1103041fce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_linearizer.py"}, "region": {"startLine": 429}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54635, "scanner": "repobility-ast-engine", "fingerprint": "261e9877de58ea76541a2cf46fdf45919a537620b876c49d8fd898cdc8696fcd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|261e9877de58ea76541a2cf46fdf45919a537620b876c49d8fd898cdc8696fcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_asm_gemm.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54632, "scanner": "repobility-ast-engine", "fingerprint": "0608944c5648cdf665b7d0e7d9629852f478727f6db249f3c54858af83c39ed8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0608944c5648cdf665b7d0e7d9629852f478727f6db249f3c54858af83c39ed8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_profiler.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54631, "scanner": "repobility-ast-engine", "fingerprint": "4433bf00bd776d46d14dd79fe91a8f9c954f89ac12bd735393df6340c6e9fbdc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4433bf00bd776d46d14dd79fe91a8f9c954f89ac12bd735393df6340c6e9fbdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_profiler.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54630, "scanner": "repobility-ast-engine", "fingerprint": "2b0a6990f8e232d4844cb4d9e674d552e4bbac92c6d5f40cd433942b03eea092", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b0a6990f8e232d4844cb4d9e674d552e4bbac92c6d5f40cd433942b03eea092"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_profiler.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54629, "scanner": "repobility-ast-engine", "fingerprint": "49a1fd54110761439da6ceb45426dab3f9168ee0dea72faae1c0fcdc2ba16f64", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49a1fd54110761439da6ceb45426dab3f9168ee0dea72faae1c0fcdc2ba16f64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_profiler.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54612, "scanner": "repobility-ast-engine", "fingerprint": "9e9a482ba3c613e58f95877d354d0674cce3e8e3f856674183304b01f202aea2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e9a482ba3c613e58f95877d354d0674cce3e8e3f856674183304b01f202aea2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `get_example_inputs` (dict): `def get_example_inputs(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54600, "scanner": "repobility-ast-engine", "fingerprint": "903e000e011a8638a8f13fd90cae3a28d483e2bc5bd1f01f6dfa95705670eac7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|903e000e011a8638a8f13fd90cae3a28d483e2bc5bd1f01f6dfa95705670eac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/onnx_helpers.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54599, "scanner": "repobility-ast-engine", "fingerprint": "2071a69bfd0ce2e21dab3f93656aa8790cf38de40269a4c1b5449187c1480c4d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2071a69bfd0ce2e21dab3f93656aa8790cf38de40269a4c1b5449187c1480c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thneed.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54598, "scanner": "repobility-ast-engine", "fingerprint": "909ac33dd057710f5001446c4916145622190b34caf2b6ddf9db0df74ce5c9ce", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|909ac33dd057710f5001446c4916145622190b34caf2b6ddf9db0df74ce5c9ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thneed.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54597, "scanner": "repobility-ast-engine", "fingerprint": "761190a68de34d4ca1fa8510050884edcb3ea461bd59a3269fd35744687e78a9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|761190a68de34d4ca1fa8510050884edcb3ea461bd59a3269fd35744687e78a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/weekly_commits_table.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54596, "scanner": "repobility-ast-engine", "fingerprint": "b9fe15ad7825a0bee5c822c8adb41dc8fcc1c58b9a89fc9c4579526448e6592d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9fe15ad7825a0bee5c822c8adb41dc8fcc1c58b9a89fc9c4579526448e6592d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/weekly_commits_table.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `export_model_webgpu` (dict): `def export_model_webgpu(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54595, "scanner": "repobility-ast-engine", "fingerprint": "e63926bf93ca7a645324ee41b331802ec6c95b354720c3e9dd28d33e44d7b86e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e63926bf93ca7a645324ee41b331802ec6c95b354720c3e9dd28d33e44d7b86e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/export_model.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `export_model_clang` (dict): `def export_model_clang(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54594, "scanner": "repobility-ast-engine", "fingerprint": "2c7b1d86f1f6600a42177bb8574b7fb3d2e6d2248f2b3e7aa9c599ae04165910", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c7b1d86f1f6600a42177bb8574b7fb3d2e6d2248f2b3e7aa9c599ae04165910"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/export_model.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54593, "scanner": "repobility-ast-engine", "fingerprint": "b9ebe3283cd7092ab9d3681d660d213976c0f6836ae3e7a870b170704107f5eb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9ebe3283cd7092ab9d3681d660d213976c0f6836ae3e7a870b170704107f5eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/yolov3.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54592, "scanner": "repobility-ast-engine", "fingerprint": "0d986afa358b03877c2b68330f0174982908ef9bdaa5174f2f33d8b945d9dfb4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d986afa358b03877c2b68330f0174982908ef9bdaa5174f2f33d8b945d9dfb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/yolov3.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54591, "scanner": "repobility-ast-engine", "fingerprint": "7db3c6ca947e8b6b612bf81f5501088946325fd1f5e9e8d045a140e14803fe7a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7db3c6ca947e8b6b612bf81f5501088946325fd1f5e9e8d045a140e14803fe7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/yolov3.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54590, "scanner": "repobility-ast-engine", "fingerprint": "1383c83158dc402bb4f9c76cbce72809c83aedb616289da5641dd6e94dbf4a9c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1383c83158dc402bb4f9c76cbce72809c83aedb616289da5641dd6e94dbf4a9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/yolov3.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__call__` (list): `def __call__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54589, "scanner": "repobility-ast-engine", "fingerprint": "5d90051db17b8afd7bff1e9ad13271aba560b3326ccc3a7525e2cc35bedfb939", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d90051db17b8afd7bff1e9ad13271aba560b3326ccc3a7525e2cc35bedfb939"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/sdxl.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54588, "scanner": "repobility-ast-engine", "fingerprint": "0e3a6a618faec8414717b15dfe143f30d660d613abcfb35f4da6a4318b6c5f60", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e3a6a618faec8414717b15dfe143f30d660d613abcfb35f4da6a4318b6c5f60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vgg7.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54587, "scanner": "repobility-ast-engine", "fingerprint": "752091937b951cb2d8e1d906f717eab9315aa34697891a30a1c05a09ce9fc604", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|752091937b951cb2d8e1d906f717eab9315aa34697891a30a1c05a09ce9fc604"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vgg7.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54586, "scanner": "repobility-ast-engine", "fingerprint": "011fee0ba9ab9e6c9dc70a05fe0cab777df6612e3da24b454bf17c8b234c2c8b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|011fee0ba9ab9e6c9dc70a05fe0cab777df6612e3da24b454bf17c8b234c2c8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vgg7.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54585, "scanner": "repobility-ast-engine", "fingerprint": "097aae97f36aa5e592a9e3c6de3b4e06e7720a86571fb6f22ca3972ebaaa462b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|097aae97f36aa5e592a9e3c6de3b4e06e7720a86571fb6f22ca3972ebaaa462b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/helpers.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `fetch` (dict): `def fetch(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 54584, "scanner": "repobility-ast-engine", "fingerprint": "765ff4add7925eb89a93fe93b23f520d8bf87bad5edb57354e73a4dc6a692a62", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|765ff4add7925eb89a93fe93b23f520d8bf87bad5edb57354e73a4dc6a692a62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/helpers.py"}, "region": {"startLine": 450}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54583, "scanner": "repobility-ast-engine", "fingerprint": "7ae94c6522b95996534468d40b424f12aef8be0fe5257b3a45d49847c822b99b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ae94c6522b95996534468d40b424f12aef8be0fe5257b3a45d49847c822b99b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/device.py"}, "region": {"startLine": 370}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54582, "scanner": "repobility-ast-engine", "fingerprint": "1e8bf81f5f7c92446acf569443fb24f535f801cbc1748d40128095e67e4130cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e8bf81f5f7c92446acf569443fb24f535f801cbc1748d40128095e67e4130cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/device.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 54581, "scanner": "repobility-ast-engine", "fingerprint": "ec1397d64d5450061ae624dd7a59c610a38b1a90b8a9fb8a2016a58bc2fb77d1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec1397d64d5450061ae624dd7a59c610a38b1a90b8a9fb8a2016a58bc2fb77d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/device.py"}, "region": {"startLine": 373}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 54555, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 54554, "scanner": "repobility-docker", "fingerprint": "31434bd2cf54710eb78b7981ab4c7d3ab0857916eae89cb6762b78e6d38f7c79", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|31434bd2cf54710eb78b7981ab4c7d3ab0857916eae89cb6762b78e6d38f7c79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 54550, "scanner": "repobility-agent-runtime", "fingerprint": "59a7e40c47c4ff6feb522f47058ad8aa1c0c7e6eb27e946967ab17e7073cfe82", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|59a7e40c47c4ff6feb522f47058ad8aa1c0c7e6eb27e946967ab17e7073cfe82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/tinygpu.md"}, "region": {"startLine": 22}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 54525, "scanner": "repobility-threat-engine", "fingerprint": "2ed760d4398b621d57c3a7ad7ca936cf236c99ae6864eed073df24499ff519f3", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2ed760d4398b621d57c3a7ad7ca936cf236c99ae6864eed073df24499ff519f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thunder/tiny/visualize_tile.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 54515, "scanner": "repobility-threat-engine", "fingerprint": "d83729c544a80bc040670b33a1e24dec9fe247d2fbc5b102896a7352d233241f", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.jit.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|extra/models/unet3d.py|51|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/models/unet3d.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 54513, "scanner": "repobility-threat-engine", "fingerprint": "3e1b1713c133b14d5a4af608ffb9905dfbf805f841606cefed8f034079bc60d3", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|extra/models/rnnt.py|68|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/models/rnnt.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 54500, "scanner": "repobility-threat-engine", "fingerprint": "8fbed675a9c2024cd9db3737fe58e3df58c03c23f7e4ac1f0dde53231f01b7cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _rop(self, op: Ops, axis: tuple[int, ...]) -> Self:\n    raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8fbed675a9c2024cd9db3737fe58e3df58c03c23f7e4ac1f0dde53231f01b7cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/mixin/reduce.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 54499, "scanner": "repobility-threat-engine", "fingerprint": "f5b14082ded0c86a170b07ea1a7d999969b8b282752666023ab4441b07130cde", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def prepare(self, device, seed):\n    raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f5b14082ded0c86a170b07ea1a7d999969b8b282752666023ab4441b07130cde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hcqfuzz/spec.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 54488, "scanner": "repobility-threat-engine", "fingerprint": "910ee62ab88e5be6cf539cc55a733f1d6112b74ddbe090b83e8bc34203e7684f", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f'", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|extra/usbgpu/patch.py|44|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/usbgpu/patch.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 54487, "scanner": "repobility-threat-engine", "fingerprint": "12fb1f464a3cd534a11b3b9e83f6a80e78de6adb75bdfe61f09e01df0b6b12ca", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f\"", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|21|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/sqtt/install_rocprof_decoder.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 54486, "scanner": "repobility-threat-engine", "fingerprint": "8a97af2f00d49b0be6d097ce503b253b0e872c268d6e83ecebed1d713461caf5", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f\"", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|extra/hcq/hcq_smi.py|15|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hcq/hcq_smi.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 54480, "scanner": "repobility-threat-engine", "fingerprint": "b59c5e5babcca9310869ba08d444f606bf0288d51ced40462affcb3e0a24ec23", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|17|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/wikipedia_download.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 54466, "scanner": "repobility-threat-engine", "fingerprint": "b0ea8240e5698547c9810a64e1379b001c3a3165a7a96b737d73716d30c53ac5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b0ea8240e5698547c9810a64e1379b001c3a3165a7a96b737d73716d30c53ac5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/yolov8-onnx.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 54402, "scanner": "repobility-threat-engine", "fingerprint": "7625ba37c4b9b2cbd75d59f7aef01722e245c172bce805784b5301182fd5e78d", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|extra/datasets/__init__.py|39|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/__init__.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 54401, "scanner": "repobility-threat-engine", "fingerprint": "1fd1abc587f574698b7e4dd4beb04afc271b96ae5d2a0ee643da154f9a9f59db", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|10|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/openpilot/load_pickle.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 54396, "scanner": "repobility-threat-engine", "fingerprint": "37fa6bc08037316298cd06251172bc8ebc207f68956147965954a0bf3a6f6b94", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|139|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/openpilot/compile3.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `generate` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=2, if=3, nested_bonus=7, ternary=4."}, "properties": {"repobilityId": 54352, "scanner": "repobility-threat-engine", "fingerprint": "dbc4bee242d20bd54753cf9026cc1fc3b6ddde5395e681a5b0f5fb5e4a39f895", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "generate", "breakdown": {"if": 3, "for": 2, "else": 1, "ternary": 4, "nested_bonus": 7}, "complexity": 17, "correlation_key": "fp|dbc4bee242d20bd54753cf9026cc1fc3b6ddde5395e681a5b0f5fb5e4a39f895"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/gpt2.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 54331, "scanner": "repobility-threat-engine", "fingerprint": "aa424a39311df1dcb207b53f2424026f48f90d6848eced4d938f24fa11d8f76b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|tinygrad/uop/upat.py|167|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/uop/upat.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 54330, "scanner": "repobility-threat-engine", "fingerprint": "6e5a2b0fba54db2d72a44e72205385b3802dadd3a1100c03856d30027b7e148a", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|tinygrad/runtime/ops_cpu.py|59|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_cpu.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 54328, "scanner": "repobility-threat-engine", "fingerprint": "ffb5359dd821000e68050dfb5ef515cff1fac1b8e0509c84eec00d199c0b97a3", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|185|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/anthropic_challenge.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 560 lines (recommend <300)"}, "properties": {"repobilityId": 54326, "scanner": "repobility-core", "fingerprint": "0d15c0eb76e085abb8d68a17568b7c182e55b722b12a412013650495bb895ea9", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|0d15c0eb76e085abb8d68a17568b7c182e55b722b12a412013650495bb895ea9"}}}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 54553, "scanner": "repobility-docker", "fingerprint": "f1330c2027ba963a8f6ab4c828e2751062562005363c2ca78a837b89053ffd95", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f1330c2027ba963a8f6ab4c828e2751062562005363c2ca78a837b89053ffd95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 54552, "scanner": "repobility-docker", "fingerprint": "4d64498cb7e8375f28c232972befad64f605391619c1ca984c2aae4f9f80cd33", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4d64498cb7e8375f28c232972befad64f605391619c1ca984c2aae4f9f80cd33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 54551, "scanner": "repobility-docker", "fingerprint": "568a6368c5f603a0645d2083bf5ab95de0af56b75328aafe50ae141bc99177b2", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|568a6368c5f603a0645d2083bf5ab95de0af56b75328aafe50ae141bc99177b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54549, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5d8a0414db5457f729d2c68442ad9b069cd3f5f3c424caad9aca3b5a92ad285a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/hcq2/ops_amd2.py", "duplicate_line": 45, "correlation_key": "fp|5d8a0414db5457f729d2c68442ad9b069cd3f5f3c424caad9aca3b5a92ad285a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_amd.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54548, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b87ef63fc681e0df62b9ba8cc2d9cc12b3303c33fec65bffd8166e1a8ae53937", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/datasets/wikipedia.py", "duplicate_line": 179, "correlation_key": "fp|b87ef63fc681e0df62b9ba8cc2d9cc12b3303c33fec65bffd8166e1a8ae53937"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/external/mlperf_bert/preprocessing/create_pretraining_data.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54547, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d5883c882a13b0c06140026705c00aa9aaccdf1df6354763b071b67b3749e09", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/dsp/invoke_bug_2.py", "duplicate_line": 27, "correlation_key": "fp|3d5883c882a13b0c06140026705c00aa9aaccdf1df6354763b071b67b3749e09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/external/external_metal_compile_fail.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54546, "scanner": "repobility-ai-code-hygiene", "fingerprint": "40e607864be2426456e4417bd3decbb721d75566655cea931550df57bb80463c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/hook_cuda.py", "duplicate_line": 8, "correlation_key": "fp|40e607864be2426456e4417bd3decbb721d75566655cea931550df57bb80463c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/torch_hook/hook_cuda.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54545, "scanner": "repobility-ai-code-hygiene", "fingerprint": "47cc4484971892b9275d46e93835ab820b40cc4710584356f0cbdaad4d6695bf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/thunder/amd/gemm_bf16.cpp", "duplicate_line": 1, "correlation_key": "fp|47cc4484971892b9275d46e93835ab820b40cc4710584356f0cbdaad4d6695bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thunder/amd/gemm_bf16_atb.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54544, "scanner": "repobility-ai-code-hygiene", "fingerprint": "46d30dccb3760db2d9434ab84bb9c4abd18b80b4e62a91acaea9c75253d76d0f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/nv_gpu_driver/clc6c0qmd.h", "duplicate_line": 2, "correlation_key": "fp|46d30dccb3760db2d9434ab84bb9c4abd18b80b4e62a91acaea9c75253d76d0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/nv_gpu_driver/clcec0qmd.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54543, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5576550eccd2fa462db22554847ffb34e0e8a5251ba915d03bf2fa06e4f45817", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/gemm/amd_seb/kernel4_gmem_df.cpp", "duplicate_line": 51, "correlation_key": "fp|5576550eccd2fa462db22554847ffb34e0e8a5251ba915d03bf2fa06e4f45817"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/gemm/amd_seb/kernel5_lds_optim.cpp"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54542, "scanner": "repobility-ai-code-hygiene", "fingerprint": "651d9dfe7bc6753a88c76abdfe4dc0845e764cc820751f06c6a9c7610d2e7eac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/gemm/amd_seb/kernel3_registers.cpp", "duplicate_line": 12, "correlation_key": "fp|651d9dfe7bc6753a88c76abdfe4dc0845e764cc820751f06c6a9c7610d2e7eac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/gemm/amd_seb/kernel5_lds_optim.cpp"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54541, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45e99d5d0e8e7005fc5016f4dbe743f491bd3c5952597362234289cb0dc2d5fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/gemm/amd_seb/kernel3_registers.cpp", "duplicate_line": 12, "correlation_key": "fp|45e99d5d0e8e7005fc5016f4dbe743f491bd3c5952597362234289cb0dc2d5fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/gemm/amd_seb/kernel4_gmem_df.cpp"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54540, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc17f895ea0ab6cebc34a82eb37e5cb8a6a75c483532e122c982ee283c1bdb49", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/dsp/hook.py", "duplicate_line": 34, "correlation_key": "fp|cc17f895ea0ab6cebc34a82eb37e5cb8a6a75c483532e122c982ee283c1bdb49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/run_3.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54539, "scanner": "repobility-ai-code-hygiene", "fingerprint": "64254d40c339c15499970dbd89f6421cfdfde51a43e714628b1453e3b7713bb1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/dsp/run.py", "duplicate_line": 4, "correlation_key": "fp|64254d40c339c15499970dbd89f6421cfdfde51a43e714628b1453e3b7713bb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/run_3.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54536, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35b09f36e979440c130724689015be5bfe47ba5631822af5c65cd858d0cc2f61", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/dsp/hook.py", "duplicate_line": 34, "correlation_key": "fp|35b09f36e979440c130724689015be5bfe47ba5631822af5c65cd858d0cc2f61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/run.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 54535, "scanner": "repobility-ai-code-hygiene", "fingerprint": "477f24005e91677abac7b8a7462f39834706c9e839feee3d47fc2a3ebd1c282e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extra/amdpci/headers/amdgpu_ucode.h", "duplicate_line": 279, "correlation_key": "fp|477f24005e91677abac7b8a7462f39834706c9e839feee3d47fc2a3ebd1c282e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/amdpci/headers/discovery.h"}, "region": {"startLine": 236}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 54422, "scanner": "repobility-threat-engine", "fingerprint": "1214866a3c3dbbfa060d65566793e533adb4e16165e7738a0d54c876370add15", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"/snoop_bin_\" + str(index) + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1214866a3c3dbbfa060d65566793e533adb4e16165e7738a0d54c876370add15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vgg7.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `forward` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=3, for=1, if=5, ternary=2."}, "properties": {"repobilityId": 54354, "scanner": "repobility-threat-engine", "fingerprint": "b9214027095826d70b9400ba59ccc5a821f8389940a27a53021108fe9b8d154d", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "forward", "breakdown": {"if": 5, "for": 1, "else": 3, "ternary": 2}, "complexity": 11, "correlation_key": "fp|b9214027095826d70b9400ba59ccc5a821f8389940a27a53021108fe9b8d154d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/gpt2.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED079", "level": "none", "message": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "properties": {"repobilityId": 54532, "scanner": "repobility-threat-engine", "fingerprint": "6f0a33cf79c63cb84f10bc8a43ca5331c89ffca3f44259181faf81c1f91777fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "off-by-one-slice", "owasp": null, "cwe_ids": ["CWE-193"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348121+00:00", "triaged_in_corpus": 12, "observations_count": 6443, "ai_coder_pattern_id": 19}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6f0a33cf79c63cb84f10bc8a43ca5331c89ffca3f44259181faf81c1f91777fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_null.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED079", "level": "none", "message": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "properties": {"repobilityId": 54531, "scanner": "repobility-threat-engine", "fingerprint": "1c324663119035ac10e84fca9818bbabba0ce4448a98beb15e96c0bb5467a4f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "off-by-one-slice", "owasp": null, "cwe_ids": ["CWE-193"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348121+00:00", "triaged_in_corpus": 12, "observations_count": 6443, "ai_coder_pattern_id": 19}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1c324663119035ac10e84fca9818bbabba0ce4448a98beb15e96c0bb5467a4f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/graph/metal.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 54530, "scanner": "repobility-threat-engine", "fingerprint": "d91d7693b1fbd9cc1e4cf62bab1e101c0960e0acb79c5a91030b652ce90805a0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d91d7693b1fbd9cc1e4cf62bab1e101c0960e0acb79c5a91030b652ce90805a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/usbgpu/tbgpu/installer/TinyGPUDriverExtension/TinyGPUDriver.cpp"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 54528, "scanner": "repobility-threat-engine", "fingerprint": "669b9331e295a9151629dd58b0a996b46ff870054c30b17eebd7f0ec83463fb8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|669b9331e295a9151629dd58b0a996b46ff870054c30b17eebd7f0ec83463fb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/torch_backend/wrapped_tensor.cpp"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 54524, "scanner": "repobility-threat-engine", "fingerprint": "3f841024f7c2384fc46267b3baba9d86519f0c78e26cdf74ea8044f3ee69bea2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f841024f7c2384fc46267b3baba9d86519f0c78e26cdf74ea8044f3ee69bea2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thunder/amd/include/ops/warp/register/vec/conversions.cuh"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED005", "level": "none", "message": {"text": "[MINED005] Lua Loadstring (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 54522, "scanner": "repobility-threat-engine", "fingerprint": "10819a6e8b4927ea1e3d9b58f75dfb00dd068ef4510ce4b9fdbbab154d27d20d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "lua-loadstring", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["lua"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347908+00:00", "triaged_in_corpus": 20, "observations_count": 291730, "ai_coder_pattern_id": 169}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|10819a6e8b4927ea1e3d9b58f75dfb00dd068ef4510ce4b9fdbbab154d27d20d", "aggregated_count": 15}}}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 54510, "scanner": "repobility-threat-engine", "fingerprint": "dc4df3cfd15f1b89fc7ec0e6d44eb29e36410a1cf058a90045dd243a6b68255c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc4df3cfd15f1b89fc7ec0e6d44eb29e36410a1cf058a90045dd243a6b68255c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/huggingface_onnx/huggingface_manager.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 54508, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 54484, "scanner": "repobility-threat-engine", "fingerprint": "3d94e880c2e8a0bb4b06b2e51a89f1e2b3c179247361f3b31060096e31f982c7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3d94e880c2e8a0bb4b06b2e51a89f1e2b3c179247361f3b31060096e31f982c7", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 54477, "scanner": "repobility-threat-engine", "fingerprint": "2488fbc07f869579787b9aa081d76e8cd3a07f8ad2ba418bd0bf0597b35eaf7e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2488fbc07f869579787b9aa081d76e8cd3a07f8ad2ba418bd0bf0597b35eaf7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/nn/datasets.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 54470, "scanner": "repobility-threat-engine", "fingerprint": "03bf47df528e9028bd7b8281960c14c0b7b3b4f263a6907587d45b266815a5c1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|03bf47df528e9028bd7b8281960c14c0b7b3b4f263a6907587d45b266815a5c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/__init__.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 54467, "scanner": "repobility-threat-engine", "fingerprint": "adb77e9c49ef2ca47c0e2af9b63f83aedf3c1050169424e56a7eafd64494678c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|adb77e9c49ef2ca47c0e2af9b63f83aedf3c1050169424e56a7eafd64494678c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/yolov8-onnx.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 54465, "scanner": "repobility-threat-engine", "fingerprint": "27c9862857dcaebeec4309775b0adb286efb6a6919507f6dfa8c1642a6837b93", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|27c9862857dcaebeec4309775b0adb286efb6a6919507f6dfa8c1642a6837b93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/huggingface_onnx/huggingface_manager.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 54464, "scanner": "repobility-threat-engine", "fingerprint": "9a111b309578de120403a1df4fed700b28ac510403894893706aa17eb18c0d92", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a111b309578de120403a1df4fed700b28ac510403894893706aa17eb18c0d92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/webgpu/stable_diffusion/compile.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 54461, "scanner": "repobility-threat-engine", "fingerprint": "cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691"}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 54429, "scanner": "repobility-threat-engine", "fingerprint": "715bc882c6b254733718ad8c4ca845e58fec274edfb8213fea558660d65ed7de", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|715bc882c6b254733718ad8c4ca845e58fec274edfb8213fea558660d65ed7de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hcqfuzz/tools.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 54428, "scanner": "repobility-threat-engine", "fingerprint": "c80deac9f9bd7c6017e09eee3b2a42d8540387422d3cd58343641bd222ce1e15", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c80deac9f9bd7c6017e09eee3b2a42d8540387422d3cd58343641bd222ce1e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/snpe_logs/parse.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 54424, "scanner": "repobility-threat-engine", "fingerprint": "40943abbfe675218490eeffafcb4b828853ddb650982e98d176f0ffc6f88201c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40943abbfe675218490eeffafcb4b828853ddb650982e98d176f0ffc6f88201c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vgg7.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED030", "level": "none", "message": {"text": "[MINED030] Python Pickle Loads (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 54418, "scanner": "repobility-threat-engine", "fingerprint": "8f863dc01d5d05245a830433f0e00b4f2d83d09a6b7c6cd6df53d5d9b5e79d17", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8f863dc01d5d05245a830433f0e00b4f2d83d09a6b7c6cd6df53d5d9b5e79d17", "aggregated_count": 5}}}, {"ruleId": "SEC081", "level": "none", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 54407, "scanner": "repobility-threat-engine", "fingerprint": "209718015a2495aa0522578c886d971e11ce9d05f26c3f2a430239c42389fec2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|209718015a2495aa0522578c886d971e11ce9d05f26c3f2a430239c42389fec2"}}}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 54403, "scanner": "repobility-threat-engine", "fingerprint": "7c597eb50b3cfac268679ac508f3f14e93370a8bf3d9e2eb5e2031b1bcbf77e5", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7c597eb50b3cfac268679ac508f3f14e93370a8bf3d9e2eb5e2031b1bcbf77e5"}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 54395, "scanner": "repobility-threat-engine", "fingerprint": "96c68dbf4053801b6980d33900f1c2c3ad7ca3b4f02b9cd9412a7a5e00955c61", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96c68dbf4053801b6980d33900f1c2c3ad7ca3b4f02b9cd9412a7a5e00955c61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tinychat/tinychat-browser/make_tiktoken_js.sh"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 54394, "scanner": "repobility-threat-engine", "fingerprint": "fd4f949abc5dcbf9428b9bd9639578e421312f8f8f546762e00a02e4eeb13de8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd4f949abc5dcbf9428b9bd9639578e421312f8f8f546762e00a02e4eeb13de8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mlperf/training_submission_v5.0/tinycorp/benchmarks/stable_diffusion/implementations/tinybox_8xMI300X/dev_run.sh"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 54393, "scanner": "repobility-threat-engine", "fingerprint": "91e8a8a6c4dfab32d949f50e3d4eada6bd571991a861051e008dc56e7378df57", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|91e8a8a6c4dfab32d949f50e3d4eada6bd571991a861051e008dc56e7378df57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/squad.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 54392, "scanner": "repobility-threat-engine", "fingerprint": "f8cd09a23db58ff949c14b3cf2fce3ea6ab3886149a444b2fb2ef998f3167a82", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f8cd09a23db58ff949c14b3cf2fce3ea6ab3886149a444b2fb2ef998f3167a82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/olmoe.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 54390, "scanner": "repobility-threat-engine", "fingerprint": "f5b8999a80b36cabd8aea0dad6fb342f3a340071b1a9b5b6de72871ded0d3a87", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f5b8999a80b36cabd8aea0dad6fb342f3a340071b1a9b5b6de72871ded0d3a87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/llm.c/train_gpt2.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 54388, "scanner": "repobility-threat-engine", "fingerprint": "d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 54386, "scanner": "repobility-threat-engine", "fingerprint": "c8e4e217ca2b5dbc9397105ba9e3205b44d1f6d3b48a3fed9b8962ffa14f7573", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\" \".join(X[0][\"tokens\"])", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|extra/datasets/squad.py|14|print .join x 0 tokens"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/squad.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 54384, "scanner": "repobility-threat-engine", "fingerprint": "c6c56478cf65fd3c61525d097994c316137eaffa31fe5a8d8cf2f67f7b1d7042", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(tokenizer.decode(toks)", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|examples/olmoe.py|8|print tokenizer.decode toks"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/olmoe.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 54366, "scanner": "repobility-threat-engine", "fingerprint": "384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af"}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 54356, "scanner": "repobility-threat-engine", "fingerprint": "69035217f31b3e765218961e47de9e55ba258b1e5a75f2fcdd3c90f82a0d12fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|69035217f31b3e765218961e47de9e55ba258b1e5a75f2fcdd3c90f82a0d12fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/compile_tensorflow.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 118 more): Same pattern found in 118 additional files. Review if needed."}, "properties": {"repobilityId": 54355, "scanner": "repobility-threat-engine", "fingerprint": "cef43dc2f70aef87284db366db63d41ceee169cc4869edade99a37d4cf463c74", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 118 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "render", "breakdown": {"if": 2, "for": 1, "case": 10, "else": 1, "match": 1, "ternary": 3, "nested_bonus": 14}, "aggregated": true, "complexity": 32, "correlation_key": "fp|cef43dc2f70aef87284db366db63d41ceee169cc4869edade99a37d4cf463c74", "aggregated_count": 118}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 54348, "scanner": "repobility-threat-engine", "fingerprint": "9f490f319b1c4d599df8462bea952b94d5deb8e267e5973f634ba121af49752a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9f490f319b1c4d599df8462bea952b94d5deb8e267e5973f634ba121af49752a", "aggregated_count": 18}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 54347, "scanner": "repobility-threat-engine", "fingerprint": "c657512f07de4c3e51f47f073b6ccfa838d2b7d18ad29458ae53c0bf16808084", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c657512f07de4c3e51f47f073b6ccfa838d2b7d18ad29458ae53c0bf16808084"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/qwq.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 54346, "scanner": "repobility-threat-engine", "fingerprint": "ea6d4dc159ce3ba62d85d78e4d9a929fd904a2ce3104aed1205d4f80581d60a1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea6d4dc159ce3ba62d85d78e4d9a929fd904a2ce3104aed1205d4f80581d60a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/gpt2.py"}, "region": {"startLine": 255}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 54345, "scanner": "repobility-threat-engine", "fingerprint": "61b4a384be542c53bacd782dc3a1a7b5ae95c18721e49ca18ab37d3ad6ca772b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|61b4a384be542c53bacd782dc3a1a7b5ae95c18721e49ca18ab37d3ad6ca772b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/anthropic_challenge.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 54333, "scanner": "repobility-threat-engine", "fingerprint": "2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54706, "scanner": "repobility-supply-chain", "fingerprint": "4af7f97566d1edb7253b4d5db8c7956796462426318d2c98bc704befe42e8ff8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4af7f97566d1edb7253b4d5db8c7956796462426318d2c98bc704befe42e8ff8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 736}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54705, "scanner": "repobility-supply-chain", "fingerprint": "c3bf553b5429f6c980d262a6535cdc9f98fec1b980289998b175052bb17f568b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c3bf553b5429f6c980d262a6535cdc9f98fec1b980289998b175052bb17f568b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 706}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54704, "scanner": "repobility-supply-chain", "fingerprint": "67f105e72037c3b759c54174d5dfdea4456141422118d38b2b67bb79f1cbf8a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67f105e72037c3b759c54174d5dfdea4456141422118d38b2b67bb79f1cbf8a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 672}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54703, "scanner": "repobility-supply-chain", "fingerprint": "bcecaa4a8a754ec42c5049523c7fa77ef13343aef4ed9550d9d62bf2ee907cb5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bcecaa4a8a754ec42c5049523c7fa77ef13343aef4ed9550d9d62bf2ee907cb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 635}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54702, "scanner": "repobility-supply-chain", "fingerprint": "51297e20d6b0d811d355ef4a552b759b795971dbb7a6e1345589f0284d289089", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|51297e20d6b0d811d355ef4a552b759b795971dbb7a6e1345589f0284d289089"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 589}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54701, "scanner": "repobility-supply-chain", "fingerprint": "dec4bc7c91c9bcde2711b5621177996424935c75607877e91ebb93ddb70a4d04", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dec4bc7c91c9bcde2711b5621177996424935c75607877e91ebb93ddb70a4d04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 560}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54700, "scanner": "repobility-supply-chain", "fingerprint": "de2e9c46327b6dec053b16b1a4efb947ea1db08982a316bfe5d09afff802b53b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de2e9c46327b6dec053b16b1a4efb947ea1db08982a316bfe5d09afff802b53b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 526}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54699, "scanner": "repobility-supply-chain", "fingerprint": "fd6ed3d6e36f132211b1fe6ac67917c0f16d5684c68248bb97bfa6cc48eccca5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd6ed3d6e36f132211b1fe6ac67917c0f16d5684c68248bb97bfa6cc48eccca5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 507}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54698, "scanner": "repobility-supply-chain", "fingerprint": "3d4c799ccaae7bd65c2e4b1e6b7de89fc542752dc167298ce92853185849f8a0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d4c799ccaae7bd65c2e4b1e6b7de89fc542752dc167298ce92853185849f8a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 484}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54697, "scanner": "repobility-supply-chain", "fingerprint": "a1ae8ad1c3360e89758edeac518416e1a2abb3fb550672785853b171b65a1d4d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a1ae8ad1c3360e89758edeac518416e1a2abb3fb550672785853b171b65a1d4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 461}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54696, "scanner": "repobility-supply-chain", "fingerprint": "4295c9d563af36ee42814790599887d83c8a0c3caa660d37209221dea2c10036", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4295c9d563af36ee42814790599887d83c8a0c3caa660d37209221dea2c10036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 428}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54695, "scanner": "repobility-supply-chain", "fingerprint": "063628595c14142c115e6e56259e3d1cd02daef39bac6241178ad7ad504a3ff1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|063628595c14142c115e6e56259e3d1cd02daef39bac6241178ad7ad504a3ff1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 410}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54694, "scanner": "repobility-supply-chain", "fingerprint": "f0f81ba026aa74eb958dc495c73a67926f47d79337cd7b19b73265f14111bc08", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0f81ba026aa74eb958dc495c73a67926f47d79337cd7b19b73265f14111bc08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 381}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54693, "scanner": "repobility-supply-chain", "fingerprint": "79418c53e19514785006a41a5e2d349589f0eeb8be5019f9786098d3ef8bdcb6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|79418c53e19514785006a41a5e2d349589f0eeb8be5019f9786098d3ef8bdcb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 370}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54692, "scanner": "repobility-supply-chain", "fingerprint": "fe1dacfd3266a5fd1900c251f503a50e60e9fd2748d1ad09dbab2f30436fdf7c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe1dacfd3266a5fd1900c251f503a50e60e9fd2748d1ad09dbab2f30436fdf7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 356}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54691, "scanner": "repobility-supply-chain", "fingerprint": "18a5138246590043ee26239073e85c0773ebd2c5eb797801d11bdea6febbf438", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|18a5138246590043ee26239073e85c0773ebd2c5eb797801d11bdea6febbf438"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 336}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54690, "scanner": "repobility-supply-chain", "fingerprint": "52a82243dff2da128f0923ed72c10bda733229eea04f2cf6730afdfc00d722ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|52a82243dff2da128f0923ed72c10bda733229eea04f2cf6730afdfc00d722ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 315}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54689, "scanner": "repobility-supply-chain", "fingerprint": "08621cfdd675c7859e3583f092992dfb1032afd65c9664c0c3d050cbdae123d3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|08621cfdd675c7859e3583f092992dfb1032afd65c9664c0c3d050cbdae123d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54688, "scanner": "repobility-supply-chain", "fingerprint": "35f3707656037dd332703ea666f775a9e5fa60bdbfed3a71bdfcf0a2f5e896b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35f3707656037dd332703ea666f775a9e5fa60bdbfed3a71bdfcf0a2f5e896b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54687, "scanner": "repobility-supply-chain", "fingerprint": "7172387a6d2f5729c54e3b94d5fd25857d3fb2cf5aab2f346fa55e62b87bfe30", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7172387a6d2f5729c54e3b94d5fd25857d3fb2cf5aab2f346fa55e62b87bfe30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54686, "scanner": "repobility-supply-chain", "fingerprint": "14e7862b01339c8cf887735c6b884da9028d76d2013f5c90ac1b5d1318cd77ed", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14e7862b01339c8cf887735c6b884da9028d76d2013f5c90ac1b5d1318cd77ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54685, "scanner": "repobility-supply-chain", "fingerprint": "903f09a0cf7384b36399b685a31713f24ba0a85b00beb3046112c07b046da71c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|903f09a0cf7384b36399b685a31713f24ba0a85b00beb3046112c07b046da71c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54684, "scanner": "repobility-supply-chain", "fingerprint": "ffda60133b7dcddf751ca5f5ee41e80b6146cf2481d2c098e62114eddb351308", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ffda60133b7dcddf751ca5f5ee41e80b6146cf2481d2c098e62114eddb351308"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54683, "scanner": "repobility-supply-chain", "fingerprint": "6f0112a93feec1520fc47ee4336cb1eb003daf2fedea5aeeb94162ae4e36d9d1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6f0112a93feec1520fc47ee4336cb1eb003daf2fedea5aeeb94162ae4e36d9d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 54682, "scanner": "repobility-supply-chain", "fingerprint": "19b4f721806887a92a1430a834e7d3a61bc5176786faa847aa6a3ea45172dfc5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|19b4f721806887a92a1430a834e7d3a61bc5176786faa847aa6a3ea45172dfc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 54681, "scanner": "repobility-supply-chain", "fingerprint": "76ccfa46c4c5a74fb0a65e0a68a9f29d01f39a988a3afe81aa453e57693c4316", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76ccfa46c4c5a74fb0a65e0a68a9f29d01f39a988a3afe81aa453e57693c4316"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /v1/chat/completions has no auth: Handler `chat_completions` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 54680, "scanner": "repobility-route-auth", "fingerprint": "e954731c79e42fe629b65e73570e79e68eb42364b7daebce0867fe6ddc4c9f42", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e954731c79e42fe629b65e73570e79e68eb42364b7daebce0867fe6ddc4c9f42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/llama3.py"}, "region": {"startLine": 408}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /v1/chat/token/encode has no auth: Handler `chat_token_encode` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 54679, "scanner": "repobility-route-auth", "fingerprint": "2f56e9b4a1bf7543ab136d11942c3ecbfb7d92b4a0cdda643ab45283174bfc4e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|2f56e9b4a1bf7543ab136d11942c3ecbfb7d92b4a0cdda643ab45283174bfc4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/llama3.py"}, "region": {"startLine": 397}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /v1/completions has no auth: Handler `completions` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 54678, "scanner": "repobility-route-auth", "fingerprint": "5e2f2b95ae7fc5d669d1ca0ae33fdc7708318bb3a1e2c875aceb6dde0194c31e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|5e2f2b95ae7fc5d669d1ca0ae33fdc7708318bb3a1e2c875aceb6dde0194c31e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/llama3.py"}, "region": {"startLine": 369}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /v1/token/encode has no auth: Handler `token_encode` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 54677, "scanner": "repobility-route-auth", "fingerprint": "4fe2032f2883dc76b64f7e67aafcb65797adad7951ea731470442831f5be3d09", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4fe2032f2883dc76b64f7e67aafcb65797adad7951ea731470442831f5be3d09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/llama3.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /v1/internal/token-count has no auth: Handler `token_count` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 54676, "scanner": "repobility-route-auth", "fingerprint": "75d59d47f094181778710c5975c405062bdbb1af8e5c9aaa644ddefaf5d5f6ef", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|75d59d47f094181778710c5975c405062bdbb1af8e5c9aaa644ddefaf5d5f6ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/llama3.py"}, "region": {"startLine": 360}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_setitem_consecutive_inplace_operator: Test function `test_setitem_consecutive_inplace_operator` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54628, "scanner": "repobility-ast-engine", "fingerprint": "36fbaa610e0d1ddd0c58f9a3916c5ece77dd6ef6f4cb2395fb47d94ae854f1db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36fbaa610e0d1ddd0c58f9a3916c5ece77dd6ef6f4cb2395fb47d94ae854f1db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_setitem.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_setitem_inplace_operator: Test function `test_setitem_inplace_operator` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54627, "scanner": "repobility-ast-engine", "fingerprint": "afc86491390b9d7b5fac0698c5d9a4ed0cb32ce8805c764a1d3551148804ed64", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afc86491390b9d7b5fac0698c5d9a4ed0cb32ce8805c764a1d3551148804ed64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_setitem.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_setitem_chained_indexing: Test function `test_setitem_chained_indexing` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54626, "scanner": "repobility-ast-engine", "fingerprint": "c5740d0f0b08ee8f8a3d2b87c8d59bc432553ea16916821e77004893f9d34add", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5740d0f0b08ee8f8a3d2b87c8d59bc432553ea16916821e77004893f9d34add"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_setitem.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_setitem_fancy_on_unrealized_view: Test function `test_setitem_fancy_on_unrealized_view` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54625, "scanner": "repobility-ast-engine", "fingerprint": "4e10169329bdb11d998532c4b8a9bfd9342e66ba1197d4f4a893a910d5ac0259", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e10169329bdb11d998532c4b8a9bfd9342e66ba1197d4f4a893a910d5ac0259"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_setitem.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_simple_setitem: Test function `test_simple_setitem` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54624, "scanner": "repobility-ast-engine", "fingerprint": "ad1e72cf2910b4972e50ba842dc63089d5c3a3674822d6dece51cd2aa1d18911", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad1e72cf2910b4972e50ba842dc63089d5c3a3674822d6dece51cd2aa1d18911"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_setitem.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_symbolic_tril: Test function `test_symbolic_tril` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54623, "scanner": "repobility-ast-engine", "fingerprint": "e0d9e0ec65083d7fe820ff9434f18146b27ccbb9bfeb37d5531160fab90acf9b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0d9e0ec65083d7fe820ff9434f18146b27ccbb9bfeb37d5531160fab90acf9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_tensor_variable.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_symbolic_triu: Test function `test_symbolic_triu` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54622, "scanner": "repobility-ast-engine", "fingerprint": "7c38974c06dbb02b6d59d6df2960223f2ef26743735174c17b4030c9f1684594", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c38974c06dbb02b6d59d6df2960223f2ef26743735174c17b4030c9f1684594"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_tensor_variable.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_symbolic_var_sum_alt_name: Test function `test_symbolic_var_sum_alt_name` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54621, "scanner": "repobility-ast-engine", "fingerprint": "f89630480f4d8a2f79fb04a908f2b782768598ab2233df7fc113693412cdbc29", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f89630480f4d8a2f79fb04a908f2b782768598ab2233df7fc113693412cdbc29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_tensor_variable.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_symbolic_var_sum: Test function `test_symbolic_var_sum` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54620, "scanner": "repobility-ast-engine", "fingerprint": "978aadd08e0fd59dfe788b8047574501faed6619337632fc515653881f81d78b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|978aadd08e0fd59dfe788b8047574501faed6619337632fc515653881f81d78b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_tensor_variable.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_custom_kernel_sched_copy: Test function `test_custom_kernel_sched_copy` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54618, "scanner": "repobility-ast-engine", "fingerprint": "839c159f20d1348317b1177b24b43db0cc7058a99341a19c3b4992718062ce7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|839c159f20d1348317b1177b24b43db0cc7058a99341a19c3b4992718062ce7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_custom_kernel.py"}, "region": {"startLine": 351}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_gemm_backward_custom: Test function `test_gemm_backward_custom` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54617, "scanner": "repobility-ast-engine", "fingerprint": "c37c43d9a1faa500dd59b623a920ac99b747e4cb697ec1a9757fe25e91e1d470", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c37c43d9a1faa500dd59b623a920ac99b747e4cb697ec1a9757fe25e91e1d470"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_custom_kernel.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_empty: Test function `test_empty` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54616, "scanner": "repobility-ast-engine", "fingerprint": "6b6cee153bc93b01955c02d6b06a41bbfb86b4d211b6904c3409affd69bad4d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b6cee153bc93b01955c02d6b06a41bbfb86b4d211b6904c3409affd69bad4d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_custom_kernel.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_torch_interop_write: Test function `test_torch_interop_write` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54615, "scanner": "repobility-ast-engine", "fingerprint": "b65689b81f735b5f1f5c9bb047c863e1708d3d99bc6752d24ccc634b8ae59fbf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b65689b81f735b5f1f5c9bb047c863e1708d3d99bc6752d24ccc634b8ae59fbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_interop.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_torch_interop: Test function `test_torch_interop` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54614, "scanner": "repobility-ast-engine", "fingerprint": "556cb7b7996fe5fbb8993e0f114413f65d669dfa38b374fcd2e68de7d5b62fd5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|556cb7b7996fe5fbb8993e0f114413f65d669dfa38b374fcd2e68de7d5b62fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_interop.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_kernel_cache_in_action: Test function `test_kernel_cache_in_action` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54613, "scanner": "repobility-ast-engine", "fingerprint": "5836202eb1199bd4d08555eff8c763c52d0ac80e39b8e817c154e75327d4f0e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5836202eb1199bd4d08555eff8c763c52d0ac80e39b8e817c154e75327d4f0e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_kernel_cache.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_beam_image: Test function `test_beam_image` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54610, "scanner": "repobility-ast-engine", "fingerprint": "b530915a89dfc2384f6fe0f4365e95bc271a3678a022776ab9d0f35aa045bd99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b530915a89dfc2384f6fe0f4365e95bc271a3678a022776ab9d0f35aa045bd99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test_tiny.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_image: Test function `test_image` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54609, "scanner": "repobility-ast-engine", "fingerprint": "9585d1dedb6aa711da57d6b3ffabd9c31cd9549a45e2e01f111a8d885306f8f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9585d1dedb6aa711da57d6b3ffabd9c31cd9549a45e2e01f111a8d885306f8f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test_tiny.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_mnist_backward: Test function `test_mnist_backward` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54608, "scanner": "repobility-ast-engine", "fingerprint": "027840dde82cb39ee82c04abceff1d8d9ffc0e24335a034ad2d499275d58702c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|027840dde82cb39ee82c04abceff1d8d9ffc0e24335a034ad2d499275d58702c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test_tiny.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_beam: Test function `test_beam` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54607, "scanner": "repobility-ast-engine", "fingerprint": "d4ec570253f041be8da585d0b39c62d04914cf51719b8b564dd37c2fda9c7be8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4ec570253f041be8da585d0b39c62d04914cf51719b8b564dd37c2fda9c7be8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test_tiny.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_gflops: Test function `test_gflops` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54606, "scanner": "repobility-ast-engine", "fingerprint": "b903e3a6cebc445b3021afbbdf453c121c6051c8d7cda5a3a81d1472250ed4bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b903e3a6cebc445b3021afbbdf453c121c6051c8d7cda5a3a81d1472250ed4bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/archprobe.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_read_bandwidth: Test function `test_read_bandwidth` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54605, "scanner": "repobility-ast-engine", "fingerprint": "6017f02c04384ae15bd83b166e427da8751e32850a49a71020ec0e74bd04fdee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6017f02c04384ae15bd83b166e427da8751e32850a49a71020ec0e74bd04fdee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/archprobe.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cacheline_size: Test function `test_cacheline_size` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54604, "scanner": "repobility-ast-engine", "fingerprint": "b47cd7f4149ae55e574a3011df8421932062fdcaf86ed6ee8249175fabc5c034", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b47cd7f4149ae55e574a3011df8421932062fdcaf86ed6ee8249175fabc5c034"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/archprobe.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_memory_latency: Test function `test_memory_latency` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54603, "scanner": "repobility-ast-engine", "fingerprint": "204f0231fdbec761ab5ddc6bd51f602bbc2d2caf9620b02c2fd95fbae53bba4b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|204f0231fdbec761ab5ddc6bd51f602bbc2d2caf9620b02c2fd95fbae53bba4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/archprobe.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_reg_count: Test function `test_reg_count` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54602, "scanner": "repobility-ast-engine", "fingerprint": "a799db8c980afe0ce3aef16dc7ed892721534da83a45f5d2e8d5e4012262647b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a799db8c980afe0ce3aef16dc7ed892721534da83a45f5d2e8d5e4012262647b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/archprobe.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_warp_size: Test function `test_warp_size` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 54601, "scanner": "repobility-ast-engine", "fingerprint": "006b5efd2e58fe6af3c2274ea72cfc117b8d4b575048e0d7d8b8b450fa6e0a53", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|006b5efd2e58fe6af3c2274ea72cfc117b8d4b575048e0d7d8b8b450fa6e0a53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/archprobe.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._buffer` used but never assigned in __init__: Method `_data` of class `Tensor` reads `self._buffer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54580, "scanner": "repobility-ast-engine", "fingerprint": "0b3c6ccafcea18c56ce1c89a3818cf7a97182e0af6306aaddb5f22cc862f7626", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b3c6ccafcea18c56ce1c89a3818cf7a97182e0af6306aaddb5f22cc862f7626"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dtype` used but never assigned in __init__: Method `_buffer` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54579, "scanner": "repobility-ast-engine", "fingerprint": "025ea8d642945c18cc4af7f9a331b02dd8c85efd7b041bd67d09268c6338c66e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|025ea8d642945c18cc4af7f9a331b02dd8c85efd7b041bd67d09268c6338c66e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.cast` used but never assigned in __init__: Method `_buffer` of class `Tensor` reads `self.cast`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54578, "scanner": "repobility-ast-engine", "fingerprint": "f0e6793789687b3d16846f09505853bea81e8b2b33b7d5d62e8ad4f5b37633f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f0e6793789687b3d16846f09505853bea81e8b2b33b7d5d62e8ad4f5b37633f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `_buffer` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54577, "scanner": "repobility-ast-engine", "fingerprint": "ce016ded7999d209ef9e76223321241adc3b2768481d6ab6e2a8845be8d34fc8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce016ded7999d209ef9e76223321241adc3b2768481d6ab6e2a8845be8d34fc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._buffer` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self._buffer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54576, "scanner": "repobility-ast-engine", "fingerprint": "e716d0e837fb12ee9f3035d529ec8ebd60a093f48449e07b0f8700599a9cc022", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e716d0e837fb12ee9f3035d529ec8ebd60a093f48449e07b0f8700599a9cc022"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54575, "scanner": "repobility-ast-engine", "fingerprint": "c1749ced4dd370a0021adfedf7e6ac2497083d44ea3723338530d49723d9480e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1749ced4dd370a0021adfedf7e6ac2497083d44ea3723338530d49723d9480e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54574, "scanner": "repobility-ast-engine", "fingerprint": "5afa63520fcda6c32a3d845fdb3c6ea4ab0e6f66085d69d97938f5c58d405395", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5afa63520fcda6c32a3d845fdb3c6ea4ab0e6f66085d69d97938f5c58d405395"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dtype` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54573, "scanner": "repobility-ast-engine", "fingerprint": "36e3cd44943111354868ff76939577dc36c3535d7a1b036e81597a6a253517d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36e3cd44943111354868ff76939577dc36c3535d7a1b036e81597a6a253517d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54572, "scanner": "repobility-ast-engine", "fingerprint": "c1b419aca60997c5867d9dfd7ea54c31a23fb7094d8533e1dee4b1f649ef31b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1b419aca60997c5867d9dfd7ea54c31a23fb7094d8533e1dee4b1f649ef31b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 266}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dtype` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54571, "scanner": "repobility-ast-engine", "fingerprint": "59b12844e2d4499095b7c66b4531798bdceff2ac42d6d4a0a56c4af3836ec8c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59b12844e2d4499095b7c66b4531798bdceff2ac42d6d4a0a56c4af3836ec8c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54570, "scanner": "repobility-ast-engine", "fingerprint": "e42a6393eebcdff53eecaf830ec706064ef5e89b919086fbd6e19e622d8883f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e42a6393eebcdff53eecaf830ec706064ef5e89b919086fbd6e19e622d8883f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54569, "scanner": "repobility-ast-engine", "fingerprint": "2d40c487273c69dc25c206493d9c8621fe60a2a17b518b906bd558f90b2a9ab9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d40c487273c69dc25c206493d9c8621fe60a2a17b518b906bd558f90b2a9ab9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shape` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54568, "scanner": "repobility-ast-engine", "fingerprint": "6047360317d7723e71b1a562d87bc13ee72ac22ee6c6ab5f6989e0a9c4d7bbaa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6047360317d7723e71b1a562d87bc13ee72ac22ee6c6ab5f6989e0a9c4d7bbaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shape` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54567, "scanner": "repobility-ast-engine", "fingerprint": "0dc13b18d8b57b4e87badd2eb463d4d7a040e5931a12a8da6af14d5517ef274b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0dc13b18d8b57b4e87badd2eb463d4d7a040e5931a12a8da6af14d5517ef274b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shape` used but never assigned in __init__: Method `replace` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54566, "scanner": "repobility-ast-engine", "fingerprint": "993261e55cbf4c928e811f68cfcaf1cc10e22ea775e2e2fa8ba9961b158f710d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|993261e55cbf4c928e811f68cfcaf1cc10e22ea775e2e2fa8ba9961b158f710d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.linear_with_vars` used but never assigned in __init__: Method `schedule_linear` of class `Tensor` reads `self.linear_with_vars`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54565, "scanner": "repobility-ast-engine", "fingerprint": "6316718d6d7b666f924c077ac27a6ba15a16dd518c00a890433b639a2f2165a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6316718d6d7b666f924c077ac27a6ba15a16dd518c00a890433b639a2f2165a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54564, "scanner": "repobility-ast-engine", "fingerprint": "4c91e6605bda2219a0024d96a478e3d752fb521092d045bd26c6b1c49bef8b9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c91e6605bda2219a0024d96a478e3d752fb521092d045bd26c6b1c49bef8b9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shape` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54563, "scanner": "repobility-ast-engine", "fingerprint": "55f49c04a90f69bdb27da0564c4e3785a134f4ec6d425bcb8fe6e4c403eed3f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55f49c04a90f69bdb27da0564c4e3785a134f4ec6d425bcb8fe6e4c403eed3f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dtype` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54562, "scanner": "repobility-ast-engine", "fingerprint": "df270ac1c5d33fed4a5f5a456a11c482c23592bba53135bcb421910fdefe3c8a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df270ac1c5d33fed4a5f5a456a11c482c23592bba53135bcb421910fdefe3c8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54561, "scanner": "repobility-ast-engine", "fingerprint": "a74df32277ab4968603c4dc1eb0dc034b852530c27dafd446130d101e94d84f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a74df32277ab4968603c4dc1eb0dc034b852530c27dafd446130d101e94d84f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dtype` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54560, "scanner": "repobility-ast-engine", "fingerprint": "724a3040c5ed3873310f0215822a51c89057f26e3c1d4b866651dee9e147956e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|724a3040c5ed3873310f0215822a51c89057f26e3c1d4b866651dee9e147956e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shape` used but never assigned in __init__: Method `__len__` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54559, "scanner": "repobility-ast-engine", "fingerprint": "290352a75f61d1483d33575b8a7e691717a7b42c8bc474ca54eba4cef7339fb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|290352a75f61d1483d33575b8a7e691717a7b42c8bc474ca54eba4cef7339fb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shape` used but never assigned in __init__: Method `__len__` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54558, "scanner": "repobility-ast-engine", "fingerprint": "ecad3410010a55d834854c3d51adb803fa43909053c99000b36a6487683cd7ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ecad3410010a55d834854c3d51adb803fa43909053c99000b36a6487683cd7ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.device` used but never assigned in __init__: Method `__repr__` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54557, "scanner": "repobility-ast-engine", "fingerprint": "c60d421c68d363d2e6f9a4f58d1dd6ac4e9be8b484e2ad42b315711e880af4ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c60d421c68d363d2e6f9a4f58d1dd6ac4e9be8b484e2ad42b315711e880af4ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._apply_uop` used but never assigned in __init__: Method `alu` of class `Tensor` reads `self._apply_uop`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 54556, "scanner": "repobility-ast-engine", "fingerprint": "51f6261076789f4d16bd0c4a97c0a6fa8fe197c7bae9f44b23fb7cd5dd37695e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51f6261076789f4d16bd0c4a97c0a6fa8fe197c7bae9f44b23fb7cd5dd37695e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/tensor.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 54512, "scanner": "repobility-threat-engine", "fingerprint": "39d48869deca0bb6a39ecf3ef7f758e5bafbca3d4299763fe51d6e7f3022563d", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|extra/mlx_driver/connect.py|9|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/mlx_driver/connect.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 54507, "scanner": "repobility-threat-engine", "fingerprint": "9b12fe8eea1775f2bf4adedc2f588a89bcfd1c03d0b2d3ed7366794f822d54f6", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9b12fe8eea1775f2bf4adedc2f588a89bcfd1c03d0b2d3ed7366794f822d54f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/usbgpu/debug.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 54503, "scanner": "repobility-threat-engine", "fingerprint": "1e9d7c137715601a8e2e4c844edc94411b935804585c2bb501c018fe808b8682", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1e9d7c137715601a8e2e4c844edc94411b935804585c2bb501c018fe808b8682"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/models/retinanet.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 54502, "scanner": "repobility-threat-engine", "fingerprint": "ad27e1c68fb4c6585dcafaf11696a2c1f120ffbd5df8d488758dc32483dfc00a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ad27e1c68fb4c6585dcafaf11696a2c1f120ffbd5df8d488758dc32483dfc00a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hevc/decode.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 54494, "scanner": "repobility-threat-engine", "fingerprint": "256587c986ad6e9860ba470f519ab7cf5c001f722e731922b03f356f72727289", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|256587c986ad6e9860ba470f519ab7cf5c001f722e731922b03f356f72727289"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hcqfuzz/fuzzer.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 54493, "scanner": "repobility-threat-engine", "fingerprint": "012852cd72d8c7418bd793b1feac427b1d8484abb8a399ab19a9514466cf2bc0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|012852cd72d8c7418bd793b1feac427b1d8484abb8a399ab19a9514466cf2bc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/usbgpu/patch.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 54491, "scanner": "repobility-threat-engine", "fingerprint": "f455b91c96ae59757007e800a98c717f0fff94b077590e67b089af5bbdf1dd2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f455b91c96ae59757007e800a98c717f0fff94b077590e67b089af5bbdf1dd2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/sqtt/install_rocprof_decoder.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 54490, "scanner": "repobility-threat-engine", "fingerprint": "9b11566d89ba4585e37fe3f1d5b1d6317fe691d81cc9568f58d36a06b2862bc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9b11566d89ba4585e37fe3f1d5b1d6317fe691d81cc9568f58d36a06b2862bc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hcq/hcq_smi.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 54485, "scanner": "repobility-threat-engine", "fingerprint": "7df407e9ded1f719c88857c269024a2c84ba4496bdc816f3338791374b03841c", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(script_dir, 'max_kernels/nv.fp16_fp32_fp32.2_stage_swizzled_smem_input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|extra/gemm/max_matmul.py|86|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/gemm/max_matmul.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 54483, "scanner": "repobility-threat-engine", "fingerprint": "86581265dacf460c7478a64d7ef38f191de365b46f0390c838ea629251f0b52c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|86581265dacf460c7478a64d7ef38f191de365b46f0390c838ea629251f0b52c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/usbgpu/patch.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 54482, "scanner": "repobility-threat-engine", "fingerprint": "58c1742a6400bf0d1bc93b7a32b38f7861a9cdf207548a922ca6f0897080b78b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|58c1742a6400bf0d1bc93b7a32b38f7861a9cdf207548a922ca6f0897080b78b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hevc/decode.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 54481, "scanner": "repobility-threat-engine", "fingerprint": "202ccbaff17b7b6e4ce0f54b8bba589fd8142f31245d2db59f3fa5510d89f209", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|202ccbaff17b7b6e4ce0f54b8bba589fd8142f31245d2db59f3fa5510d89f209"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/wikipedia_download.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 54479, "scanner": "repobility-threat-engine", "fingerprint": "cce6a7f1960e1c8b0783c8cf78241b03b532d1c559182175ec94d6ff0fffaa20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(path=path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cce6a7f1960e1c8b0783c8cf78241b03b532d1c559182175ec94d6ff0fffaa20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/wikipedia_download.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 54478, "scanner": "repobility-threat-engine", "fingerprint": "7c86d3d49cde1781295a8ee554524a43c05f96b01e0c3561ea61045070a134f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extract(path=path, member=member)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7c86d3d49cde1781295a8ee554524a43c05f96b01e0c3561ea61045070a134f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/imagenet_download.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 54463, "scanner": "repobility-threat-engine", "fingerprint": "cdfca1b050257d5d75ea31618ed33df14940c759945f3d27edf551ee988dcd9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.head(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cdfca1b050257d5d75ea31618ed33df14940c759945f3d27edf551ee988dcd9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/huggingface_onnx/huggingface_manager.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 54462, "scanner": "repobility-threat-engine", "fingerprint": "0202e7840be5e432fc1f5f8517cdbf86453526deaa4d8b7d74beb34b145c9058", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0202e7840be5e432fc1f5f8517cdbf86453526deaa4d8b7d74beb34b145c9058"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/webgpu/stable_diffusion/compile.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 54460, "scanner": "repobility-threat-engine", "fingerprint": "2e4aabef90cd7c116fc9422ccce7177f20d6a9d8adcfb72b8ea3eb91446b4a9f", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|extra/thneed.py|58|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thneed.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 54459, "scanner": "repobility-threat-engine", "fingerprint": "0a9c4a39caeaba458577a81827abb4c6d3a9c01638c33e8d09e1f2db2da0115b", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(script_dir, 'max_kernels/nv.fp16_fp32_fp32.2_stage_swizzled_smem_input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|extra/gemm/max_matmul.py|86|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/gemm/max_matmul.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 54458, "scanner": "repobility-threat-engine", "fingerprint": "c897dc3ed4f45f23349eb9ae7e9a92feeb569823a34b4fd15924409ba39fe9ea", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|15|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/webgpu/stable_diffusion/compile.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED027", "level": "error", "message": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "properties": {"repobilityId": 54420, "scanner": "repobility-threat-engine", "fingerprint": "9d4a0a8b3ce22c6cd21f54c7182556f1f6672984c340e9c02931669ff0633e1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-state-array-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347961+00:00", "triaged_in_corpus": 15, "observations_count": 14444, "ai_coder_pattern_id": 136}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9d4a0a8b3ce22c6cd21f54c7182556f1f6672984c340e9c02931669ff0633e1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tinychat/index.js"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 54381, "scanner": "repobility-threat-engine", "fingerprint": "631db8406b21e2ef83b2ff595515d203b6d4bea018279200c748d961dbbeb20a", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"loading cached tokens in {tokens_bin}\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|14|print f loading cached tokens in tokens_bin"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/llm.c/train_gpt2.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 54364, "scanner": "repobility-threat-engine", "fingerprint": "9b02831a93387f7fade83661539126e6500ff8db5446f61543fda2a2f5c5a219", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "metadata.update({name: {\"parts\": {0: {\"empty\": True, \"size\": size}}, \"dtype\": tinygrad_dtypes[dty", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9b02831a93387f7fade83661539126e6500ff8db5446f61543fda2a2f5c5a219"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tinychat/tinychat-browser/compile.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 54362, "scanner": "repobility-threat-engine", "fingerprint": "0a8550a28af4552b25be87e8a7b70b2c072ff8c1aed0731d84bb4c044cc687ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "im.save(args.out)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0a8550a28af4552b25be87e8a7b70b2c072ff8c1aed0731d84bb4c044cc687ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/sdv2.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 54360, "scanner": "repobility-threat-engine", "fingerprint": "84ed6d3d43cc7fba8bd116dc9fb9891ff66cbea56712edcf586fe271094a5df7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "state_dict.update({'X': X, 'Y': Y, 'loss': loss})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|84ed6d3d43cc7fba8bd116dc9fb9891ff66cbea56712edcf586fe271094a5df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/llm.c/export.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 54359, "scanner": "repobility-threat-engine", "fingerprint": "c55c49896096fd7a67965faf82e3558c148eecbe076a077c280664b83114fe06", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c55c49896096fd7a67965faf82e3558c148eecbe076a077c280664b83114fe06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thunder/tiny/visualize_tile.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 54358, "scanner": "repobility-threat-engine", "fingerprint": "cbf3dae93a29d57396eddbd7ae16584a5d5f2dbe679700f555e68949ee225331", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cbf3dae93a29d57396eddbd7ae16584a5d5f2dbe679700f555e68949ee225331"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/qwq.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 54357, "scanner": "repobility-threat-engine", "fingerprint": "a88a3009f446d14309d9977896b40f63f95425ddb074739e9da51207b0355836", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a88a3009f446d14309d9977896b40f63f95425ddb074739e9da51207b0355836"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/gpt2.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `render` has cognitive complexity 32 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: case=10, else=1, for=1, if=2, match=1, nested_bonus=14, ternary=3."}, "properties": {"repobilityId": 54349, "scanner": "repobility-threat-engine", "fingerprint": "e99528c30de2f04acbd2c5ade175b4b883b1efe90ce1d7f25353735df64411c8", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 32 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "render", "breakdown": {"if": 2, "for": 1, "case": 10, "else": 1, "match": 1, "ternary": 3, "nested_bonus": 14}, "complexity": 32, "correlation_key": "fp|e99528c30de2f04acbd2c5ade175b4b883b1efe90ce1d7f25353735df64411c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/anthropic_challenge.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 54344, "scanner": "repobility-threat-engine", "fingerprint": "7bf1d403fc9bf2604b58ed3083b950c459a0979d45600fbab508f69b664c658b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(code_str", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7bf1d403fc9bf2604b58ed3083b950c459a0979d45600fbab508f69b664c658b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/uop/upat.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 54341, "scanner": "repobility-threat-engine", "fingerprint": "0b2bdd61aa52561687e98dc9cf62cd6d07a744cca270607678f9c6ab7b56ba8c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(self", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0b2bdd61aa52561687e98dc9cf62cd6d07a744cca270607678f9c6ab7b56ba8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_cpu.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 54335, "scanner": "repobility-threat-engine", "fingerprint": "122eb91586661d5e60d3b2ac3146ddb2560c455d226222702c49271c07f68053", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(fetch", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|122eb91586661d5e60d3b2ac3146ddb2560c455d226222702c49271c07f68053"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/anthropic_challenge.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54671, "scanner": "repobility-ast-engine", "fingerprint": "89346f060135fc22cdac0568e84cf9fc2d6604611c05884cee5e6a5309b71551", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89346f060135fc22cdac0568e84cf9fc2d6604611c05884cee5e6a5309b71551"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_qcom.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54670, "scanner": "repobility-ast-engine", "fingerprint": "90d6475985e05e0418e18ac31651a7dcfff2177baaeb6ec90c2785f7774a0f52", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|90d6475985e05e0418e18ac31651a7dcfff2177baaeb6ec90c2785f7774a0f52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_nv.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54669, "scanner": "repobility-ast-engine", "fingerprint": "371ba8eb65f877630731f4f856bbc7a1b1bc6d5cfaf13bd3943905806ea5d469", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|371ba8eb65f877630731f4f856bbc7a1b1bc6d5cfaf13bd3943905806ea5d469"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_cpu.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54668, "scanner": "repobility-ast-engine", "fingerprint": "b6a213fc0a7f983f39b6027cbf19015994aad5ab84719b0260e93fb3b7aca0d8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6a213fc0a7f983f39b6027cbf19015994aad5ab84719b0260e93fb3b7aca0d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_amd.py"}, "region": {"startLine": 490}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54667, "scanner": "repobility-ast-engine", "fingerprint": "77075da27522fb6e1c216f2de75e0cd558943c23bd1c480a13731afe3b5c38a3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|77075da27522fb6e1c216f2de75e0cd558943c23bd1c480a13731afe3b5c38a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_amd.py"}, "region": {"startLine": 803}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54665, "scanner": "repobility-ast-engine", "fingerprint": "0629270b2e2ed75394a9e2bb59b0c4b10e591d676bbc28095f2c980b44b16994", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0629270b2e2ed75394a9e2bb59b0c4b10e591d676bbc28095f2c980b44b16994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/engine/realize.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54664, "scanner": "repobility-ast-engine", "fingerprint": "1fb988990534c3b469e246a6ae1b25b0462db1aae515f9b16667ce3495ed7481", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fb988990534c3b469e246a6ae1b25b0462db1aae515f9b16667ce3495ed7481"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hcq2/graph/hcq.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54663, "scanner": "repobility-ast-engine", "fingerprint": "cf5d0f12817cc8d94cc4881e2e62418f0e5f5be45477c4b8cf586786980be38f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf5d0f12817cc8d94cc4881e2e62418f0e5f5be45477c4b8cf586786980be38f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/models/mask_rcnn.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54660, "scanner": "repobility-ast-engine", "fingerprint": "71077b71b70eecdf9e2c6de00b004bf1dbd445cca0e66903e02791adec85fc5f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71077b71b70eecdf9e2c6de00b004bf1dbd445cca0e66903e02791adec85fc5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/hcq2/hcq2.py"}, "region": {"startLine": 277}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54658, "scanner": "repobility-ast-engine", "fingerprint": "9f13c618fa890d7f56058f4f80b3565bb622d2e9171076eaefe3bd51bdcb5c23", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9f13c618fa890d7f56058f4f80b3565bb622d2e9171076eaefe3bd51bdcb5c23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/dsp/run_3.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54657, "scanner": "repobility-ast-engine", "fingerprint": "46a333b7693addb16a20e8aee063f6c238ce8354b253650ec726362defc78f62", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46a333b7693addb16a20e8aee063f6c238ce8354b253650ec726362defc78f62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/mockgpu/nv/nvdriver.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54656, "scanner": "repobility-ast-engine", "fingerprint": "53ada29d0708a11e9040f9c1503f0a621f1aef928882e884c836c202e786b546", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53ada29d0708a11e9040f9c1503f0a621f1aef928882e884c836c202e786b546"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/mockgpu/amd/amddriver.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54655, "scanner": "repobility-ast-engine", "fingerprint": "1498d91b2067f7335af94b1724dde912eea952e62e531dd41aed455213af1b89", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1498d91b2067f7335af94b1724dde912eea952e62e531dd41aed455213af1b89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/mockgpu/amd/amdgpu.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `gc` used but not imported: The file uses `gc.something(...)` but never imports `gc`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54654, "scanner": "repobility-ast-engine", "fingerprint": "2c34b4b3879298e970898e8a358b8cd0a9b1a8445b5c85b4cd7a05b7a12ab1cb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c34b4b3879298e970898e8a358b8cd0a9b1a8445b5c85b4cd7a05b7a12ab1cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/mockgpu/am/amgpu.py"}, "region": {"startLine": 295}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54653, "scanner": "repobility-ast-engine", "fingerprint": "1ae91db728065ff7ce0aade78b06e1ec1161ae1b59e35598e3fb6d9fce6c0b26", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ae91db728065ff7ce0aade78b06e1ec1161ae1b59e35598e3fb6d9fce6c0b26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/external/process_replay/process_replay.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54652, "scanner": "repobility-ast-engine", "fingerprint": "36efecaf03927702f085be6b93fc98d844a6aab284e9719bf95bff0758739f74", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36efecaf03927702f085be6b93fc98d844a6aab284e9719bf95bff0758739f74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/external/mlperf_unet3d/dice.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54648, "scanner": "repobility-ast-engine", "fingerprint": "10d888739e8939b30a89093539f0e4ef4d1524c400533260a8b137979ec7061b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10d888739e8939b30a89093539f0e4ef4d1524c400533260a8b137979ec7061b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/amd/test_roundtrip.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54646, "scanner": "repobility-ast-engine", "fingerprint": "d271ed1cce3ba798deb51433d75c26119ee9cd10c9377e6814cf88049fd9d335", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d271ed1cce3ba798deb51433d75c26119ee9cd10c9377e6814cf88049fd9d335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/null/test_tensor.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54640, "scanner": "repobility-ast-engine", "fingerprint": "48ec6b70800abe7012c2331ea0a5a5bbca76c449801fd9b4aa12ee177417220c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|48ec6b70800abe7012c2331ea0a5a5bbca76c449801fd9b4aa12ee177417220c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/null/test_linearizer_rewrite.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54639, "scanner": "repobility-ast-engine", "fingerprint": "f4c68af1077f32e7a7f2fddb6b4280168e84229dd6b9f5e2db7f0b60aa4deaf4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4c68af1077f32e7a7f2fddb6b4280168e84229dd6b9f5e2db7f0b60aa4deaf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_randomness.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54636, "scanner": "repobility-ast-engine", "fingerprint": "4916e577fdace5a9b87b4c0b76c6d07cc90fb856c3288cef0d8167348af1dce8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4916e577fdace5a9b87b4c0b76c6d07cc90fb856c3288cef0d8167348af1dce8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_linearizer.py"}, "region": {"startLine": 403}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54634, "scanner": "repobility-ast-engine", "fingerprint": "4b93a85fc15d1e8b048f545b17a9e6b7f024307bd5f0b5f334c09501461bcd69", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b93a85fc15d1e8b048f545b17a9e6b7f024307bd5f0b5f334c09501461bcd69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_jit.py"}, "region": {"startLine": 747}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54633, "scanner": "repobility-ast-engine", "fingerprint": "e1d5354eb3e9321eed2fd531ed5591c4062efff2c3ed6fea0b6a2e3cf6b36722", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e1d5354eb3e9321eed2fd531ed5591c4062efff2c3ed6fea0b6a2e3cf6b36722"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_uops.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54619, "scanner": "repobility-ast-engine", "fingerprint": "925cc64751af29e1fb912b3e8ac09c7abc2e7d795cfe50edaa328b6716999b35", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|925cc64751af29e1fb912b3e8ac09c7abc2e7d795cfe50edaa328b6716999b35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/backend/test_custom_kernel.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)` but never imports `ast`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 54611, "scanner": "repobility-ast-engine", "fingerprint": "5abbfaef3228e6178f2974e33072e3c59c31a5192f3c01b7400f04acc7c8c1d5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5abbfaef3228e6178f2974e33072e3c59c31a5192f3c01b7400f04acc7c8c1d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 54534, "scanner": "repobility-threat-engine", "fingerprint": "b0ea28d9e3024feba5ea7fa1994c478818a21af22bb457431956d8d7bf78494f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b0ea28d9e3024feba5ea7fa1994c478818a21af22bb457431956d8d7bf78494f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_python.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 54533, "scanner": "repobility-threat-engine", "fingerprint": "a3ddc1d5bef70a8fd9a22e8274b59fa546daa74bfa655c6ecda22223ed660425", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(src", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a3ddc1d5bef70a8fd9a22e8274b59fa546daa74bfa655c6ecda22223ed660425"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tinygrad/runtime/ops_npy.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED005", "level": "error", "message": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "properties": {"repobilityId": 54520, "scanner": "repobility-threat-engine", "fingerprint": "ba9776ef154c6857fde53899c320834a7f26819d5065c338357846867a8b9238", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "lua-loadstring", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["lua"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347908+00:00", "triaged_in_corpus": 20, "observations_count": 291730, "ai_coder_pattern_id": 169}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba9776ef154c6857fde53899c320834a7f26819d5065c338357846867a8b9238"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thunder/amd/include/ops/warp/memory/vec/assembly/shared_to_register.cuh"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED005", "level": "error", "message": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "properties": {"repobilityId": 54517, "scanner": "repobility-threat-engine", "fingerprint": "deeec8b79c3126138a5b189a1623239ae23fb09385c19119eadd46413691aa16", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "lua-loadstring", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["lua"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347908+00:00", "triaged_in_corpus": 20, "observations_count": 291730, "ai_coder_pattern_id": 169}, "scanner": "repobility-threat-engine", "correlation_key": "fp|deeec8b79c3126138a5b189a1623239ae23fb09385c19119eadd46413691aa16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thunder/amd/include/ops/group/memory/vec/global_to_shared.cuh"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED005", "level": "error", "message": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "properties": {"repobilityId": 54516, "scanner": "repobility-threat-engine", "fingerprint": "862debf9419704a77039e8f5992ce8a27299e2af67dd2e0997d7a573f6b9e2b8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "lua-loadstring", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["lua"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347908+00:00", "triaged_in_corpus": 20, "observations_count": 291730, "ai_coder_pattern_id": 169}, "scanner": "repobility-threat-engine", "correlation_key": "fp|862debf9419704a77039e8f5992ce8a27299e2af67dd2e0997d7a573f6b9e2b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/thunder/amd/include/ops/group/memory/tile/global_to_shared.cuh"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 54416, "scanner": "repobility-threat-engine", "fingerprint": "057a455f175f0cf1e56251ef38a6bdd60f64faae8e955f8d004cadf1cf61b409", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|057a455f175f0cf1e56251ef38a6bdd60f64faae8e955f8d004cadf1cf61b409"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/__init__.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 54414, "scanner": "repobility-threat-engine", "fingerprint": "85a131cfe89cbf59f93c44ce0989b47bfe4db8d79777460608ab8a97dcd5b8eb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85a131cfe89cbf59f93c44ce0989b47bfe4db8d79777460608ab8a97dcd5b8eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/openpilot/load_pickle.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 54408, "scanner": "repobility-threat-engine", "fingerprint": "8c713c47b527af0d5db11ddabe7e49d2b69da3eeefa4761e727954a46ae24ed3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c713c47b527af0d5db11ddabe7e49d2b69da3eeefa4761e727954a46ae24ed3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/openpilot/compile3.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 54406, "scanner": "repobility-threat-engine", "fingerprint": "212ca366193d4bce5b6e379558638209a5699efcd81a7ff7e39f34c9fadf22bf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|212ca366193d4bce5b6e379558638209a5699efcd81a7ff7e39f34c9fadf22bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/datasets/__init__.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 54405, "scanner": "repobility-threat-engine", "fingerprint": "1529fb07335dee20eb34eec5943c28d1cce5d75fba826b89da4afbf22a6f8013", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1529fb07335dee20eb34eec5943c28d1cce5d75fba826b89da4afbf22a6f8013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/openpilot/load_pickle.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 54404, "scanner": "repobility-threat-engine", "fingerprint": "fe5b7f025f6360b95a76925239917caf557f342c50d8ed8934dfcefb9ed88d02", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fe5b7f025f6360b95a76925239917caf557f342c50d8ed8934dfcefb9ed88d02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/openpilot/compile3.py"}, "region": {"startLine": 139}}}]}]}]}