{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC008", "name": "Vendored upstream framework tree is mixed with application code", "shortDescription": {"text": "Vendored upstream framework tree is mixed with application code"}, "fullDescription": {"text": "Prefer package management, submodules, or a clearly isolated vendor path. If the copy is intentional, add scanner ignore rules and document the supported customization boundaries."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n  const u = new URL(serverUrl, location.href);\n  if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n  location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 519 lines (recommend <300)", "shortDescription": {"text": "Average file size is 519 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios ", "shortDescription": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED048] Php Error Suppress (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username (and 22 more): Same pattern found in 22 additional files. Review if needed.", "shortDescription": {"text": "[MINED053] Placeholder Default Username (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 24 more): Same pattern found in 24 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/535"}, "properties": {"repository": "WordPress/WordPress", "repoUrl": "https://github.com/WordPress/WordPress.git", "branch": "master"}, "results": [{"ruleId": "AIC008", "level": "warning", "message": {"text": "Vendored upstream framework tree is mixed with application code"}, "properties": {"repobilityId": 32952, "scanner": "repobility-ai-code-hygiene", "fingerprint": "867d6d20bc5f80ad06d507fd16a0892142f9e3b812d3d3d3700af62cd313c21a", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a known upstream application/framework directory.", "evidence": {"rule_id": "AIC008", "scanner": "repobility-ai-code-hygiene", "directory": "wp-includes", "references": ["https://arxiv.org/abs/2601.15195", "https://git-scm.com/docs/gitignore"], "correlation_key": "fp|867d6d20bc5f80ad06d507fd16a0892142f9e3b812d3d3d3700af62cd313c21a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-includes"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC008", "level": "warning", "message": {"text": "Vendored upstream framework tree is mixed with application code"}, "properties": {"repobilityId": 32951, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed96d6567fc171d234ae87fc4feb2125332077acf2f9f61438dc9363ad2f6f79", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a known upstream application/framework directory.", "evidence": {"rule_id": "AIC008", "scanner": "repobility-ai-code-hygiene", "directory": "wp-admin", "references": ["https://arxiv.org/abs/2601.15195", "https://git-scm.com/docs/gitignore"], "correlation_key": "fp|ed96d6567fc171d234ae87fc4feb2125332077acf2f9f61438dc9363ad2f6f79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin"}, "region": {"startLine": 1}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 32950, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 32947, "scanner": "repobility-threat-engine", "fingerprint": "aae1be5b992b01d88c6eec5284750008dff2fdd3623fbd822d0153381e80a89d", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.location = zipUrl", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aae1be5b992b01d88c6eec5284750008dff2fdd3623fbd822d0153381e80a89d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/privacy-tools.js"}, "region": {"startLine": 91}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 32944, "scanner": "repobility-threat-engine", "fingerprint": "0fa7b331b5b08a68337287a70acf30a69a1196c2f9cb518ea60704e5516775e0", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: framework-internal path]", "evidence": {"match": "catch ( error ) {}", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: framework-internal path]", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|0fa7b331b5b08a68337287a70acf30a69a1196c2f9cb518ea60704e5516775e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/svg-painter.js"}, "region": {"startLine": 104}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 32943, "scanner": "repobility-threat-engine", "fingerprint": "37bccbc8462e160fe7601ccf1fdfaae2cca93dd69583dd5e2eebdabbdbe353e0", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: framework-internal path]", "evidence": {"match": "catch ( er ) {}", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: framework-internal path]", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|37bccbc8462e160fe7601ccf1fdfaae2cca93dd69583dd5e2eebdabbdbe353e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/privacy-tools.js"}, "region": {"startLine": 323}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 32942, "scanner": "repobility-threat-engine", "fingerprint": "31c625fbc14762453a5827b812725c24fa02fb0797763c512fd1a2e795e5dbe7", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: framework-internal path]", "evidence": {"match": "catch( e ) {}", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: framework-internal path]", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|31c625fbc14762453a5827b812725c24fa02fb0797763c512fd1a2e795e5dbe7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/media-upload.js"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 32938, "scanner": "repobility-threat-engine", "fingerprint": "1d729ba14de0ec2727846d4ab011f530af4367fe80a8d1bbe0db141573965459", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (1.6 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: framework-internal path]", "evidence": {"match": "password = '<redacted>'", "reason": "Low entropy value (1.6 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: framework-internal path]", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|11|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/network/site-new.php"}, "region": {"startLine": 111}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 519 lines (recommend <300)"}, "properties": {"repobilityId": 32915, "scanner": "repobility-core", "fingerprint": "58a80fbef35803cc95c3cadf9863bc2c85e645d789b0aa27929337e94388d20c", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|58a80fbef35803cc95c3cadf9863bc2c85e645d789b0aa27929337e94388d20c"}}}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 32914, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32953, "scanner": "repobility-ai-code-hygiene", "fingerprint": "40159b155d144cf26adb5b8bab2e4f7f1254c09afdc439035d48837c9d935b4a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "wp-content/themes/twentyfifteen/index.php", "duplicate_line": 1, "correlation_key": "fp|40159b155d144cf26adb5b8bab2e4f7f1254c09afdc439035d48837c9d935b4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-content/themes/twentysixteen/index.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 32946, "scanner": "repobility-threat-engine", "fingerprint": "4d6f67250bf753eaea47ac2f2e4d59d994f510088c0e5933159682cf5f75cb86", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = _", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|28|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/password-toggle.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 32935, "scanner": "repobility-threat-engine", "fingerprint": "f5aa70880e0388fbc9b585ef7575bb16ed66f4a6d0455ad27468edf86ebe1741", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"attachments[' + id + '][image-size]\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f5aa70880e0388fbc9b585ef7575bb16ed66f4a6d0455ad27468edf86ebe1741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/media-gallery.js"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 32934, "scanner": "repobility-threat-engine", "fingerprint": "72d4b2a0cb1c7533dc2cd9de45a81851d08d80258c0c663e44ede9ed71edfd73", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'#in-link-category-' + id + ', #in-popular-link_category-'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|72d4b2a0cb1c7533dc2cd9de45a81851d08d80258c0c663e44ede9ed71edfd73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/link.js"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 32933, "scanner": "repobility-threat-engine", "fingerprint": "a395bd05e140d110e73499a5b228e70d72e5171905b7fe5b4c6a444c2080b5e3", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'/wp/v2/users/' + userId + '/application-passwords?_locale=user'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a395bd05e140d110e73499a5b228e70d72e5171905b7fe5b4c6a444c2080b5e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/application-passwords.js"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 32945, "scanner": "repobility-threat-engine", "fingerprint": "eb01f221ef63da4c484d3dcd1b315696131e0c98bc85e397c783876cb3eb0a4a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eb01f221ef63da4c484d3dcd1b315696131e0c98bc85e397c783876cb3eb0a4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/password-strength-meter.js"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 32941, "scanner": "repobility-threat-engine", "fingerprint": "b0c93833e89fb7afecf7bf2f7a2b79d0405bbc5937532e6c8981d0e431de0321", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b0c93833e89fb7afecf7bf2f7a2b79d0405bbc5937532e6c8981d0e431de0321"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/privacy-tools.js"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 32940, "scanner": "repobility-threat-engine", "fingerprint": "54d01aa6e9e458642063391e0cfd7c2cce0b72192c4b82a355b45fdd6c96623b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54d01aa6e9e458642063391e0cfd7c2cce0b72192c4b82a355b45fdd6c96623b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/gallery.js"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 32939, "scanner": "repobility-threat-engine", "fingerprint": "415a78663deeb8e389a6a335bfb62bd202ed9ea948c3486ff9a0d842f555c2e3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|415a78663deeb8e389a6a335bfb62bd202ed9ea948c3486ff9a0d842f555c2e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/auth-app.js"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32936, "scanner": "repobility-threat-engine", "fingerprint": "802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c"}}}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32931, "scanner": "repobility-threat-engine", "fingerprint": "d71724ef9ebc40c9f37835e9a17943f9474ef3b21970d0351d917057cdfb2b85", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d71724ef9ebc40c9f37835e9a17943f9474ef3b21970d0351d917057cdfb2b85", "aggregated_count": 1}}}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 32930, "scanner": "repobility-threat-engine", "fingerprint": "042844ba614930c92520a7136e0c5b53f78fe9e571e6cb6434e8a0a73027808b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|042844ba614930c92520a7136e0c5b53f78fe9e571e6cb6434e8a0a73027808b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/includes/class-ftp-sockets.php"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 32929, "scanner": "repobility-threat-engine", "fingerprint": "b73ce52f29b47d780db8c02de2165740c4d9d3f998c2b77d29c2b0fff4f25725", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b73ce52f29b47d780db8c02de2165740c4d9d3f998c2b77d29c2b0fff4f25725"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/includes/class-ftp-pure.php"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 32928, "scanner": "repobility-threat-engine", "fingerprint": "2bf9d7d8e89ab00b907e3e0dcd621c90c0343c12e8d65ee3822257678ae070a8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2bf9d7d8e89ab00b907e3e0dcd621c90c0343c12e8d65ee3822257678ae070a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/includes/class-file-upload-upgrader.php"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 32927, "scanner": "repobility-threat-engine", "fingerprint": "d432fbf69943c25e49618d7d8c67174e3857c61632a769c778181628ffc7a58f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d432fbf69943c25e49618d7d8c67174e3857c61632a769c778181628ffc7a58f", "aggregated_count": 22}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 32926, "scanner": "repobility-threat-engine", "fingerprint": "68094d11fdc91f098f4ab363aeda25250e82b2702069f6bdfcabf63003e323dd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|68094d11fdc91f098f4ab363aeda25250e82b2702069f6bdfcabf63003e323dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/contribute.php"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 32925, "scanner": "repobility-threat-engine", "fingerprint": "2cf9b1e65ebb7cc86a8ece9d46b5587f94ec38e84c02a235961064c9b642b213", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2cf9b1e65ebb7cc86a8ece9d46b5587f94ec38e84c02a235961064c9b642b213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/authorize-application.php"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 32924, "scanner": "repobility-threat-engine", "fingerprint": "e56e483c6db02d24e73c58f5811c137a747de408a689e09fd3ccb39f66faee8f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e56e483c6db02d24e73c58f5811c137a747de408a689e09fd3ccb39f66faee8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/async-upload.php"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 32923, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32922, "scanner": "repobility-threat-engine", "fingerprint": "80d5a628239f65b1d5889dad30edb7de3bc0730b818938f8abe68e7da51c8a80", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|80d5a628239f65b1d5889dad30edb7de3bc0730b818938f8abe68e7da51c8a80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/includes/credits.php"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32921, "scanner": "repobility-threat-engine", "fingerprint": "e48383b974ec5abd0ac5a1a793c27afd77292f95370466fca426005639a91be5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e48383b974ec5abd0ac5a1a793c27afd77292f95370466fca426005639a91be5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/includes/class-wp-importer.php"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32920, "scanner": "repobility-threat-engine", "fingerprint": "8d5919641923cd636e51b9063d737ef60784c68171b1c4a81bd25fcea5d8284e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d5919641923cd636e51b9063d737ef60784c68171b1c4a81bd25fcea5d8284e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-activate.php"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "properties": {"repobilityId": 32919, "scanner": "repobility-threat-engine", "fingerprint": "a884d8b9c9b37af90da357b7c75eca50333b5b114663c3dfe3363f9ee69163f2", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 24 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 24 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a884d8b9c9b37af90da357b7c75eca50333b5b114663c3dfe3363f9ee69163f2"}}}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 32949, "scanner": "repobility-threat-engine", "fingerprint": "c18846033ecf99edb625a609ae0527d20a69ad01c2b139d47f1a669e677b13e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp( separator", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c18846033ecf99edb625a609ae0527d20a69ad01c2b139d47f1a669e677b13e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/tags-suggest.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 32948, "scanner": "repobility-threat-engine", "fingerprint": "b762440e6eae70c8724b30d68f14f0f83285a8ae63a4ccfcff957815ab359b26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp( tagDelimiter", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b762440e6eae70c8724b30d68f14f0f83285a8ae63a4ccfcff957815ab359b26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/tags-box.js"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 32932, "scanner": "repobility-threat-engine", "fingerprint": "479ff58887dee9c4d9bb98c77c59a9d4330f8a254295d370c2a94208fb8ab911", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|479ff58887dee9c4d9bb98c77c59a9d4330f8a254295d370c2a94208fb8ab911"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/includes/import.php"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 32918, "scanner": "repobility-threat-engine", "fingerprint": "1d0611189d5f828125238b82354621b712880f9c45658c58cad7b574e887e103", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url( g", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1d0611189d5f828125238b82354621b712880f9c45658c58cad7b574e887e103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/async-upload.php"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 32917, "scanner": "repobility-threat-engine", "fingerprint": "ded0ffd20f79e5c632169bdf5047d75ad730e68ff9e0a6b3d411035f5d38dd70", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url( _", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ded0ffd20f79e5c632169bdf5047d75ad730e68ff9e0a6b3d411035f5d38dd70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/admin-footer.php"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 32916, "scanner": "repobility-threat-engine", "fingerprint": "196b8c98b2a109be25082580b24124c36c1350c913dff66930fa4472e4ca72b4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url( n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|196b8c98b2a109be25082580b24124c36c1350c913dff66930fa4472e4ca72b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-activate.php"}, "region": {"startLine": 128}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 32913, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "SEC001", "level": "error", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 32937, "scanner": "repobility-threat-engine", "fingerprint": "c03733dc6c9724825ad005741168d1bf40a1c998cb6bebfb3fdaae76845c9fb1", "category": "credential_exposure", "severity": "critical", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "High entropy value (4.7 bits) \u2014 likely real secret | [R34 auto-suppress: framework-internal path]", "evidence": {"match": "password=' + encodeURIComponent( response.password );\n\n\t\t\t\twindow.location = url;\n\t\t\t} else {\n\t\t\t\tme", "reason": "High entropy value (4.7 bits) \u2014 likely real secret | [R34 auto-suppress: framework-internal path]", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "secret|wp-admin/js/auth-app.js|8|password + encodeuricomponent response.password window.location url else me"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wp-admin/js/auth-app.js"}, "region": {"startLine": 84}}}]}]}]}