{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `print_report` has cognitive complexity 15 (SonarSource scale). Cognitive ", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `print_report` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std (and 29 more): Same pattern found in 29 additional files. Review if needed.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 308 more): Same pattern found in 308 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 308 more): Same pattern found in 308 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o` committed in source repo: `thirdparty/lzo/2.0", "shortDescription": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o` is a .o binary (954 bytes) committed to a repo that otherwise has 4073 source files. Tr"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at ", "shortDescription": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compro"}, "fullDescription": {"text": "Replace with: `uses: actions/upload-artifact@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._validate_path` used but never assigned in __init__: Method `validate_paths` of class `QrcValidator` re", "shortDescription": {"text": "[MINED108] `self._validate_path` used but never assigned in __init__: Method `validate_paths` of class `QrcValidator` reads `self._validate_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attribu"}, "fullDescription": {"text": "Initialize `self._validate_path = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_fft: Test function `test_fft` runs code but contains no assert / expect / should ", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_fft: Test function `test_fft` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED104", "name": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local pr", "shortDescription": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "fullDescription": {"text": "Use the least-privilege mode the file actually needs (e.g. 640 for configs, 750 for executables). For directories that genuinely need shared write access, use a group with chmod g+w and chown the right group."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/556"}, "properties": {"repository": "opentoonz/opentoonz", "repoUrl": "https://github.com/opentoonz/opentoonz.git", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36296, "scanner": "repobility-ast-engine", "fingerprint": "b112e6d489fe54072625c2d2436c8365dc07c7ecdffcadcc921bb794ccf0420d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b112e6d489fe54072625c2d2436c8365dc07c7ecdffcadcc921bb794ccf0420d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36297, "scanner": "repobility-ast-engine", "fingerprint": "b112e6d489fe54072625c2d2436c8365dc07c7ecdffcadcc921bb794ccf0420d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b112e6d489fe54072625c2d2436c8365dc07c7ecdffcadcc921bb794ccf0420d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `print_report` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=5, if=3, nested_bonus=5, or=2."}, "properties": {"repobilityId": 36225, "scanner": "repobility-threat-engine", "fingerprint": "8694a7d2bb03271399c54450257ee802c4536b3aa2bd24f8a504f411a11cbab8", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "print_report", "breakdown": {"if": 3, "or": 2, "for": 5, "nested_bonus": 5}, "complexity": 15, "correlation_key": "fp|8694a7d2bb03271399c54450257ee802c4536b3aa2bd24f8a504f411a11cbab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `print_report` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=5, if=3, nested_bonus=5, or=2."}, "properties": {"repobilityId": 36224, "scanner": "repobility-threat-engine", "fingerprint": "8694a7d2bb03271399c54450257ee802c4536b3aa2bd24f8a504f411a11cbab8", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "print_report", "breakdown": {"if": 3, "or": 2, "for": 5, "nested_bonus": 5}, "complexity": 15, "correlation_key": "fp|8694a7d2bb03271399c54450257ee802c4536b3aa2bd24f8a504f411a11cbab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 36211, "scanner": "repobility-threat-engine", "fingerprint": "00eddbb7c3c4264b0bdbe74d94baf7462d3a99689cb146e7f4d38e4d433dbd14", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|44|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/t32bitsrv/main.cpp"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 36210, "scanner": "repobility-threat-engine", "fingerprint": "00eddbb7c3c4264b0bdbe74d94baf7462d3a99689cb146e7f4d38e4d433dbd14", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|44|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/t32bitsrv/main.cpp"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 36209, "scanner": "repobility-threat-engine", "fingerprint": "108e51703336c7b578d6d7bd4bc7535a1da654f0f36c55eb627a6a7d1efefba1", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|201|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/toonzqt/imageutils.h"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 36208, "scanner": "repobility-threat-engine", "fingerprint": "108e51703336c7b578d6d7bd4bc7535a1da654f0f36c55eb627a6a7d1efefba1", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|201|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/toonzqt/imageutils.h"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 36207, "scanner": "repobility-threat-engine", "fingerprint": "c242188fa73ebb83607f0c404706251c6c27e67e067b8c0061f11b4d605e8b4f", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|61|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/toonz/autoclose.h"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 36206, "scanner": "repobility-threat-engine", "fingerprint": "c242188fa73ebb83607f0c404706251c6c27e67e067b8c0061f11b4d605e8b4f", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|61|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/toonz/autoclose.h"}, "region": {"startLine": 61}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36291, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7a7ff34b12243e092da14625625d94f3436791712143847769f98e6e368d4b9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/kiss_fft/tools/fftutil.c", "duplicate_line": 132, "correlation_key": "fp|c7a7ff34b12243e092da14625625d94f3436791712143847769f98e6e368d4b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/kiss_fft/tools/psdpng.c"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36290, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7a7ff34b12243e092da14625625d94f3436791712143847769f98e6e368d4b9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/kiss_fft/tools/fftutil.c", "duplicate_line": 132, "correlation_key": "fp|c7a7ff34b12243e092da14625625d94f3436791712143847769f98e6e368d4b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/kiss_fft/tools/psdpng.c"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36289, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5819ee74343e8d72747d717cb976c93732dca29f62bf38091649b52b4f7a7301", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/glew/glew-1.9.0/auto/src/glxew_head.h", "duplicate_line": 1, "correlation_key": "fp|5819ee74343e8d72747d717cb976c93732dca29f62bf38091649b52b4f7a7301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/glew/glew-1.9.0/include/GL/glxew.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36288, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5819ee74343e8d72747d717cb976c93732dca29f62bf38091649b52b4f7a7301", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/glew/glew-1.9.0/auto/src/glxew_head.h", "duplicate_line": 1, "correlation_key": "fp|5819ee74343e8d72747d717cb976c93732dca29f62bf38091649b52b4f7a7301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/glew/glew-1.9.0/include/GL/glxew.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36287, "scanner": "repobility-ai-code-hygiene", "fingerprint": "502e8424784f6a49dadf79929402e951a53397698d1e133391ffdeaa5155f325", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/glew/glew-1.9.0/auto/src/glew_head.c", "duplicate_line": 1, "correlation_key": "fp|502e8424784f6a49dadf79929402e951a53397698d1e133391ffdeaa5155f325"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/glew/glew-1.9.0/auto/src/glew_utils.c"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36286, "scanner": "repobility-ai-code-hygiene", "fingerprint": "502e8424784f6a49dadf79929402e951a53397698d1e133391ffdeaa5155f325", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/glew/glew-1.9.0/auto/src/glew_head.c", "duplicate_line": 1, "correlation_key": "fp|502e8424784f6a49dadf79929402e951a53397698d1e133391ffdeaa5155f325"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/glew/glew-1.9.0/auto/src/glew_utils.c"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36285, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82cb5fa9d088acb80f9fe4ab27a9451b1edbcb3fc8c3a8c62f645abbea95be13", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/lz4io.c", "duplicate_line": 8, "correlation_key": "fp|82cb5fa9d088acb80f9fe4ab27a9451b1edbcb3fc8c3a8c62f645abbea95be13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.h"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36284, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82cb5fa9d088acb80f9fe4ab27a9451b1edbcb3fc8c3a8c62f645abbea95be13", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/lz4io.c", "duplicate_line": 8, "correlation_key": "fp|82cb5fa9d088acb80f9fe4ab27a9451b1edbcb3fc8c3a8c62f645abbea95be13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.h"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36283, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3191bc454ba886fb6d5109ba1f0620c8d54b03f497d9cc309b52a79280add18", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 3, "correlation_key": "fp|a3191bc454ba886fb6d5109ba1f0620c8d54b03f497d9cc309b52a79280add18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36282, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3191bc454ba886fb6d5109ba1f0620c8d54b03f497d9cc309b52a79280add18", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 3, "correlation_key": "fp|a3191bc454ba886fb6d5109ba1f0620c8d54b03f497d9cc309b52a79280add18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36281, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4751a702228c5c3d4a4a966e8c16db94c0ab98262ae2a2d60426342712136557", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/lz4cli.c", "duplicate_line": 2, "correlation_key": "fp|4751a702228c5c3d4a4a966e8c16db94c0ab98262ae2a2d60426342712136557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36280, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4751a702228c5c3d4a4a966e8c16db94c0ab98262ae2a2d60426342712136557", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/lz4cli.c", "duplicate_line": 2, "correlation_key": "fp|4751a702228c5c3d4a4a966e8c16db94c0ab98262ae2a2d60426342712136557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36279, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d8f48b2bd2a58ef89e6cf10358a84aef948152166feb255449d553c8bf7246e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 3, "correlation_key": "fp|d8f48b2bd2a58ef89e6cf10358a84aef948152166feb255449d553c8bf7246e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36278, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d8f48b2bd2a58ef89e6cf10358a84aef948152166feb255449d553c8bf7246e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 3, "correlation_key": "fp|d8f48b2bd2a58ef89e6cf10358a84aef948152166feb255449d553c8bf7246e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36277, "scanner": "repobility-ai-code-hygiene", "fingerprint": "180ff29c3c82194f092b6b9f85c766497a2cc83d16a47d6750ec44a4158a6476", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/lz4cli.c", "duplicate_line": 2, "correlation_key": "fp|180ff29c3c82194f092b6b9f85c766497a2cc83d16a47d6750ec44a4158a6476"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36276, "scanner": "repobility-ai-code-hygiene", "fingerprint": "180ff29c3c82194f092b6b9f85c766497a2cc83d16a47d6750ec44a4158a6476", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/lz4cli.c", "duplicate_line": 2, "correlation_key": "fp|180ff29c3c82194f092b6b9f85c766497a2cc83d16a47d6750ec44a4158a6476"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4io.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36275, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f1c12a58fbb38484964e944e1db59f13a276eeccb72cbe8fa10cf4f23daaa1b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 3, "correlation_key": "fp|6f1c12a58fbb38484964e944e1db59f13a276eeccb72cbe8fa10cf4f23daaa1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4cli.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36274, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f1c12a58fbb38484964e944e1db59f13a276eeccb72cbe8fa10cf4f23daaa1b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 3, "correlation_key": "fp|6f1c12a58fbb38484964e944e1db59f13a276eeccb72cbe8fa10cf4f23daaa1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/lz4cli.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36272, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3751955abb78fae6de2ac4c3194604035506a8b1bb260b7c7fe77277550a153e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/frametest.c", "duplicate_line": 48, "correlation_key": "fp|3751955abb78fae6de2ac4c3194604035506a8b1bb260b7c7fe77277550a153e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/fuzzer.c"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36273, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3751955abb78fae6de2ac4c3194604035506a8b1bb260b7c7fe77277550a153e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/frametest.c", "duplicate_line": 48, "correlation_key": "fp|3751955abb78fae6de2ac4c3194604035506a8b1bb260b7c7fe77277550a153e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/fuzzer.c"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36270, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcf4a1ef385a201f2725a620f556ed22d70f512185746d3edf492cb9e559b6a0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|bcf4a1ef385a201f2725a620f556ed22d70f512185746d3edf492cb9e559b6a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/fuzzer.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36271, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcf4a1ef385a201f2725a620f556ed22d70f512185746d3edf492cb9e559b6a0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|bcf4a1ef385a201f2725a620f556ed22d70f512185746d3edf492cb9e559b6a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/fuzzer.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36269, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8101c060b4260d8de2cf9df5f3967a8e126944937fe36b936b974a47bca2e0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/frametest.c", "duplicate_line": 7, "correlation_key": "fp|b8101c060b4260d8de2cf9df5f3967a8e126944937fe36b936b974a47bca2e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/fullbench.c"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36268, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8101c060b4260d8de2cf9df5f3967a8e126944937fe36b936b974a47bca2e0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/frametest.c", "duplicate_line": 7, "correlation_key": "fp|b8101c060b4260d8de2cf9df5f3967a8e126944937fe36b936b974a47bca2e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/fullbench.c"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36267, "scanner": "repobility-ai-code-hygiene", "fingerprint": "50edfc6e23cd915ec57801603514381cbc099ab3f366c1929e2e15985a4707a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|50edfc6e23cd915ec57801603514381cbc099ab3f366c1929e2e15985a4707a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/fullbench.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36266, "scanner": "repobility-ai-code-hygiene", "fingerprint": "50edfc6e23cd915ec57801603514381cbc099ab3f366c1929e2e15985a4707a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|50edfc6e23cd915ec57801603514381cbc099ab3f366c1929e2e15985a4707a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/fullbench.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36265, "scanner": "repobility-ai-code-hygiene", "fingerprint": "428afee2fc598e769d016cd60647cfeaa1a32bf549f0f49c9f87b76d4725e3b6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 3, "correlation_key": "fp|428afee2fc598e769d016cd60647cfeaa1a32bf549f0f49c9f87b76d4725e3b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/frametest.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36264, "scanner": "repobility-ai-code-hygiene", "fingerprint": "428afee2fc598e769d016cd60647cfeaa1a32bf549f0f49c9f87b76d4725e3b6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 3, "correlation_key": "fp|428afee2fc598e769d016cd60647cfeaa1a32bf549f0f49c9f87b76d4725e3b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/frametest.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36263, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b21ded8c69b8a578d3dd20950388ccfcd66502d073ef13064217b0867c7cc37", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/datagen.c", "duplicate_line": 5, "correlation_key": "fp|3b21ded8c69b8a578d3dd20950388ccfcd66502d073ef13064217b0867c7cc37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagencli.c"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36262, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b21ded8c69b8a578d3dd20950388ccfcd66502d073ef13064217b0867c7cc37", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/datagen.c", "duplicate_line": 5, "correlation_key": "fp|3b21ded8c69b8a578d3dd20950388ccfcd66502d073ef13064217b0867c7cc37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagencli.c"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36261, "scanner": "repobility-ai-code-hygiene", "fingerprint": "54d1474e7c742bb487fd9686e4afbb78ba47aa823c0e47997e9d9aa717c7c428", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|54d1474e7c742bb487fd9686e4afbb78ba47aa823c0e47997e9d9aa717c7c428"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagencli.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36260, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0fe36a916bbd640af5ea24961956eb6c5277dfb72c23f1a2ba4a5eb13839c21", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/datagen.c", "duplicate_line": 5, "correlation_key": "fp|e0fe36a916bbd640af5ea24961956eb6c5277dfb72c23f1a2ba4a5eb13839c21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagen.h"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36259, "scanner": "repobility-ai-code-hygiene", "fingerprint": "54d1474e7c742bb487fd9686e4afbb78ba47aa823c0e47997e9d9aa717c7c428", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|54d1474e7c742bb487fd9686e4afbb78ba47aa823c0e47997e9d9aa717c7c428"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagencli.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36258, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0fe36a916bbd640af5ea24961956eb6c5277dfb72c23f1a2ba4a5eb13839c21", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/datagen.c", "duplicate_line": 5, "correlation_key": "fp|e0fe36a916bbd640af5ea24961956eb6c5277dfb72c23f1a2ba4a5eb13839c21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagen.h"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36257, "scanner": "repobility-ai-code-hygiene", "fingerprint": "137978fe276291ba0e56ee8b87f6a6973db4bc554c6f169fd4db4ee6d6e80ce7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|137978fe276291ba0e56ee8b87f6a6973db4bc554c6f169fd4db4ee6d6e80ce7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagen.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36256, "scanner": "repobility-ai-code-hygiene", "fingerprint": "137978fe276291ba0e56ee8b87f6a6973db4bc554c6f169fd4db4ee6d6e80ce7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|137978fe276291ba0e56ee8b87f6a6973db4bc554c6f169fd4db4ee6d6e80ce7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagen.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36255, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c9c7cbcecc7084a1f47a44b2de75077ad82c097d686bd0bbe6594eb4c2cf793", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|9c9c7cbcecc7084a1f47a44b2de75077ad82c097d686bd0bbe6594eb4c2cf793"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagen.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36254, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c9c7cbcecc7084a1f47a44b2de75077ad82c097d686bd0bbe6594eb4c2cf793", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 2, "correlation_key": "fp|9c9c7cbcecc7084a1f47a44b2de75077ad82c097d686bd0bbe6594eb4c2cf793"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/datagen.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36253, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5db90cc35932da76788051442d589f3c29be82f8f8d1a5806e837476ca436bdb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 4, "correlation_key": "fp|5db90cc35932da76788051442d589f3c29be82f8f8d1a5806e837476ca436bdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/bench.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36252, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5db90cc35932da76788051442d589f3c29be82f8f8d1a5806e837476ca436bdb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/programs/bench.c", "duplicate_line": 4, "correlation_key": "fp|5db90cc35932da76788051442d589f3c29be82f8f8d1a5806e837476ca436bdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/programs/bench.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36251, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82d5c04937dd8053a595b2135b12020994ded8c41f34319e25170de143f37365", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/xxhash.c", "duplicate_line": 12, "correlation_key": "fp|82d5c04937dd8053a595b2135b12020994ded8c41f34319e25170de143f37365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/xxhash.h"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36250, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82d5c04937dd8053a595b2135b12020994ded8c41f34319e25170de143f37365", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/xxhash.c", "duplicate_line": 12, "correlation_key": "fp|82d5c04937dd8053a595b2135b12020994ded8c41f34319e25170de143f37365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/xxhash.h"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36249, "scanner": "repobility-ai-code-hygiene", "fingerprint": "373b89a445192a2388ba3aa31e5af05b53eeb5c187973e16b97d9177843229f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 4, "correlation_key": "fp|373b89a445192a2388ba3aa31e5af05b53eeb5c187973e16b97d9177843229f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/xxhash.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36248, "scanner": "repobility-ai-code-hygiene", "fingerprint": "373b89a445192a2388ba3aa31e5af05b53eeb5c187973e16b97d9177843229f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 4, "correlation_key": "fp|373b89a445192a2388ba3aa31e5af05b53eeb5c187973e16b97d9177843229f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/xxhash.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36246, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd8b567cc6bec1ce0b0c6079ded9986edb06372042b4fe9b759d70ccf08823aa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 4, "correlation_key": "fp|cd8b567cc6bec1ce0b0c6079ded9986edb06372042b4fe9b759d70ccf08823aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/xxhash.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36247, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd8b567cc6bec1ce0b0c6079ded9986edb06372042b4fe9b759d70ccf08823aa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 4, "correlation_key": "fp|cd8b567cc6bec1ce0b0c6079ded9986edb06372042b4fe9b759d70ccf08823aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/xxhash.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36245, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96d15a937fb7bbcaed92dfdd101059da9f04814ef4d612956713c448327b5a0f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 2, "correlation_key": "fp|96d15a937fb7bbcaed92dfdd101059da9f04814ef4d612956713c448327b5a0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/lz4hc.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36244, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96d15a937fb7bbcaed92dfdd101059da9f04814ef4d612956713c448327b5a0f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 2, "correlation_key": "fp|96d15a937fb7bbcaed92dfdd101059da9f04814ef4d612956713c448327b5a0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/lz4hc.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36243, "scanner": "repobility-ai-code-hygiene", "fingerprint": "091e0414c5bc1f0157f4f0e465bb5f18613b271c3095f5b97b4433e2f44f747e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 3, "correlation_key": "fp|091e0414c5bc1f0157f4f0e465bb5f18613b271c3095f5b97b4433e2f44f747e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/lz4hc.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36242, "scanner": "repobility-ai-code-hygiene", "fingerprint": "091e0414c5bc1f0157f4f0e465bb5f18613b271c3095f5b97b4433e2f44f747e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 3, "correlation_key": "fp|091e0414c5bc1f0157f4f0e465bb5f18613b271c3095f5b97b4433e2f44f747e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/lz4hc.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36241, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbc74133c0081046a50a37e660876162fbf38f0819ee212850e6ecd5d5aebef2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 3, "correlation_key": "fp|cbc74133c0081046a50a37e660876162fbf38f0819ee212850e6ecd5d5aebef2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/lz4frame_static.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36240, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbc74133c0081046a50a37e660876162fbf38f0819ee212850e6ecd5d5aebef2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 3, "correlation_key": "fp|cbc74133c0081046a50a37e660876162fbf38f0819ee212850e6ecd5d5aebef2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/lz4frame_static.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36239, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2fb3e253b92945df3a101aed1500c6cfa7c8906b841aabf2b494de00b70325d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 2, "correlation_key": "fp|2fb3e253b92945df3a101aed1500c6cfa7c8906b841aabf2b494de00b70325d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/lz4frame.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36238, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2fb3e253b92945df3a101aed1500c6cfa7c8906b841aabf2b494de00b70325d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "thirdparty/Lz4/Lz4_131/lib/lz4.h", "duplicate_line": 2, "correlation_key": "fp|2fb3e253b92945df3a101aed1500c6cfa7c8906b841aabf2b494de00b70325d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/Lz4/Lz4_131/lib/lz4frame.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36237, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da7c9a2fc5e78825e757d41cc075b73dd6c2d505c56e7b546f063adb49c42be5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/geom/geom.cpp", "duplicate_line": 5, "correlation_key": "fp|da7c9a2fc5e78825e757d41cc075b73dd6c2d505c56e7b546f063adb49c42be5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/multiplugin/multi.cpp"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36236, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da7c9a2fc5e78825e757d41cc075b73dd6c2d505c56e7b546f063adb49c42be5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/geom/geom.cpp", "duplicate_line": 5, "correlation_key": "fp|da7c9a2fc5e78825e757d41cc075b73dd6c2d505c56e7b546f063adb49c42be5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/multiplugin/multi.cpp"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36235, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89b8e28e0119ffeb06ed0112696a02a9c02be57a183217190fbbcc65f938ab8b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/blur/blur.cpp", "duplicate_line": 2, "correlation_key": "fp|89b8e28e0119ffeb06ed0112696a02a9c02be57a183217190fbbcc65f938ab8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/multiplugin/multi.cpp"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36234, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89b8e28e0119ffeb06ed0112696a02a9c02be57a183217190fbbcc65f938ab8b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/blur/blur.cpp", "duplicate_line": 2, "correlation_key": "fp|89b8e28e0119ffeb06ed0112696a02a9c02be57a183217190fbbcc65f938ab8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/multiplugin/multi.cpp"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36233, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b6d475b745c3148cb03d6e795d5a7595dbf7800b60ee408b1eec3e9ea4dd7b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/blur/blur.cpp", "duplicate_line": 1, "correlation_key": "fp|3b6d475b745c3148cb03d6e795d5a7595dbf7800b60ee408b1eec3e9ea4dd7b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/geom/geom.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36232, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b6d475b745c3148cb03d6e795d5a7595dbf7800b60ee408b1eec3e9ea4dd7b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "plugins/blur/blur.cpp", "duplicate_line": 1, "correlation_key": "fp|3b6d475b745c3148cb03d6e795d5a7595dbf7800b60ee408b1eec3e9ea4dd7b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/geom/geom.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 36231, "scanner": "repobility-threat-engine", "fingerprint": "f1a8f7bd80f8e5dc46aa5b1e85cdb7fb65eb973955b20581c74d59f410d002ab", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"The Controller should run on \" + hostName + \" at port \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f1a8f7bd80f8e5dc46aa5b1e85cdb7fb65eb973955b20581c74d59f410d002ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonzfarm/tfarmclient/appmainshell.cpp"}, "region": {"startLine": 142}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 36230, "scanner": "repobility-threat-engine", "fingerprint": "f1a8f7bd80f8e5dc46aa5b1e85cdb7fb65eb973955b20581c74d59f410d002ab", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"The Controller should run on \" + hostName + \" at port \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f1a8f7bd80f8e5dc46aa5b1e85cdb7fb65eb973955b20581c74d59f410d002ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonzfarm/tfarmclient/appmainshell.cpp"}, "region": {"startLine": 142}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_validate_path` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=4, nested_bonus=3."}, "properties": {"repobilityId": 36229, "scanner": "repobility-threat-engine", "fingerprint": "0d532c17383117fa3972fb821a57d4dcda6172b329deabe77e7aa79710b0f2c3", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_validate_path", "breakdown": {"if": 4, "for": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|0d532c17383117fa3972fb821a57d4dcda6172b329deabe77e7aa79710b0f2c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_validate_path` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=4, nested_bonus=3."}, "properties": {"repobilityId": 36228, "scanner": "repobility-threat-engine", "fingerprint": "0d532c17383117fa3972fb821a57d4dcda6172b329deabe77e7aa79710b0f2c3", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_validate_path", "breakdown": {"if": 4, "for": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|0d532c17383117fa3972fb821a57d4dcda6172b329deabe77e7aa79710b0f2c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `validate_paths` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, except=2, for=1, if=3, nested_bonus=1."}, "properties": {"repobilityId": 36227, "scanner": "repobility-threat-engine", "fingerprint": "d76c4a1284e4f75520cbfde4d398b2c8efceaaa60a5b196739248f4611b30669", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "validate_paths", "breakdown": {"if": 3, "and": 1, "for": 1, "except": 2, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|d76c4a1284e4f75520cbfde4d398b2c8efceaaa60a5b196739248f4611b30669"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `validate_paths` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, except=2, for=1, if=3, nested_bonus=1."}, "properties": {"repobilityId": 36226, "scanner": "repobility-threat-engine", "fingerprint": "d76c4a1284e4f75520cbfde4d398b2c8efceaaa60a5b196739248f4611b30669", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "validate_paths", "breakdown": {"if": 3, "and": 1, "for": 1, "except": 2, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|d76c4a1284e4f75520cbfde4d398b2c8efceaaa60a5b196739248f4611b30669"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 36221, "scanner": "repobility-threat-engine", "fingerprint": "b25ca6c2b6e8056e9e2c805b4ff75b5230249c907e2c0475c7bb8fc214cf24b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b25ca6c2b6e8056e9e2c805b4ff75b5230249c907e2c0475c7bb8fc214cf24b0"}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 36219, "scanner": "repobility-threat-engine", "fingerprint": "b25ca6c2b6e8056e9e2c805b4ff75b5230249c907e2c0475c7bb8fc214cf24b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b25ca6c2b6e8056e9e2c805b4ff75b5230249c907e2c0475c7bb8fc214cf24b0"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 36213, "scanner": "repobility-threat-engine", "fingerprint": "22392344724895ffca9c480ac12c9c8fa4f96c0b988894fd81a0f35b89e7a613", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|22392344724895ffca9c480ac12c9c8fa4f96c0b988894fd81a0f35b89e7a613"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 36212, "scanner": "repobility-threat-engine", "fingerprint": "22392344724895ffca9c480ac12c9c8fa4f96c0b988894fd81a0f35b89e7a613", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|22392344724895ffca9c480ac12c9c8fa4f96c0b988894fd81a0f35b89e7a613"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 36204, "scanner": "repobility-threat-engine", "fingerprint": "2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 36205, "scanner": "repobility-threat-engine", "fingerprint": "2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58"}}}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 36191, "scanner": "repobility-threat-engine", "fingerprint": "baaab7f7ec6de4c0e9b7fdcc6578841203438adeed6e45b53086249c6672b7ab", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|baaab7f7ec6de4c0e9b7fdcc6578841203438adeed6e45b53086249c6672b7ab", "aggregated_count": 11}}}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 36190, "scanner": "repobility-threat-engine", "fingerprint": "baaab7f7ec6de4c0e9b7fdcc6578841203438adeed6e45b53086249c6672b7ab", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|baaab7f7ec6de4c0e9b7fdcc6578841203438adeed6e45b53086249c6672b7ab", "aggregated_count": 11}}}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "properties": {"repobilityId": 36185, "scanner": "repobility-threat-engine", "fingerprint": "e1079845a7f11d395c886049b42cac98486031af633079e7d1522538bd38d8ad", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e1079845a7f11d395c886049b42cac98486031af633079e7d1522538bd38d8ad", "aggregated_count": 29}}}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "properties": {"repobilityId": 36182, "scanner": "repobility-threat-engine", "fingerprint": "e1079845a7f11d395c886049b42cac98486031af633079e7d1522538bd38d8ad", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e1079845a7f11d395c886049b42cac98486031af633079e7d1522538bd38d8ad", "aggregated_count": 29}}}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 36181, "scanner": "repobility-threat-engine", "fingerprint": "78a0f75cf5dc29f8ccecbb64d7ec69cdfe2e9a1705e838aa6b19bdfefeb8fa6d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|78a0f75cf5dc29f8ccecbb64d7ec69cdfe2e9a1705e838aa6b19bdfefeb8fa6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/tcore/tstopwatch.cpp"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 36180, "scanner": "repobility-threat-engine", "fingerprint": "78a0f75cf5dc29f8ccecbb64d7ec69cdfe2e9a1705e838aa6b19bdfefeb8fa6d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|78a0f75cf5dc29f8ccecbb64d7ec69cdfe2e9a1705e838aa6b19bdfefeb8fa6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/tcore/tstopwatch.cpp"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 36178, "scanner": "repobility-threat-engine", "fingerprint": "a57d2ae232a2a789094a4724df54dce5cb3634fb00e01643c1dbbbe7722a58e3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a57d2ae232a2a789094a4724df54dce5cb3634fb00e01643c1dbbbe7722a58e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/tcore/tdebugmessage.cpp"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 36179, "scanner": "repobility-threat-engine", "fingerprint": "a57d2ae232a2a789094a4724df54dce5cb3634fb00e01643c1dbbbe7722a58e3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a57d2ae232a2a789094a4724df54dce5cb3634fb00e01643c1dbbbe7722a58e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/tcore/tdebugmessage.cpp"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 36177, "scanner": "repobility-threat-engine", "fingerprint": "7d9747e6ead2a6aed9d365e76ec55b327e96023608a2a015196639acdb697645", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7d9747e6ead2a6aed9d365e76ec55b327e96023608a2a015196639acdb697645"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/tcontenthistory.cpp"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 36176, "scanner": "repobility-threat-engine", "fingerprint": "7d9747e6ead2a6aed9d365e76ec55b327e96023608a2a015196639acdb697645", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7d9747e6ead2a6aed9d365e76ec55b327e96023608a2a015196639acdb697645"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/tcontenthistory.cpp"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 36175, "scanner": "repobility-threat-engine", "fingerprint": "acec4b81d13f865fa43782cbe71ba78c1c1c928b30205547b97da9f7e4776105", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|acec4b81d13f865fa43782cbe71ba78c1c1c928b30205547b97da9f7e4776105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/image/sprite/tiio_sprite.cpp"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 36174, "scanner": "repobility-threat-engine", "fingerprint": "acec4b81d13f865fa43782cbe71ba78c1c1c928b30205547b97da9f7e4776105", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|acec4b81d13f865fa43782cbe71ba78c1c1c928b30205547b97da9f7e4776105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/image/sprite/tiio_sprite.cpp"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 36173, "scanner": "repobility-threat-engine", "fingerprint": "898c1efe60ba94fb8d3d91e43228f794f3994ab9dbf5876ffe74bab021d19a49", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|898c1efe60ba94fb8d3d91e43228f794f3994ab9dbf5876ffe74bab021d19a49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/psdlib/psdutils.cpp"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 36172, "scanner": "repobility-threat-engine", "fingerprint": "898c1efe60ba94fb8d3d91e43228f794f3994ab9dbf5876ffe74bab021d19a49", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|898c1efe60ba94fb8d3d91e43228f794f3994ab9dbf5876ffe74bab021d19a49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/psdlib/psdutils.cpp"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 308 more): Same pattern found in 308 additional files. Review if needed."}, "properties": {"repobilityId": 36171, "scanner": "repobility-threat-engine", "fingerprint": "b2fe00d6a02099107897914d90ea294f39d6d4829bbf41ff1e3f767715593a94", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 308 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b2fe00d6a02099107897914d90ea294f39d6d4829bbf41ff1e3f767715593a94", "aggregated_count": 308}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 308 more): Same pattern found in 308 additional files. Review if needed."}, "properties": {"repobilityId": 36170, "scanner": "repobility-threat-engine", "fingerprint": "b2fe00d6a02099107897914d90ea294f39d6d4829bbf41ff1e3f767715593a94", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 308 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b2fe00d6a02099107897914d90ea294f39d6d4829bbf41ff1e3f767715593a94", "aggregated_count": 308}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 36168, "scanner": "repobility-threat-engine", "fingerprint": "0af22fb53ddcdd277880e443dda765b36cdc2717ecc8ba2c0e3180d07d61ba8e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0af22fb53ddcdd277880e443dda765b36cdc2717ecc8ba2c0e3180d07d61ba8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/colorfx/rasterstyles.h"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 36169, "scanner": "repobility-threat-engine", "fingerprint": "0af22fb53ddcdd277880e443dda765b36cdc2717ecc8ba2c0e3180d07d61ba8e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0af22fb53ddcdd277880e443dda765b36cdc2717ecc8ba2c0e3180d07d61ba8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/colorfx/rasterstyles.h"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 36167, "scanner": "repobility-threat-engine", "fingerprint": "a39d32d44dcefe269f587dcc31aa4ce18fba03781737e537b99fce76bab4ac4b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a39d32d44dcefe269f587dcc31aa4ce18fba03781737e537b99fce76bab4ac4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/colorfx/rasterstyles.cpp"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 36166, "scanner": "repobility-threat-engine", "fingerprint": "a39d32d44dcefe269f587dcc31aa4ce18fba03781737e537b99fce76bab4ac4b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a39d32d44dcefe269f587dcc31aa4ce18fba03781737e537b99fce76bab4ac4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/colorfx/rasterstyles.cpp"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 36165, "scanner": "repobility-threat-engine", "fingerprint": "5fa29203094823e5959a93e20687a2593ce14453516a31c91df39b75c6402b70", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5fa29203094823e5959a93e20687a2593ce14453516a31c91df39b75c6402b70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/colorfx/colorfx.cpp"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 36164, "scanner": "repobility-threat-engine", "fingerprint": "5fa29203094823e5959a93e20687a2593ce14453516a31c91df39b75c6402b70", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5fa29203094823e5959a93e20687a2593ce14453516a31c91df39b75c6402b70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/colorfx/colorfx.cpp"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 36161, "scanner": "repobility-threat-engine", "fingerprint": "0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 36160, "scanner": "repobility-threat-engine", "fingerprint": "0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 36159, "scanner": "repobility-threat-engine", "fingerprint": "51384e5288384f68cbb15d8d88be3f6b129078ed40ef7efd891892810b634f7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|51384e5288384f68cbb15d8d88be3f6b129078ed40ef7efd891892810b634f7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/tiio_jpg_exif.h"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 36158, "scanner": "repobility-threat-engine", "fingerprint": "51384e5288384f68cbb15d8d88be3f6b129078ed40ef7efd891892810b634f7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|51384e5288384f68cbb15d8d88be3f6b129078ed40ef7efd891892810b634f7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/tiio_jpg_exif.h"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 36157, "scanner": "repobility-threat-engine", "fingerprint": "e5258c724707deba6e1cc521c1c8be32a98228f17220557db7f5265ace2fe944", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e5258c724707deba6e1cc521c1c8be32a98228f17220557db7f5265ace2fe944"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/tsystem/tfilepath_io.cpp"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 36156, "scanner": "repobility-threat-engine", "fingerprint": "e5258c724707deba6e1cc521c1c8be32a98228f17220557db7f5265ace2fe944", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e5258c724707deba6e1cc521c1c8be32a98228f17220557db7f5265ace2fe944"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/tsystem/tfilepath_io.cpp"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 36155, "scanner": "repobility-threat-engine", "fingerprint": "65f1eb291fae9817882cf9493c83f2c79ff5e51d6011fd061113ea33e1b77958", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65f1eb291fae9817882cf9493c83f2c79ff5e51d6011fd061113ea33e1b77958"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/multiplugin/multi.cpp"}, "region": {"startLine": 273}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 36154, "scanner": "repobility-threat-engine", "fingerprint": "65f1eb291fae9817882cf9493c83f2c79ff5e51d6011fd061113ea33e1b77958", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65f1eb291fae9817882cf9493c83f2c79ff5e51d6011fd061113ea33e1b77958"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/multiplugin/multi.cpp"}, "region": {"startLine": 273}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o` is a .o binary (954 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36367, "scanner": "repobility-supply-chain", "fingerprint": "cbd0ff8016ebecb63c6516d51a0a1a4964adc9126492311bdd29e8bdbddf798d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cbd0ff8016ebecb63c6516d51a0a1a4964adc9126492311bdd29e8bdbddf798d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o` is a .o binary (954 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36366, "scanner": "repobility-supply-chain", "fingerprint": "cbd0ff8016ebecb63c6516d51a0a1a4964adc9126492311bdd29e8bdbddf798d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cbd0ff8016ebecb63c6516d51a0a1a4964adc9126492311bdd29e8bdbddf798d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1c_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1x_f1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1x_f1.o` is a .o binary (938 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36365, "scanner": "repobility-supply-chain", "fingerprint": "6b077b89186bd40d4f77a0e830758942cec4483941b8fc9ea1e7f6a5d95071a8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6b077b89186bd40d4f77a0e830758942cec4483941b8fc9ea1e7f6a5d95071a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1x_f1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1x_f1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1x_f1.o` is a .o binary (938 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36364, "scanner": "repobility-supply-chain", "fingerprint": "6b077b89186bd40d4f77a0e830758942cec4483941b8fc9ea1e7f6a5d95071a8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6b077b89186bd40d4f77a0e830758942cec4483941b8fc9ea1e7f6a5d95071a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1x_f1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1y_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1y_s2.o` is a .o binary (1,226 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36363, "scanner": "repobility-supply-chain", "fingerprint": "24da5e9b874823546ba7ae90295e2506fa48c00e01841ccd2426d52419be6adf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|24da5e9b874823546ba7ae90295e2506fa48c00e01841ccd2426d52419be6adf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1y_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1y_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1y_s2.o` is a .o binary (1,226 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36362, "scanner": "repobility-supply-chain", "fingerprint": "24da5e9b874823546ba7ae90295e2506fa48c00e01841ccd2426d52419be6adf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|24da5e9b874823546ba7ae90295e2506fa48c00e01841ccd2426d52419be6adf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/elf32/lzo1y_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f2.o` is a .o binary (685 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36361, "scanner": "repobility-supply-chain", "fingerprint": "2ec5e261d1cbd21bde2d29a2c40b20443625473cdd471d3c46ff9175c28b52eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2ec5e261d1cbd21bde2d29a2c40b20443625473cdd471d3c46ff9175c28b52eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f2.o` is a .o binary (685 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36360, "scanner": "repobility-supply-chain", "fingerprint": "2ec5e261d1cbd21bde2d29a2c40b20443625473cdd471d3c46ff9175c28b52eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2ec5e261d1cbd21bde2d29a2c40b20443625473cdd471d3c46ff9175c28b52eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s2.o` is a .o binary (979 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36359, "scanner": "repobility-supply-chain", "fingerprint": "ce7c805e44a67305168e4176039daf3c8eef16f2f4f333a89cb8330e38c2cdb3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce7c805e44a67305168e4176039daf3c8eef16f2f4f333a89cb8330e38c2cdb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s2.o` is a .o binary (979 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36358, "scanner": "repobility-supply-chain", "fingerprint": "ce7c805e44a67305168e4176039daf3c8eef16f2f4f333a89cb8330e38c2cdb3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce7c805e44a67305168e4176039daf3c8eef16f2f4f333a89cb8330e38c2cdb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f2.o` is a .o binary (941 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36357, "scanner": "repobility-supply-chain", "fingerprint": "6e12b8198161a383b2ddcf7630f48fc3ce0b88d0170a4703306ac0b41e54c155", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6e12b8198161a383b2ddcf7630f48fc3ce0b88d0170a4703306ac0b41e54c155"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f2.o` is a .o binary (941 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36356, "scanner": "repobility-supply-chain", "fingerprint": "6e12b8198161a383b2ddcf7630f48fc3ce0b88d0170a4703306ac0b41e54c155", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6e12b8198161a383b2ddcf7630f48fc3ce0b88d0170a4703306ac0b41e54c155"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s1.o` is a .o binary (521 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36355, "scanner": "repobility-supply-chain", "fingerprint": "f724a3dd8a22e2c720a13fc875ca2f6b0fda1f4a265d717692bb78af9671e19b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f724a3dd8a22e2c720a13fc875ca2f6b0fda1f4a265d717692bb78af9671e19b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s1.o` is a .o binary (521 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36354, "scanner": "repobility-supply-chain", "fingerprint": "f724a3dd8a22e2c720a13fc875ca2f6b0fda1f4a265d717692bb78af9671e19b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f724a3dd8a22e2c720a13fc875ca2f6b0fda1f4a265d717692bb78af9671e19b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f1.o` is a .o binary (691 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36353, "scanner": "repobility-supply-chain", "fingerprint": "8d2ba57a7e02e7c60eaf926738af6a5190d39a7fa0da53cebdbf90feaa4b13a5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d2ba57a7e02e7c60eaf926738af6a5190d39a7fa0da53cebdbf90feaa4b13a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f1.o` is a .o binary (691 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36352, "scanner": "repobility-supply-chain", "fingerprint": "8d2ba57a7e02e7c60eaf926738af6a5190d39a7fa0da53cebdbf90feaa4b13a5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d2ba57a7e02e7c60eaf926738af6a5190d39a7fa0da53cebdbf90feaa4b13a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_f1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f1.o` is a .o binary (563 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36351, "scanner": "repobility-supply-chain", "fingerprint": "2b76810726bd77fbc1a51fcb126b12f4ab1df37f315166229854439b46fe1cc5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b76810726bd77fbc1a51fcb126b12f4ab1df37f315166229854439b46fe1cc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f1.o` is a .o binary (563 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36350, "scanner": "repobility-supply-chain", "fingerprint": "2b76810726bd77fbc1a51fcb126b12f4ab1df37f315166229854439b46fe1cc5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b76810726bd77fbc1a51fcb126b12f4ab1df37f315166229854439b46fe1cc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1f_f1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s1.o` is a .o binary (713 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36349, "scanner": "repobility-supply-chain", "fingerprint": "3ec4d27fc263369dec0e1c63cfc62542af7489c0128dba94dde52164bea09718", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3ec4d27fc263369dec0e1c63cfc62542af7489c0128dba94dde52164bea09718"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s1.o` is a .o binary (713 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36348, "scanner": "repobility-supply-chain", "fingerprint": "3ec4d27fc263369dec0e1c63cfc62542af7489c0128dba94dde52164bea09718", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3ec4d27fc263369dec0e1c63cfc62542af7489c0128dba94dde52164bea09718"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s1.o` is a .o binary (713 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36347, "scanner": "repobility-supply-chain", "fingerprint": "049cd63f2d6eb502af9c0ac15cb9317618106aa5131e410d008c9c9bd7379db1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|049cd63f2d6eb502af9c0ac15cb9317618106aa5131e410d008c9c9bd7379db1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s1.o` is a .o binary (713 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36346, "scanner": "repobility-supply-chain", "fingerprint": "049cd63f2d6eb502af9c0ac15cb9317618106aa5131e410d008c9c9bd7379db1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|049cd63f2d6eb502af9c0ac15cb9317618106aa5131e410d008c9c9bd7379db1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_s1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f2.o` is a .o binary (941 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36345, "scanner": "repobility-supply-chain", "fingerprint": "0bc608b396674a25d8b92511e0317b607ecb1ed005ccb6cb811b50bc0cbd6993", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0bc608b396674a25d8b92511e0317b607ecb1ed005ccb6cb811b50bc0cbd6993"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f2.o` is a .o binary (941 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36344, "scanner": "repobility-supply-chain", "fingerprint": "0bc608b396674a25d8b92511e0317b607ecb1ed005ccb6cb811b50bc0cbd6993", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0bc608b396674a25d8b92511e0317b607ecb1ed005ccb6cb811b50bc0cbd6993"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s2.o` is a .o binary (707 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36343, "scanner": "repobility-supply-chain", "fingerprint": "4f7b3a1219b26c4854212516867460e8e643294033f9e25b4f874412b77f1556", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f7b3a1219b26c4854212516867460e8e643294033f9e25b4f874412b77f1556"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s2.o` is a .o binary (707 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36342, "scanner": "repobility-supply-chain", "fingerprint": "4f7b3a1219b26c4854212516867460e8e643294033f9e25b4f874412b77f1556", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f7b3a1219b26c4854212516867460e8e643294033f9e25b4f874412b77f1556"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1c_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f1.o` is a .o binary (691 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36341, "scanner": "repobility-supply-chain", "fingerprint": "23b072c18c19680f800268c9abe629d91cc4e9d288f0e40067fa92976fa28e11", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|23b072c18c19680f800268c9abe629d91cc4e9d288f0e40067fa92976fa28e11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f1.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f1.o` is a .o binary (691 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36340, "scanner": "repobility-supply-chain", "fingerprint": "23b072c18c19680f800268c9abe629d91cc4e9d288f0e40067fa92976fa28e11", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|23b072c18c19680f800268c9abe629d91cc4e9d288f0e40067fa92976fa28e11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1x_f1.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s2.o` is a .o binary (979 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36339, "scanner": "repobility-supply-chain", "fingerprint": "d97038f6dc5d27469fd29442ee3799d234e9bcc8d1465de754f7249ebcf260f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d97038f6dc5d27469fd29442ee3799d234e9bcc8d1465de754f7249ebcf260f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s2.o` committed in source repo: `thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s2.o` is a .o binary (979 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36338, "scanner": "repobility-supply-chain", "fingerprint": "d97038f6dc5d27469fd29442ee3799d234e9bcc8d1465de754f7249ebcf260f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d97038f6dc5d27469fd29442ee3799d234e9bcc8d1465de754f7249ebcf260f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/asm/i386/obj/coff32/lzo1y_s2.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/tools/lzocompress.exe` committed in source repo: `thirdparty/lzo/2.03/tools/lzocompress.exe` is a .exe binary (8,192 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36336, "scanner": "repobility-supply-chain", "fingerprint": "fb9a7a13d7eddbd816c96b3624baa4bd1f81b16ee59b4e2d1618539f9f067e44", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fb9a7a13d7eddbd816c96b3624baa4bd1f81b16ee59b4e2d1618539f9f067e44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/tools/lzocompress.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/tools/lzocompress.exe` committed in source repo: `thirdparty/lzo/2.03/tools/lzocompress.exe` is a .exe binary (8,192 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36337, "scanner": "repobility-supply-chain", "fingerprint": "fb9a7a13d7eddbd816c96b3624baa4bd1f81b16ee59b4e2d1618539f9f067e44", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fb9a7a13d7eddbd816c96b3624baa4bd1f81b16ee59b4e2d1618539f9f067e44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/tools/lzocompress.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/tools/lzodecompress.exe` committed in source repo: `thirdparty/lzo/2.03/tools/lzodecompress.exe` is a .exe binary (8,192 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36334, "scanner": "repobility-supply-chain", "fingerprint": "4d80c565b71adbdbe0f371e24a9be76faab0d77f9a9d4265ebe869b8c6cb263d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d80c565b71adbdbe0f371e24a9be76faab0d77f9a9d4265ebe869b8c6cb263d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/tools/lzodecompress.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/tools/lzodecompress.exe` committed in source repo: `thirdparty/lzo/2.03/tools/lzodecompress.exe` is a .exe binary (8,192 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36335, "scanner": "repobility-supply-chain", "fingerprint": "4d80c565b71adbdbe0f371e24a9be76faab0d77f9a9d4265ebe869b8c6cb263d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d80c565b71adbdbe0f371e24a9be76faab0d77f9a9d4265ebe869b8c6cb263d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/tools/lzodecompress.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/precomp2.exe` committed in source repo: `thirdparty/lzo/2.03/precomp2.exe` is a .exe binary (31,744 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36332, "scanner": "repobility-supply-chain", "fingerprint": "77fa39be5c38045213722d0fd0897c14da546d542485013c82078a4607e17f09", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|77fa39be5c38045213722d0fd0897c14da546d542485013c82078a4607e17f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/precomp2.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/precomp2.exe` committed in source repo: `thirdparty/lzo/2.03/precomp2.exe` is a .exe binary (31,744 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36333, "scanner": "repobility-supply-chain", "fingerprint": "77fa39be5c38045213722d0fd0897c14da546d542485013c82078a4607e17f09", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|77fa39be5c38045213722d0fd0897c14da546d542485013c82078a4607e17f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/precomp2.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/dict.exe` committed in source repo: `thirdparty/lzo/2.03/dict.exe` is a .exe binary (19,968 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36331, "scanner": "repobility-supply-chain", "fingerprint": "8d5cbac40e0d6a907ace5b77221ed250bad3b5181086f47758236153ad8f74eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d5cbac40e0d6a907ace5b77221ed250bad3b5181086f47758236153ad8f74eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/dict.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/dict.exe` committed in source repo: `thirdparty/lzo/2.03/dict.exe` is a .exe binary (19,968 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36330, "scanner": "repobility-supply-chain", "fingerprint": "8d5cbac40e0d6a907ace5b77221ed250bad3b5181086f47758236153ad8f74eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d5cbac40e0d6a907ace5b77221ed250bad3b5181086f47758236153ad8f74eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/dict.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/testmini.exe` committed in source repo: `thirdparty/lzo/2.03/testmini.exe` is a .exe binary (10,240 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36329, "scanner": "repobility-supply-chain", "fingerprint": "d52276cd241d5ef2490141ecd0645898f321d8e06f44974cf1aae5b1fd08ef94", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d52276cd241d5ef2490141ecd0645898f321d8e06f44974cf1aae5b1fd08ef94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/testmini.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/testmini.exe` committed in source repo: `thirdparty/lzo/2.03/testmini.exe` is a .exe binary (10,240 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36328, "scanner": "repobility-supply-chain", "fingerprint": "d52276cd241d5ef2490141ecd0645898f321d8e06f44974cf1aae5b1fd08ef94", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d52276cd241d5ef2490141ecd0645898f321d8e06f44974cf1aae5b1fd08ef94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/testmini.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/precomp.exe` committed in source repo: `thirdparty/lzo/2.03/precomp.exe` is a .exe binary (31,232 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36327, "scanner": "repobility-supply-chain", "fingerprint": "6290bad01025a8ba153711b785d06909cd8f5078c718dea3363e6ab79ce20855", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6290bad01025a8ba153711b785d06909cd8f5078c718dea3363e6ab79ce20855"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/precomp.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/precomp.exe` committed in source repo: `thirdparty/lzo/2.03/precomp.exe` is a .exe binary (31,232 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36326, "scanner": "repobility-supply-chain", "fingerprint": "6290bad01025a8ba153711b785d06909cd8f5078c718dea3363e6ab79ce20855", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6290bad01025a8ba153711b785d06909cd8f5078c718dea3363e6ab79ce20855"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/precomp.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/lzotest.exe` committed in source repo: `thirdparty/lzo/2.03/lzotest.exe` is a .exe binary (154,624 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36325, "scanner": "repobility-supply-chain", "fingerprint": "5993ffa66e395ff78ed116f7df49f44b337a6fcd318fe1aacd741c7e283ed771", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5993ffa66e395ff78ed116f7df49f44b337a6fcd318fe1aacd741c7e283ed771"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/lzotest.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/lzotest.exe` committed in source repo: `thirdparty/lzo/2.03/lzotest.exe` is a .exe binary (154,624 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36324, "scanner": "repobility-supply-chain", "fingerprint": "5993ffa66e395ff78ed116f7df49f44b337a6fcd318fe1aacd741c7e283ed771", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5993ffa66e395ff78ed116f7df49f44b337a6fcd318fe1aacd741c7e283ed771"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/lzotest.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/simple.exe` committed in source repo: `thirdparty/lzo/2.03/simple.exe` is a .exe binary (10,752 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36323, "scanner": "repobility-supply-chain", "fingerprint": "0c43ee0ef73d898f2ca1bb0f34c3d24ed6c02cb2cbe27264f7ae88c94a26f11a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c43ee0ef73d898f2ca1bb0f34c3d24ed6c02cb2cbe27264f7ae88c94a26f11a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/simple.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/simple.exe` committed in source repo: `thirdparty/lzo/2.03/simple.exe` is a .exe binary (10,752 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36322, "scanner": "repobility-supply-chain", "fingerprint": "0c43ee0ef73d898f2ca1bb0f34c3d24ed6c02cb2cbe27264f7ae88c94a26f11a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c43ee0ef73d898f2ca1bb0f34c3d24ed6c02cb2cbe27264f7ae88c94a26f11a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/simple.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/lzopack.exe` committed in source repo: `thirdparty/lzo/2.03/lzopack.exe` is a .exe binary (24,576 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36321, "scanner": "repobility-supply-chain", "fingerprint": "9d19424bb041d966584a9ac040b223739cceb9d988b790e043089849307f9f93", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9d19424bb041d966584a9ac040b223739cceb9d988b790e043089849307f9f93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/lzopack.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/lzo/2.03/lzopack.exe` committed in source repo: `thirdparty/lzo/2.03/lzopack.exe` is a .exe binary (24,576 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36320, "scanner": "repobility-supply-chain", "fingerprint": "9d19424bb041d966584a9ac040b223739cceb9d988b790e043089849307f9f93", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9d19424bb041d966584a9ac040b223739cceb9d988b790e043089849307f9f93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/lzo/2.03/lzopack.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/superlu/libsuperlu_4.1.a` committed in source repo: `thirdparty/superlu/libsuperlu_4.1.a` is a .a binary (1,338,672 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36319, "scanner": "repobility-supply-chain", "fingerprint": "f1dad62b0d89068ec4dcfc0c1b089e17782892b96f15579641b8adf53a053d9f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1dad62b0d89068ec4dcfc0c1b089e17782892b96f15579641b8adf53a053d9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/superlu/libsuperlu_4.1.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `thirdparty/superlu/libsuperlu_4.1.a` committed in source repo: `thirdparty/superlu/libsuperlu_4.1.a` is a .a binary (1,338,672 bytes) committed to a repo that otherwise has 4073 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 36318, "scanner": "repobility-supply-chain", "fingerprint": "f1dad62b0d89068ec4dcfc0c1b089e17782892b96f15579641b8adf53a053d9f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1dad62b0d89068ec4dcfc0c1b089e17782892b96f15579641b8adf53a053d9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/superlu/libsuperlu_4.1.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36317, "scanner": "repobility-supply-chain", "fingerprint": "fafa939145f785891c37e8e4cada6bd509da801d5ba35c2891a4a5d0f51b22d9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fafa939145f785891c37e8e4cada6bd509da801d5ba35c2891a4a5d0f51b22d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_macos.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36316, "scanner": "repobility-supply-chain", "fingerprint": "fafa939145f785891c37e8e4cada6bd509da801d5ba35c2891a4a5d0f51b22d9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fafa939145f785891c37e8e4cada6bd509da801d5ba35c2891a4a5d0f51b22d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_macos.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36315, "scanner": "repobility-supply-chain", "fingerprint": "65e009d94a628e0409ec10cdd19da4bde6ea8c80cf58cb3a21dc987cdec5642c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65e009d94a628e0409ec10cdd19da4bde6ea8c80cf58cb3a21dc987cdec5642c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_macos.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36314, "scanner": "repobility-supply-chain", "fingerprint": "65e009d94a628e0409ec10cdd19da4bde6ea8c80cf58cb3a21dc987cdec5642c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65e009d94a628e0409ec10cdd19da4bde6ea8c80cf58cb3a21dc987cdec5642c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_macos.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36313, "scanner": "repobility-supply-chain", "fingerprint": "309f49bba28ccc331043de04c7e634dea5339cd18f3706cd29b78c736e10c7ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|309f49bba28ccc331043de04c7e634dea5339cd18f3706cd29b78c736e10c7ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_macos.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36312, "scanner": "repobility-supply-chain", "fingerprint": "309f49bba28ccc331043de04c7e634dea5339cd18f3706cd29b78c736e10c7ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|309f49bba28ccc331043de04c7e634dea5339cd18f3706cd29b78c736e10c7ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_macos.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36310, "scanner": "repobility-supply-chain", "fingerprint": "6aecebe6476fe43dd41b4518ed485886b8bf6bb1a7476f3d8cc1510541385606", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6aecebe6476fe43dd41b4518ed485886b8bf6bb1a7476f3d8cc1510541385606"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_windows.yml"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36311, "scanner": "repobility-supply-chain", "fingerprint": "6aecebe6476fe43dd41b4518ed485886b8bf6bb1a7476f3d8cc1510541385606", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6aecebe6476fe43dd41b4518ed485886b8bf6bb1a7476f3d8cc1510541385606"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_windows.yml"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `microsoft/setup-msbuild` pinned to mutable ref `@v2`: `uses: microsoft/setup-msbuild@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36309, "scanner": "repobility-supply-chain", "fingerprint": "0fabea74791a764609b6b9dcf69f1bc16008f004cd9793f19e5ce19d31f7e6a8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0fabea74791a764609b6b9dcf69f1bc16008f004cd9793f19e5ce19d31f7e6a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_windows.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `microsoft/setup-msbuild` pinned to mutable ref `@v2`: `uses: microsoft/setup-msbuild@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36308, "scanner": "repobility-supply-chain", "fingerprint": "0fabea74791a764609b6b9dcf69f1bc16008f004cd9793f19e5ce19d31f7e6a8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0fabea74791a764609b6b9dcf69f1bc16008f004cd9793f19e5ce19d31f7e6a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_windows.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36307, "scanner": "repobility-supply-chain", "fingerprint": "85ac184a904be83c0332a3219db6b97c95b4315ac8fe5d45adf51c9e054f8ff7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|85ac184a904be83c0332a3219db6b97c95b4315ac8fe5d45adf51c9e054f8ff7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_windows.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36306, "scanner": "repobility-supply-chain", "fingerprint": "85ac184a904be83c0332a3219db6b97c95b4315ac8fe5d45adf51c9e054f8ff7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|85ac184a904be83c0332a3219db6b97c95b4315ac8fe5d45adf51c9e054f8ff7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_windows.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36305, "scanner": "repobility-supply-chain", "fingerprint": "d4c032496afe4ee079bfda25b6a504ad9fffe32f26ca0ec582254d5dc5ab9a28", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4c032496afe4ee079bfda25b6a504ad9fffe32f26ca0ec582254d5dc5ab9a28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_windows.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36304, "scanner": "repobility-supply-chain", "fingerprint": "d4c032496afe4ee079bfda25b6a504ad9fffe32f26ca0ec582254d5dc5ab9a28", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4c032496afe4ee079bfda25b6a504ad9fffe32f26ca0ec582254d5dc5ab9a28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_windows.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36303, "scanner": "repobility-supply-chain", "fingerprint": "3227812caf1c8d11b8fd8daf64e3a40b4e0189ec34b37a5b936a87b08220890d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3227812caf1c8d11b8fd8daf64e3a40b4e0189ec34b37a5b936a87b08220890d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_linux.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36302, "scanner": "repobility-supply-chain", "fingerprint": "3227812caf1c8d11b8fd8daf64e3a40b4e0189ec34b37a5b936a87b08220890d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3227812caf1c8d11b8fd8daf64e3a40b4e0189ec34b37a5b936a87b08220890d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_linux.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36300, "scanner": "repobility-supply-chain", "fingerprint": "2182fe2ebe4296724daa099a11adf5109627b01cfb14de38e518a97895ed7915", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2182fe2ebe4296724daa099a11adf5109627b01cfb14de38e518a97895ed7915"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_linux.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36301, "scanner": "repobility-supply-chain", "fingerprint": "2182fe2ebe4296724daa099a11adf5109627b01cfb14de38e518a97895ed7915", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2182fe2ebe4296724daa099a11adf5109627b01cfb14de38e518a97895ed7915"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_linux.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36299, "scanner": "repobility-supply-chain", "fingerprint": "afa70b9b5b0f8674533f4556c471334885ebf26fe7d51f794fc5f12287926e6e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|afa70b9b5b0f8674533f4556c471334885ebf26fe7d51f794fc5f12287926e6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_linux.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36298, "scanner": "repobility-supply-chain", "fingerprint": "afa70b9b5b0f8674533f4556c471334885ebf26fe7d51f794fc5f12287926e6e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|afa70b9b5b0f8674533f4556c471334885ebf26fe7d51f794fc5f12287926e6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow_linux.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._validate_path` used but never assigned in __init__: Method `validate_paths` of class `QrcValidator` reads `self._validate_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36295, "scanner": "repobility-ast-engine", "fingerprint": "63feab66f006485994754473e77f40301f7efca4572455c0f24f599162f1843f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63feab66f006485994754473e77f40301f7efca4572455c0f24f599162f1843f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._validate_path` used but never assigned in __init__: Method `validate_paths` of class `QrcValidator` reads `self._validate_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36294, "scanner": "repobility-ast-engine", "fingerprint": "63feab66f006485994754473e77f40301f7efca4572455c0f24f599162f1843f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63feab66f006485994754473e77f40301f7efca4572455c0f24f599162f1843f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/toonz_qrc_validator.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fft: Test function `test_fft` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36292, "scanner": "repobility-ast-engine", "fingerprint": "8743940d1478eaedb97643541810eb10e0d534ad679d8f73e7473f98fb250ab2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8743940d1478eaedb97643541810eb10e0d534ad679d8f73e7473f98fb250ab2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/kiss_fft/test/testkiss.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fft: Test function `test_fft` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36293, "scanner": "repobility-ast-engine", "fingerprint": "8743940d1478eaedb97643541810eb10e0d534ad679d8f73e7473f98fb250ab2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8743940d1478eaedb97643541810eb10e0d534ad679d8f73e7473f98fb250ab2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/kiss_fft/test/testkiss.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 36223, "scanner": "repobility-threat-engine", "fingerprint": "12e1d66fa6aaf25a0b4994ccdff4b2421ee1107a6fc2f3ea9b85697cbeb43c4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|12e1d66fa6aaf25a0b4994ccdff4b2421ee1107a6fc2f3ea9b85697cbeb43c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/history.cpp"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 36222, "scanner": "repobility-threat-engine", "fingerprint": "12e1d66fa6aaf25a0b4994ccdff4b2421ee1107a6fc2f3ea9b85697cbeb43c4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|12e1d66fa6aaf25a0b4994ccdff4b2421ee1107a6fc2f3ea9b85697cbeb43c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/history.cpp"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 36220, "scanner": "repobility-threat-engine", "fingerprint": "5b60ce5a0cab81c6bdfbf46b3b7a8cc56d329c857fa41e73e98f3159928bf8ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5b60ce5a0cab81c6bdfbf46b3b7a8cc56d329c857fa41e73e98f3159928bf8ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/batchserversviewer.cpp"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 36218, "scanner": "repobility-threat-engine", "fingerprint": "5b60ce5a0cab81c6bdfbf46b3b7a8cc56d329c857fa41e73e98f3159928bf8ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5b60ce5a0cab81c6bdfbf46b3b7a8cc56d329c857fa41e73e98f3159928bf8ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/batchserversviewer.cpp"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 36217, "scanner": "repobility-threat-engine", "fingerprint": "e59b0def352cb36f4972aab8cb98030a2381d4244f22ad3a7040f8d8b0a66ac2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(event", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e59b0def352cb36f4972aab8cb98030a2381d4244f22ad3a7040f8d8b0a66ac2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/toonzqt/imageutils.h"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 36216, "scanner": "repobility-threat-engine", "fingerprint": "e59b0def352cb36f4972aab8cb98030a2381d4244f22ad3a7040f8d8b0a66ac2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(event", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e59b0def352cb36f4972aab8cb98030a2381d4244f22ad3a7040f8d8b0a66ac2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/toonzqt/imageutils.h"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 36215, "scanner": "repobility-threat-engine", "fingerprint": "b30346149212a51f4f69785d9cba61cde448466900b47eeb88401302151a1e3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(std", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b30346149212a51f4f69785d9cba61cde448466900b47eeb88401302151a1e3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/toonz/autoclose.h"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 36214, "scanner": "repobility-threat-engine", "fingerprint": "b30346149212a51f4f69785d9cba61cde448466900b47eeb88401302151a1e3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(std", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b30346149212a51f4f69785d9cba61cde448466900b47eeb88401302151a1e3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/include/toonz/autoclose.h"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 36203, "scanner": "repobility-threat-engine", "fingerprint": "b20f5bf3b08222c0c1de20122d4f8de7d50d744701e53a656f62e64f23778b75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "m_brightness.update(defaultTwainParam);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b20f5bf3b08222c0c1de20122d4f8de7d50d744701e53a656f62e64f23778b75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/tnzbase/tscanner/tscannertwain.cpp"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 36202, "scanner": "repobility-threat-engine", "fingerprint": "b20f5bf3b08222c0c1de20122d4f8de7d50d744701e53a656f62e64f23778b75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "m_brightness.update(defaultTwainParam);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b20f5bf3b08222c0c1de20122d4f8de7d50d744701e53a656f62e64f23778b75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/tnzbase/tscanner/tscannertwain.cpp"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 36201, "scanner": "repobility-threat-engine", "fingerprint": "af9bb7324306eafc0f138ecd376d18348b69cd4efa5a5b98f243804379fab376", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "spriteSheet.save(path, \"PNG\", -1);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|af9bb7324306eafc0f138ecd376d18348b69cd4efa5a5b98f243804379fab376"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/image/sprite/tiio_sprite.cpp"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 36200, "scanner": "repobility-threat-engine", "fingerprint": "af9bb7324306eafc0f138ecd376d18348b69cd4efa5a5b98f243804379fab376", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "spriteSheet.save(path, \"PNG\", -1);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|af9bb7324306eafc0f138ecd376d18348b69cd4efa5a5b98f243804379fab376"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/image/sprite/tiio_sprite.cpp"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 36199, "scanner": "repobility-threat-engine", "fingerprint": "f55023f4011782e14a1e6ddf9db63dfda6aae32f5a54e3230895baf4e9fdcdef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "raster.create(m_lx, m_ly);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f55023f4011782e14a1e6ddf9db63dfda6aae32f5a54e3230895baf4e9fdcdef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/image/bmp/tiio_bmp.cpp"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 36198, "scanner": "repobility-threat-engine", "fingerprint": "f55023f4011782e14a1e6ddf9db63dfda6aae32f5a54e3230895baf4e9fdcdef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "raster.create(m_lx, m_ly);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f55023f4011782e14a1e6ddf9db63dfda6aae32f5a54e3230895baf4e9fdcdef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/image/bmp/tiio_bmp.cpp"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36197, "scanner": "repobility-threat-engine", "fingerprint": "0755fac917240da3d7e17c627871c3d2867781cdcd7c7c75898e49470d5616ee", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0755fac917240da3d7e17c627871c3d2867781cdcd7c7c75898e49470d5616ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/menubar.h"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36196, "scanner": "repobility-threat-engine", "fingerprint": "0755fac917240da3d7e17c627871c3d2867781cdcd7c7c75898e49470d5616ee", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0755fac917240da3d7e17c627871c3d2867781cdcd7c7c75898e49470d5616ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/toonz/menubar.h"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36195, "scanner": "repobility-threat-engine", "fingerprint": "0eac1193213044ce96c57468e37a9ea4b75e22846529cdba2cd3b702ab995538", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(T", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0eac1193213044ce96c57468e37a9ea4b75e22846529cdba2cd3b702ab995538"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/stdfx/iwa_particles.h"}, "region": {"startLine": 273}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36194, "scanner": "repobility-threat-engine", "fingerprint": "0eac1193213044ce96c57468e37a9ea4b75e22846529cdba2cd3b702ab995538", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(T", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0eac1193213044ce96c57468e37a9ea4b75e22846529cdba2cd3b702ab995538"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/stdfx/iwa_particles.h"}, "region": {"startLine": 273}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36193, "scanner": "repobility-threat-engine", "fingerprint": "0d3da8b91c527868cdea0ee58570c4a1c6d5bff4f1dc6fd3eacf6c5852f5becf", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d3da8b91c527868cdea0ee58570c4a1c6d5bff4f1dc6fd3eacf6c5852f5becf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/twain/ttwain_winM.c"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36192, "scanner": "repobility-threat-engine", "fingerprint": "0d3da8b91c527868cdea0ee58570c4a1c6d5bff4f1dc6fd3eacf6c5852f5becf", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d3da8b91c527868cdea0ee58570c4a1c6d5bff4f1dc6fd3eacf6c5852f5becf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/twain/ttwain_winM.c"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED104", "level": "error", "message": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "properties": {"repobilityId": 36163, "scanner": "repobility-threat-engine", "fingerprint": "417eba1bef5c0541159964e3ecd1e6ec40b48456ad58307f65728885e9bfb2a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "chmod-777", "owasp": "A05:2021", "cwe_ids": ["CWE-732", "CWE-276"], "languages": ["shell", "bash", "dockerfile"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 0, "observations_count": 0, "ai_coder_pattern_id": 47}, "scanner": "repobility-threat-engine", "correlation_key": "fp|417eba1bef5c0541159964e3ecd1e6ec40b48456ad58307f65728885e9bfb2a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/install/copy_plugin.sh"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED104", "level": "error", "message": {"text": "[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks."}, "properties": {"repobilityId": 36162, "scanner": "repobility-threat-engine", "fingerprint": "417eba1bef5c0541159964e3ecd1e6ec40b48456ad58307f65728885e9bfb2a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "chmod-777", "owasp": "A05:2021", "cwe_ids": ["CWE-732", "CWE-276"], "languages": ["shell", "bash", "dockerfile"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 0, "observations_count": 0, "ai_coder_pattern_id": 47}, "scanner": "repobility-threat-engine", "correlation_key": "fp|417eba1bef5c0541159964e3ecd1e6ec40b48456ad58307f65728885e9bfb2a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/install/copy_plugin.sh"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 36189, "scanner": "repobility-threat-engine", "fingerprint": "d1288a9d1e0da156346d2822475f5aa8f860f48dd9b7c1f665cdbd179cb1ef52", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1288a9d1e0da156346d2822475f5aa8f860f48dd9b7c1f665cdbd179cb1ef52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/image/tzp/infoplt.c"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 36188, "scanner": "repobility-threat-engine", "fingerprint": "d1288a9d1e0da156346d2822475f5aa8f860f48dd9b7c1f665cdbd179cb1ef52", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1288a9d1e0da156346d2822475f5aa8f860f48dd9b7c1f665cdbd179cb1ef52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/image/tzp/infoplt.c"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 36187, "scanner": "repobility-threat-engine", "fingerprint": "307905ea077f15e785bf56f9c73129bd6ee793ca43ee3391df08e03baeac42f0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|307905ea077f15e785bf56f9c73129bd6ee793ca43ee3391df08e03baeac42f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/twain/ttwain_stateW.c"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 36186, "scanner": "repobility-threat-engine", "fingerprint": "55ebdd3b8585fab5cf6011b1c945e4d047fde11a82fdb5b882d04de92050288c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55ebdd3b8585fab5cf6011b1c945e4d047fde11a82fdb5b882d04de92050288c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/twain/ttwain_error.c"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 36184, "scanner": "repobility-threat-engine", "fingerprint": "307905ea077f15e785bf56f9c73129bd6ee793ca43ee3391df08e03baeac42f0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|307905ea077f15e785bf56f9c73129bd6ee793ca43ee3391df08e03baeac42f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/twain/ttwain_stateW.c"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 36183, "scanner": "repobility-threat-engine", "fingerprint": "55ebdd3b8585fab5cf6011b1c945e4d047fde11a82fdb5b882d04de92050288c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55ebdd3b8585fab5cf6011b1c945e4d047fde11a82fdb5b882d04de92050288c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "toonz/sources/common/twain/ttwain_error.c"}, "region": {"startLine": 112}}}]}]}]}