{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `payloads` has cognitive complexity 9 (SonarSource scale). Cognitive compl", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `payloads` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all w"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED048] Php Error Suppress (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED077] Python Open No Context (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v3` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/834"}, "properties": {"repository": "danielmiessler/SecLists", "repoUrl": "https://github.com/danielmiessler/SecLists", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74281, "scanner": "repobility-ast-engine", "fingerprint": "eee79060aede6a1190319b6d972b4ae4868e10db97e405595917bf97446aab1e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eee79060aede6a1190319b6d972b4ae4868e10db97e405595917bf97446aab1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/validators.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74280, "scanner": "repobility-ast-engine", "fingerprint": "a109244ee2a084e4b0030986511183dea7e82e820f462f2e4673ae721248b2d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a109244ee2a084e4b0030986511183dea7e82e820f462f2e4673ae721248b2d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/pull-sqlmap-payloads.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 74268, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3452f88c1f785a018fb653dabd7475acb636cfd2f58a12929a7578605863829a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "updated", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|3452f88c1f785a018fb653dabd7475acb636cfd2f58a12929a7578605863829a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/checkers/check-if-auto-updated.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 74266, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 74265, "scanner": "repobility-threat-engine", "fingerprint": "374a7fa011292af47f2af465283513e559070b580603c98d43395c9c540eec7a", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|94|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/wordpress/templates/killnc.php"}, "region": {"startLine": 94}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 74264, "scanner": "repobility-threat-engine", "fingerprint": "2d7c2c421d711712e18597317dc4d8f36e870ee70e04bd311608db321a785b67", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|110|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/killnc.php"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 74263, "scanner": "repobility-threat-engine", "fingerprint": "40630ebff46ac5ffa73206c07162e3be4a95b230859d720b92d3ea84d1752672", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|9|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/PHP/another-obfuscated-phpshell.php"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 74279, "scanner": "repobility-ai-code-hygiene", "fingerprint": "171c9969b8141f7fe9711008da15aff801d3455797ddf0a6ceec7f80ec23d4e9", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "print_err", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": ".bin/checkers/check-file-for-starting-slash.py", "correlation_key": "fp|171c9969b8141f7fe9711008da15aff801d3455797ddf0a6ceec7f80ec23d4e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/checkers/check-if-auto-updated.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74278, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d049644f7fe8bf49698b317218ee6ef5611e7526c81ba00bdb19ac7a54f4973a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Web-Shells/laudanum-1.0/php/dns.php", "duplicate_line": 3, "correlation_key": "fp|d049644f7fe8bf49698b317218ee6ef5611e7526c81ba00bdb19ac7a54f4973a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/shell.php"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74277, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ab728f8e0ea5d1d570cf304e1993ba486618ec071db6bd5e9a901c07f0d3ada", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Web-Shells/laudanum-1.0/php/dns.php", "duplicate_line": 3, "correlation_key": "fp|8ab728f8e0ea5d1d570cf304e1993ba486618ec071db6bd5e9a901c07f0d3ada"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/proxy.php"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74276, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21f1ab6b36a3a521253a97af847286fb2ee0fcd31b8cb7f3fbd556cd054c8976", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Web-Shells/laudanum-1.0/php/host.php", "duplicate_line": 9, "correlation_key": "fp|21f1ab6b36a3a521253a97af847286fb2ee0fcd31b8cb7f3fbd556cd054c8976"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/killnc.php"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74275, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41cee92ad8a788b59f83f13794c3a69b67760d566d7fef42c281fe97778f1960", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Web-Shells/laudanum-1.0/php/dns.php", "duplicate_line": 1, "correlation_key": "fp|41cee92ad8a788b59f83f13794c3a69b67760d566d7fef42c281fe97778f1960"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/killnc.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74274, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b76683d1c1a90c495fc15c2c8319b535c6dee7628d22a54e10480b271ea96f7a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Web-Shells/laudanum-1.0/php/dns.php", "duplicate_line": 1, "correlation_key": "fp|b76683d1c1a90c495fc15c2c8319b535c6dee7628d22a54e10480b271ea96f7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/host.php"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74273, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5d51d6a4c1c313b5c2eb86b91c3353c056913658cce1c908cbd64a2f63429c1b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Web-Shells/laudanum-1.0/php/dns.php", "duplicate_line": 3, "correlation_key": "fp|5d51d6a4c1c313b5c2eb86b91c3353c056913658cce1c908cbd64a2f63429c1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/file.php"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74272, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e013af25a8fe5ae85386ae5e31f20cd6a2fae442166e5f1d5446aa27c51cf250", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Web-Shells/Magento/newadmin-Inchoo.php", "duplicate_line": 21, "correlation_key": "fp|e013af25a8fe5ae85386ae5e31f20cd6a2fae442166e5f1d5446aa27c51cf250"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/Magento/newadmin-KINKCreative.php"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74271, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df8bd69727ec2af0080d56a2c313d57ebd7468753cd383ac6df554850d1494e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".bin/checkers/check-if-auto-updated.py", "duplicate_line": 2, "correlation_key": "fp|df8bd69727ec2af0080d56a2c313d57ebd7468753cd383ac6df554850d1494e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/checkers/new-line-and-empty-line-checker.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74270, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a36ada971c99c825d603a199f194dd5e2cc175af12acd61b82cfc9aa6c9d0629", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".bin/checkers/check-file-for-starting-slash.py", "duplicate_line": 1, "correlation_key": "fp|a36ada971c99c825d603a199f194dd5e2cc175af12acd61b82cfc9aa6c9d0629"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/checkers/new-line-and-empty-line-checker.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74269, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4f5d061788d1a63503ea25f44b4e7e44c52d3800853e75817c0fef30a18372a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".bin/checkers/check-if-auto-updated.py", "duplicate_line": 2, "correlation_key": "fp|a4f5d061788d1a63503ea25f44b4e7e44c52d3800853e75817c0fef30a18372a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/checkers/check-file-for-starting-slash.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 74267, "scanner": "repobility-ai-code-hygiene", "fingerprint": "060d8f64fc8c797194ce7fbb014b3406155a67505412e361209d8235e4d5eb0e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "updated", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|060d8f64fc8c797194ce7fbb014b3406155a67505412e361209d8235e4d5eb0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/checkers/check-if-auto-updated.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `payloads` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, except=1, for=1, if=2, nested_bonus=3."}, "properties": {"repobilityId": 74246, "scanner": "repobility-threat-engine", "fingerprint": "7fed8aa13905398d1e9042c1a5ffccbd5c74fdcfdd0796ddb64e2f6c7b3e8cef", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "payloads", "breakdown": {"if": 2, "for": 1, "except": 1, "continue": 2, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|7fed8aa13905398d1e9042c1a5ffccbd5c74fdcfdd0796ddb64e2f6c7b3e8cef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/pull-sqlmap-payloads.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, except=1, for=3, if=1, nested_bonus=3, or=1."}, "properties": {"repobilityId": 74245, "scanner": "repobility-threat-engine", "fingerprint": "c2e53c7c7c449fa687a821fbb73a8a73514e8da9a7415b31a19b5506d50180ec", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 1, "or": 1, "for": 3, "except": 1, "continue": 1, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|c2e53c7c7c449fa687a821fbb73a8a73514e8da9a7415b31a19b5506d50180ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/pull-sqlmap-payloads.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 74262, "scanner": "repobility-threat-engine", "fingerprint": "7d0cb420b5f906c47baf88643a99afdf4da693a65edacd0023d95b6584ae2caa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7d0cb420b5f906c47baf88643a99afdf4da693a65edacd0023d95b6584ae2caa", "aggregated_count": 6}}}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 74261, "scanner": "repobility-threat-engine", "fingerprint": "6cb56020945ef25d2c40448eb274327e52d6320ec0269d6f492be7da0cb25681", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6cb56020945ef25d2c40448eb274327e52d6320ec0269d6f492be7da0cb25681"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/Magento/newadmin-KINKCreative.php"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 74260, "scanner": "repobility-threat-engine", "fingerprint": "c5f461b4742ed6d1224952f84b312e4b0f2a588aa5850a90d7530442f85882da", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c5f461b4742ed6d1224952f84b312e4b0f2a588aa5850a90d7530442f85882da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/Magento/newadmin-Inchoo.php"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 74259, "scanner": "repobility-threat-engine", "fingerprint": "cd049d59dac5c7ecfe2842b85fa48a2bdc99ae11e7f83ed4629e2e608a4a68b7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd049d59dac5c7ecfe2842b85fa48a2bdc99ae11e7f83ed4629e2e608a4a68b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/FuzzDB/list.php"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 74258, "scanner": "repobility-threat-engine", "fingerprint": "eae1e8fab9889f0af0f21f1e9feee5af5bdf56bab4b240b20c25ac339c8e81f0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|eae1e8fab9889f0af0f21f1e9feee5af5bdf56bab4b240b20c25ac339c8e81f0", "aggregated_count": 8}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 74257, "scanner": "repobility-threat-engine", "fingerprint": "5df293c3cb6a4f9b743904c2fabb44dee6a1dfcf5064cacc12854e9d02e2cdb3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5df293c3cb6a4f9b743904c2fabb44dee6a1dfcf5064cacc12854e9d02e2cdb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/file.php"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 74256, "scanner": "repobility-threat-engine", "fingerprint": "d9a305204fbdb4697c9542ca5c71646ede3d6d7c414beba72391da708411ad4d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9a305204fbdb4697c9542ca5c71646ede3d6d7c414beba72391da708411ad4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/laudanum-1.0/php/dns.php"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 74255, "scanner": "repobility-threat-engine", "fingerprint": "1edf63c49e383eae166c8615162ca2211ecf8a40d37749d9eca3080dc117bd53", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1edf63c49e383eae166c8615162ca2211ecf8a40d37749d9eca3080dc117bd53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/FuzzDB/cmd-simple.php"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 74244, "scanner": "repobility-threat-engine", "fingerprint": "84b428903e36fd33e989dea5d841390419cf614600c0dd97f539a2096c1d7e87", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|84b428903e36fd33e989dea5d841390419cf614600c0dd97f539a2096c1d7e87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/wordlist-updaters/updater.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 74243, "scanner": "repobility-threat-engine", "fingerprint": "19dcbf99bfb1fb594ae370b79e962057d776b5d0431bccb65bea44b965d9b654", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|19dcbf99bfb1fb594ae370b79e962057d776b5d0431bccb65bea44b965d9b654"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/get-and-patch-readme-repository-details.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 74242, "scanner": "repobility-threat-engine", "fingerprint": "1d1b36e59afdd6a860da45e4266bd4d2460d001597578a5f5553d8002e085d5b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d1b36e59afdd6a860da45e4266bd4d2460d001597578a5f5553d8002e085d5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/file-extensions-downloader.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 74236, "scanner": "repobility-threat-engine", "fingerprint": "e5aedca74f2cb959790934426f11a54bec225c880f96f9691c5e392ba533c9d8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e5aedca74f2cb959790934426f11a54bec225c880f96f9691c5e392ba533c9d8", "aggregated_count": 3}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 74235, "scanner": "repobility-threat-engine", "fingerprint": "76797bcabc7a09fdafd07b0b6eb09f7e0652f2e16ea2993623f2b132ce351ec6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76797bcabc7a09fdafd07b0b6eb09f7e0652f2e16ea2993623f2b132ce351ec6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/get-and-patch-readme-repository-details.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 74234, "scanner": "repobility-threat-engine", "fingerprint": "c0ac0c809338565ea6f62103a1dbaabafcef29c6ca5ea2e25a97b2efb490f47a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c0ac0c809338565ea6f62103a1dbaabafcef29c6ca5ea2e25a97b2efb490f47a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/checkers/new-line-and-empty-line-checker.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 74233, "scanner": "repobility-threat-engine", "fingerprint": "a8f32561702eb446d11141a3abe088d55b5f98e64f8dfaf30f1bc41aa5723402", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a8f32561702eb446d11141a3abe088d55b5f98e64f8dfaf30f1bc41aa5723402"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/checkers/check-file-for-starting-slash.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74289, "scanner": "repobility-supply-chain", "fingerprint": "41c97fa69f3aa416f1ff1478c164997b48359e8dfc62f97de205e88c6cb4b237", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|41c97fa69f3aa416f1ff1478c164997b48359e8dfc62f97de205e88c6cb4b237"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/wordlist-updater_fuzzing_etc_files.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74288, "scanner": "repobility-supply-chain", "fingerprint": "3e70667af59262d7f59ae54db37274cb70d0257b320f2e0856e56bbe83b8eb99", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e70667af59262d7f59ae54db37274cb70d0257b320f2e0856e56bbe83b8eb99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/wordlist-updater_awesome-list-of-secrets-in-environment-variables.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74287, "scanner": "repobility-supply-chain", "fingerprint": "122d55b6bb044b36f83dc29f77b33a3466aeb46040dda9aa2cb92a09b5b8d9e6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|122d55b6bb044b36f83dc29f77b33a3466aeb46040dda9aa2cb92a09b5b8d9e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/remote-wordlists-updater.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74286, "scanner": "repobility-supply-chain", "fingerprint": "3038a5899fbffc5017b66c4bb617b07da89fb97ef8bf654dc930df718c04ab68", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3038a5899fbffc5017b66c4bb617b07da89fb97ef8bf654dc930df718c04ab68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/wordlist-updater_api-endpoints-res.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74285, "scanner": "repobility-supply-chain", "fingerprint": "f00c4c02ddf3b454cf4510db2b87655f4d6dde2d73ece9ffa9f63321bab2eadb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f00c4c02ddf3b454cf4510db2b87655f4d6dde2d73ece9ffa9f63321bab2eadb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/wordlist-updater_combined_directories.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74284, "scanner": "repobility-supply-chain", "fingerprint": "28d032893df84ce6fa300a89790adc718880921e837e4cb149104f5e2bbee93d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28d032893df84ce6fa300a89790adc718880921e837e4cb149104f5e2bbee93d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/wordlist-updater_combined_words.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74283, "scanner": "repobility-supply-chain", "fingerprint": "f64b06eb8ac8857bcd5feb473634e9626076b7ea0a6a2ef9f6cb8a30ba89f579", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f64b06eb8ac8857bcd5feb473634e9626076b7ea0a6a2ef9f6cb8a30ba89f579"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/wordlist-updater_default-passwords.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74282, "scanner": "repobility-supply-chain", "fingerprint": "509eff04c6d5c3da7da0842c3652fa44b147e234b33a2d84720362a6fe3cc481", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|509eff04c6d5c3da7da0842c3652fa44b147e234b33a2d84720362a6fe3cc481"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/readme-updater.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 74254, "scanner": "repobility-threat-engine", "fingerprint": "abea90305990e4ef19474000c075cc19eab4b35f97a7b7605a91c1177fe26d38", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|abea90305990e4ef19474000c075cc19eab4b35f97a7b7605a91c1177fe26d38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Miscellaneous/Source-Code/c-linux/tiny-shell.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 74253, "scanner": "repobility-threat-engine", "fingerprint": "c08b27f36b097121b62dce451db34d158cd7c4f77cbdd93466d8562827757882", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c08b27f36b097121b62dce451db34d158cd7c4f77cbdd93466d8562827757882"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Miscellaneous/Source-Code/c-linux/root-shell.c"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 74252, "scanner": "repobility-threat-engine", "fingerprint": "e17b62434a78281ce8585d666712d71961267b15cf95f927b532a94e077f2c4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e17b62434a78281ce8585d666712d71961267b15cf95f927b532a94e077f2c4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Web-Shells/PHP/obfuscated-phpshell.php"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 74251, "scanner": "repobility-threat-engine", "fingerprint": "094ef2ae3dc861538bd90d1cf7a84a75fc98cecdf1d0411706ffc5b8637078a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|094ef2ae3dc861538bd90d1cf7a84a75fc98cecdf1d0411706ffc5b8637078a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Fuzzing/0-999999-hashgen.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 74250, "scanner": "repobility-threat-engine", "fingerprint": "bbd51172e7b966c2314bde4e2264b780e1ae843ca12c6905dab2998f3b0acdc0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "check_results.update({checker_name:{\"warn\":[],\"error\":[],\"description\":warn_and_erro", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bbd51172e7b966c2314bde4e2264b780e1ae843ca12c6905dab2998f3b0acdc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/validators.py"}, "region": {"startLine": 283}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 74249, "scanner": "repobility-threat-engine", "fingerprint": "6f7f3b55f264742e7650ef35d5fda46a283f6906cf44e4446d8114958e6bef19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6f7f3b55f264742e7650ef35d5fda46a283f6906cf44e4446d8114958e6bef19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/trickest-patcher.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 74248, "scanner": "repobility-threat-engine", "fingerprint": "ede4ddcaa6878c449c42ccd4dee5cbdd02664a68138e2d4355ea4d4e05a6f131", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(INPUT", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|.bin/trickest-patcher.py|28|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/trickest-patcher.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 74247, "scanner": "repobility-threat-engine", "fingerprint": "cc40bd25a8877515036a006f02e1c37e8abc34919a19ab42ee481ccc9b9b73c8", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(INPUT", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|.bin/trickest-patcher.py|28|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/trickest-patcher.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 74241, "scanner": "repobility-threat-engine", "fingerprint": "5131fe83583056832a27af9c9aea5f3201d0f43adcf6e2bda8364e0e0a11d8c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5131fe83583056832a27af9c9aea5f3201d0f43adcf6e2bda8364e0e0a11d8c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/wordlist-updaters/updater.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 74240, "scanner": "repobility-threat-engine", "fingerprint": "2986721b9cadb9f8c897dfb659144cbddffd7b627e2b9d388bb00b8862785ff0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2986721b9cadb9f8c897dfb659144cbddffd7b627e2b9d388bb00b8862785ff0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/get-and-patch-readme-repository-details.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 74239, "scanner": "repobility-threat-engine", "fingerprint": "cbf37b87c057ebfcb187d2bf64524e65f575a35903b942ffbacb3900ed67ffea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cbf37b87c057ebfcb187d2bf64524e65f575a35903b942ffbacb3900ed67ffea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/file-extensions-downloader.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 74238, "scanner": "repobility-threat-engine", "fingerprint": "764cf9e01fc2434fc9bc361d751c5cbf1e65aee69e9f9d1f7e84c2e2bf20ead5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|764cf9e01fc2434fc9bc361d751c5cbf1e65aee69e9f9d1f7e84c2e2bf20ead5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/pull-sqlmap-payloads.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 74237, "scanner": "repobility-threat-engine", "fingerprint": "81475c385c3e3dcaa22e27b778cadd49e1f6da86d91a6f9219328fe7a238121b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(WIKI_URL", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|81475c385c3e3dcaa22e27b778cadd49e1f6da86d91a6f9219328fe7a238121b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".bin/file-extensions-downloader.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 74232, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}