{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `build_execution_plan` has cognitive complexity 11 (SonarSource scale). Co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `build_execution_plan` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and re"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 11."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`", "shortDescription": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "fullDescription": {"text": "`uses: pypa/gh-action-pypi-publish@release/v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.replace_named_type` used but never assigned in __init__", "shortDescription": {"text": "`self.replace_named_type` used but never assigned in __init__"}, "fullDescription": {"text": "Method `extend_schema_args` of class `ExtendSchemaImpl` reads `self.replace_named_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_visit_all_ast_nodes_in_parallel", "shortDescription": {"text": "Phantom test coverage: test_visit_all_ast_nodes_in_parallel"}, "fullDescription": {"text": "Test function `test_visit_all_ast_nodes_in_parallel` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CODSPEED_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CODSPEED_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODSPEED_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `string` used but not imported", "shortDescription": {"text": "Missing import: `string` used but not imported"}, "fullDescription": {"text": "The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1331"}, "properties": {"repository": "graphql-python/graphql-core", "repoUrl": "https://github.com/graphql-python/graphql-core", "branch": "main"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 136026, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["GraphQL"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135996, "scanner": "repobility-ast-engine", "fingerprint": "5edf61be871370844f1aee8ea0fd728e7c025f50c97ea1111c7065ba69ee45da", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5edf61be871370844f1aee8ea0fd728e7c025f50c97ea1111c7065ba69ee45da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/validation/rules/values_of_correct_type.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135993, "scanner": "repobility-ast-engine", "fingerprint": "080bf67769103a7c3ea1f2aec5de06a7e0ddbfee19361fe6df5f50ffd438b105", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|080bf67769103a7c3ea1f2aec5de06a7e0ddbfee19361fe6df5f50ffd438b105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 2020}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135992, "scanner": "repobility-ast-engine", "fingerprint": "7ac86adb03fb5d9bd043e4b6d214861e4850ae8b62d8589c89e02c887e3f296a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ac86adb03fb5d9bd043e4b6d214861e4850ae8b62d8589c89e02c887e3f296a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 1289}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135991, "scanner": "repobility-ast-engine", "fingerprint": "0863ef9f8fbb16db0caba5be9344144c950b9915a3189b7c7b32047db5474db9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0863ef9f8fbb16db0caba5be9344144c950b9915a3189b7c7b32047db5474db9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 712}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135990, "scanner": "repobility-ast-engine", "fingerprint": "ed8e281f2090acf90a8639b844647b46c17a39175f0e8d6cd614f3a091536f22", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed8e281f2090acf90a8639b844647b46c17a39175f0e8d6cd614f3a091536f22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 2000}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135989, "scanner": "repobility-ast-engine", "fingerprint": "0eef0a63d66ebf555522142a8c10b8a46a604c893201bb09ed462ddc8ea2d483", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0eef0a63d66ebf555522142a8c10b8a46a604c893201bb09ed462ddc8ea2d483"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 1913}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135988, "scanner": "repobility-ast-engine", "fingerprint": "379b724e6f1c66335b64a793bc9fecc392ef8ce1b597ae7fd8e6f4545785e496", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|379b724e6f1c66335b64a793bc9fecc392ef8ce1b597ae7fd8e6f4545785e496"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 1347}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135987, "scanner": "repobility-ast-engine", "fingerprint": "6c0cefa1470ad620e66554603badba61db8c95f030880e59bf708223ce21bc5c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c0cefa1470ad620e66554603badba61db8c95f030880e59bf708223ce21bc5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 1308}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135986, "scanner": "repobility-ast-engine", "fingerprint": "1e12745256ef3e2fd782fd20fe54d215bde87a80009e3cc0782f41b2c5a3e04b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e12745256ef3e2fd782fd20fe54d215bde87a80009e3cc0782f41b2c5a3e04b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 921}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135985, "scanner": "repobility-ast-engine", "fingerprint": "ea9aee3a47604813e6ce9e526bc5c01b5585ec39097c12a2ce86121d2c2ed59f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea9aee3a47604813e6ce9e526bc5c01b5585ec39097c12a2ce86121d2c2ed59f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/execute.py"}, "region": {"startLine": 724}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135984, "scanner": "repobility-ast-engine", "fingerprint": "a1a9afa77b6c652bb2bfa51b8aa2cd679f2b8c2d5b3755d5851befcc4c3a1eb7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1a9afa77b6c652bb2bfa51b8aa2cd679f2b8c2d5b3755d5851befcc4c3a1eb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/value_from_ast.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135983, "scanner": "repobility-ast-engine", "fingerprint": "2f20ecf050de24263f0bab77368b7d67954fea35f48aa1811bcd02e1bc53f511", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f20ecf050de24263f0bab77368b7d67954fea35f48aa1811bcd02e1bc53f511"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/value_to_literal.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135977, "scanner": "repobility-ast-engine", "fingerprint": "3e0bdedcabfd99a301e36e82bd20e3b0dfe93e01c8ae923730be31d0c457b0fb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e0bdedcabfd99a301e36e82bd20e3b0dfe93e01c8ae923730be31d0c457b0fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/coerce_input_value.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 135976, "scanner": "repobility-ast-engine", "fingerprint": "e6538ff2c27f7fec6160a380040f532929ae5717d915f44b233fbeca5fe7ea52", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6538ff2c27f7fec6160a380040f532929ae5717d915f44b233fbeca5fe7ea52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/coerce_input_value.py"}, "region": {"startLine": 321}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `build_execution_plan` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, continue=1, for=2, if=3, nested_bonus=4."}, "properties": {"repobilityId": 136014, "scanner": "repobility-threat-engine", "fingerprint": "11d66f5d987bef43a31c86549ec6e935a996e1fe84ccc0fcab223ea05ae5fa6e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "build_execution_plan", "breakdown": {"if": 3, "for": 2, "break": 1, "continue": 1, "nested_bonus": 4}, "complexity": 11, "correlation_key": "fp|11d66f5d987bef43a31c86549ec6e935a996e1fe84ccc0fcab223ea05ae5fa6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/build_execution_plan.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `located_error` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=3, if=3, nested_bonus=1, or=1, ternary=1."}, "properties": {"repobilityId": 136013, "scanner": "repobility-threat-engine", "fingerprint": "e4df2ad0b140e8d4eb9509b5d66daadb535a5fc76415977a432cd34c5e7128d6", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "located_error", "breakdown": {"if": 3, "or": 1, "except": 3, "ternary": 1, "nested_bonus": 1}, "complexity": 9, "correlation_key": "fp|e4df2ad0b140e8d4eb9509b5d66daadb535a5fc76415977a432cd34c5e7128d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/error/located_error.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 135944, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cf65c9446cabcd5df26b3f97774469cb577f2b9e9731cfe74f3b2adca33ed3e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/graphql/__init__.py", "duplicate_line": 594, "correlation_key": "fp|cf65c9446cabcd5df26b3f97774469cb577f2b9e9731cfe74f3b2adca33ed3e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/validation/__init__.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 135943, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f30f4e9ae90422cbbc991f3beedf3254aa2f36eabccb62f4435bad2fca8475a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/graphql/__init__.py", "duplicate_line": 209, "correlation_key": "fp|f30f4e9ae90422cbbc991f3beedf3254aa2f36eabccb62f4435bad2fca8475a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/type/__init__.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 135942, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6679833fa91f170cd869f7720f5559c0adfdb4069fdd0c8127f7bcd81a83d83", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/graphql/language/__init__.py", "duplicate_line": 139, "correlation_key": "fp|a6679833fa91f170cd869f7720f5559c0adfdb4069fdd0c8127f7bcd81a83d83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/language/ast.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 135941, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d34b6af79c318dafaaa8edccf048f7bf504e26697a7984a9db630eb14f1315f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/graphql/__init__.py", "duplicate_line": 72, "correlation_key": "fp|1d34b6af79c318dafaaa8edccf048f7bf504e26697a7984a9db630eb14f1315f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/language/__init__.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 136025, "scanner": "repobility-threat-engine", "fingerprint": "eefea52e4e65e520a8877cdfd1ca22d2a7e8659ef2f194bd3ee90ac0a2670523", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eefea52e4e65e520a8877cdfd1ca22d2a7e8659ef2f194bd3ee90ac0a2670523"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/get_introspection_query.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 136020, "scanner": "repobility-threat-engine", "fingerprint": "c1cf304da6f16bcb6217f4e61d4a5d9f3bd89f442fd56daf13f57bfa3af9da3f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c1cf304da6f16bcb6217f4e61d4a5d9f3bd89f442fd56daf13f57bfa3af9da3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/validation/validation_context.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 136019, "scanner": "repobility-threat-engine", "fingerprint": "f3e7fd2b8e91b7efa416b5c5c1cfdaae0afadeb6690a9c0a6ed9dde1223aa840", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f3e7fd2b8e91b7efa416b5c5c1cfdaae0afadeb6690a9c0a6ed9dde1223aa840"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/get_introspection_query.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 136018, "scanner": "repobility-threat-engine", "fingerprint": "e63a4caed4acb8c932c45a013b84a24f847410fedc8066e0a653cb40dac04e5b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e63a4caed4acb8c932c45a013b84a24f847410fedc8066e0a653cb40dac04e5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/pyutils/boxed_awaitable_or_value.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 42 more): Same pattern found in 42 additional files. Review if needed."}, "properties": {"repobilityId": 136015, "scanner": "repobility-threat-engine", "fingerprint": "609d442b6ee8f7794590b53c136dd2382ce30eb7f3f4ac25005f93728dca1833", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 42 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "__init__", "breakdown": {"if": 11, "or": 5, "elif": 1, "else": 1, "ternary": 1, "recursion": 1, "nested_bonus": 6}, "aggregated": true, "complexity": 26, "correlation_key": "fp|609d442b6ee8f7794590b53c136dd2382ce30eb7f3f4ac25005f93728dca1833", "aggregated_count": 42}}}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 136024, "scanner": "repobility-threat-engine", "fingerprint": "cba0f0f96c52120c2ba4e3b3d06dec3c7ea81d7683de295ba3525e217facbbc4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cba0f0f96c52120c2ba4e3b3d06dec3c7ea81d7683de295ba3525e217facbbc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/print_schema.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 136023, "scanner": "repobility-threat-engine", "fingerprint": "12b449c71df71e9f74e6bdf7c527f308d1e66563de327906090f42334623e5fc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(T", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|12b449c71df71e9f74e6bdf7c527f308d1e66563de327906090f42334623e5fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/get_introspection_query.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 136022, "scanner": "repobility-threat-engine", "fingerprint": "b3a027afe6268e843f3af6d1a54d6b1871db345747b617f8eaea3b1395b747a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.update(values)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b3a027afe6268e843f3af6d1a54d6b1871db345747b617f8eaea3b1395b747a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/pyutils/ref_set.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 136021, "scanner": "repobility-threat-engine", "fingerprint": "a5bde14344c37272db7fa1566b1e5f5df44b521137697e704cd9a3a6e2d60052", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.update(items)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a5bde14344c37272db7fa1566b1e5f5df44b521137697e704cd9a3a6e2d60052"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/pyutils/ref_map.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 136017, "scanner": "repobility-threat-engine", "fingerprint": "94332d72c0a7ccc0c609a538b89282b80c5fb91acfeb973c231f0d79d8ef1fbb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94332d72c0a7ccc0c609a538b89282b80c5fb91acfeb973c231f0d79d8ef1fbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/pyutils/boxed_awaitable_or_value.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 136016, "scanner": "repobility-threat-engine", "fingerprint": "0bc3cdd9a3d1cdf74c4d0a93fd53ded10cfdf620ac167407ac0315209cfc6c9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0bc3cdd9a3d1cdf74c4d0a93fd53ded10cfdf620ac167407ac0315209cfc6c9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/async_iterables.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 26 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, if=11, nested_bonus=6, or=5, recursion=1, ternary=1."}, "properties": {"repobilityId": 136012, "scanner": "repobility-threat-engine", "fingerprint": "7a25b86e05bad97617f17c430385c60653c4aae4bee97ae75852f9bf1589e0f5", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 26 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__init__", "breakdown": {"if": 11, "or": 5, "elif": 1, "else": 1, "ternary": 1, "recursion": 1, "nested_bonus": 6}, "complexity": 26, "correlation_key": "fp|7a25b86e05bad97617f17c430385c60653c4aae4bee97ae75852f9bf1589e0f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/error/graphql_error.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "properties": {"repobilityId": 136011, "scanner": "repobility-supply-chain", "fingerprint": "e47a9dfed28929750b29855d4b95a197d29949eb7f37cefbecd6ddd99df9573f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e47a9dfed28929750b29855d4b95a197d29949eb7f37cefbecd6ddd99df9573f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v8.2.0`"}, "properties": {"repobilityId": 136010, "scanner": "repobility-supply-chain", "fingerprint": "9feb655c4fa5f09edefb13727e9478f051d33c18202573313aaf6ef589810714", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9feb655c4fa5f09edefb13727e9478f051d33c18202573313aaf6ef589810714"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 136009, "scanner": "repobility-supply-chain", "fingerprint": "ed305c0f061c650b3d05d432e252094580bbe29b62dc590c85f72909cff8d256", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ed305c0f061c650b3d05d432e252094580bbe29b62dc590c85f72909cff8d256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 136008, "scanner": "repobility-supply-chain", "fingerprint": "f0625a4ae0856b024f1f9df53209d8042b5ec8c3cd4fc7513f8757b86d8e710f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0625a4ae0856b024f1f9df53209d8042b5ec8c3cd4fc7513f8757b86d8e710f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `CodSpeedHQ/action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 136006, "scanner": "repobility-supply-chain", "fingerprint": "a63f2aab3849e728fff4c1c2297c2a6d0254ebcdaf3bcd7a3704241a07d581c2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a63f2aab3849e728fff4c1c2297c2a6d0254ebcdaf3bcd7a3704241a07d581c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v8.2.0`"}, "properties": {"repobilityId": 136005, "scanner": "repobility-supply-chain", "fingerprint": "1a471db29d31f57f3efe4102500bcf54091690909b066690932ea35b5fd9ca34", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a471db29d31f57f3efe4102500bcf54091690909b066690932ea35b5fd9ca34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 136004, "scanner": "repobility-supply-chain", "fingerprint": "ce5b8e70551ad8c82f1fc18c38aa0891c55905eb4917da316936527c883f68f5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce5b8e70551ad8c82f1fc18c38aa0891c55905eb4917da316936527c883f68f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 136003, "scanner": "repobility-supply-chain", "fingerprint": "8c6f0518990cf638769e33a22edd473f0574cb877611a0142ceba0baee8d163f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8c6f0518990cf638769e33a22edd473f0574cb877611a0142ceba0baee8d163f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v8.2.0`"}, "properties": {"repobilityId": 136002, "scanner": "repobility-supply-chain", "fingerprint": "11379f7b242941221e4015a39d5ef1a5cc63bb7b2932993d83c0cf033f528449", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|11379f7b242941221e4015a39d5ef1a5cc63bb7b2932993d83c0cf033f528449"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 136001, "scanner": "repobility-supply-chain", "fingerprint": "af80e2d6d396b96d3474d65abd511f60806e7c2cfe2d5ea93a8f647e94664f1b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af80e2d6d396b96d3474d65abd511f60806e7c2cfe2d5ea93a8f647e94664f1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 136000, "scanner": "repobility-supply-chain", "fingerprint": "4e9e8b91198f2fb87f5a278898810d0963ded9f20c89b20737492f5f1b881cae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4e9e8b91198f2fb87f5a278898810d0963ded9f20c89b20737492f5f1b881cae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v8.2.0`"}, "properties": {"repobilityId": 135999, "scanner": "repobility-supply-chain", "fingerprint": "04ae29797512878eb3aefb294689e268caf40f3889c8a790e5ecbd51321984f6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|04ae29797512878eb3aefb294689e268caf40f3889c8a790e5ecbd51321984f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 135998, "scanner": "repobility-supply-chain", "fingerprint": "9e8a5a35e03f738d8e2d95493281d94e1a60d97e250853050e219cf974049482", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9e8a5a35e03f738d8e2d95493281d94e1a60d97e250853050e219cf974049482"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 135997, "scanner": "repobility-supply-chain", "fingerprint": "0cc81eda2e95f008f2f157081424976c5422589bccc5dafcf62c412014930395", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0cc81eda2e95f008f2f157081424976c5422589bccc5dafcf62c412014930395"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.replace_named_type` used but never assigned in __init__"}, "properties": {"repobilityId": 135982, "scanner": "repobility-ast-engine", "fingerprint": "f14c01324ccdd5de5dd336dba23c4672430e1a49b90d0e36852fe9cd947adc60", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f14c01324ccdd5de5dd336dba23c4672430e1a49b90d0e36852fe9cd947adc60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/extend_schema.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.build_type` used but never assigned in __init__"}, "properties": {"repobilityId": 135981, "scanner": "repobility-ast-engine", "fingerprint": "e188e999acd473c5ae256620a7d7172eb03a555336b34376523d6f7bc8664caf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e188e999acd473c5ae256620a7d7172eb03a555336b34376523d6f7bc8664caf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/extend_schema.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_operation_types` used but never assigned in __init__"}, "properties": {"repobilityId": 135980, "scanner": "repobility-ast-engine", "fingerprint": "c943640f69da86b3c1f1ec50da9ef6118c0ed108d83fd930787455defc726537", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c943640f69da86b3c1f1ec50da9ef6118c0ed108d83fd930787455defc726537"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/extend_schema.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_operation_types` used but never assigned in __init__"}, "properties": {"repobilityId": 135979, "scanner": "repobility-ast-engine", "fingerprint": "0b2c16cbd5ca34025acf6e3ed0afcaadda546d8421e4720fdb612a1143ee0b19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b2c16cbd5ca34025acf6e3ed0afcaadda546d8421e4720fdb612a1143ee0b19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/extend_schema.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.extend_named_type` used but never assigned in __init__"}, "properties": {"repobilityId": 135978, "scanner": "repobility-ast-engine", "fingerprint": "827e9f36afb5a8ec34c9ae374f87b63e92f22cac4dde5f92fc02a928fc9dd09e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|827e9f36afb5a8ec34c9ae374f87b63e92f22cac4dde5f92fc02a928fc9dd09e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/utilities/extend_schema.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_visit_all_ast_nodes_in_parallel"}, "properties": {"repobilityId": 135975, "scanner": "repobility-ast-engine", "fingerprint": "0bacfdca477f3683b6873d2e0329c957762ad8c322603052abac3807df818277", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0bacfdca477f3683b6873d2e0329c957762ad8c322603052abac3807df818277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/test_visit.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_visit_all_ast_nodes"}, "properties": {"repobilityId": 135974, "scanner": "repobility-ast-engine", "fingerprint": "0380d429ca61a01355aef32c16005ad365c91e07113858078b4ef4e67983c6b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0380d429ca61a01355aef32c16005ad365c91e07113858078b4ef4e67983c6b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/test_visit.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_value"}, "properties": {"repobilityId": 135973, "scanner": "repobility-ast-engine", "fingerprint": "b4ca83e4aa24c7991ed2dbc0ef68d068d9e8a060f5dcb056dfd44d2b020eaa74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4ca83e4aa24c7991ed2dbc0ef68d068d9e8a060f5dcb056dfd44d2b020eaa74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utils/test_assert_equal_awaitables_or_values.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_value"}, "properties": {"repobilityId": 135972, "scanner": "repobility-ast-engine", "fingerprint": "60e5671683106f224bd82afb325e79e86a54c1b313627c03400b2e49020dc4df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60e5671683106f224bd82afb325e79e86a54c1b313627c03400b2e49020dc4df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utils/test_assert_equal_awaitables_or_values.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_value"}, "properties": {"repobilityId": 135971, "scanner": "repobility-ast-engine", "fingerprint": "6b1dfc748fa3fbe37d9e2b770acf667444612e914a7f7212805d19111ba7673e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b1dfc748fa3fbe37d9e2b770acf667444612e914a7f7212805d19111ba7673e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utils/test_assert_equal_awaitables_or_values.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.event` used but never assigned in __init__"}, "properties": {"repobilityId": 135970, "scanner": "repobility-ast-engine", "fingerprint": "0c9e2ead6ff4af2a3906187c99e181ef41ba23169b86eac97b13f8a8adc997f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c9e2ead6ff4af2a3906187c99e181ef41ba23169b86eac97b13f8a8adc997f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pyutils/test_gather_with_cancel.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.returned` used but never assigned in __init__"}, "properties": {"repobilityId": 135969, "scanner": "repobility-ast-engine", "fingerprint": "0279c42cc1f786dd7d0d61f62739ed11086178a77e1680ea836f1d6ebb86fcab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0279c42cc1f786dd7d0d61f62739ed11086178a77e1680ea836f1d6ebb86fcab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pyutils/test_gather_with_cancel.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.event` used but never assigned in __init__"}, "properties": {"repobilityId": 135968, "scanner": "repobility-ast-engine", "fingerprint": "649b78e009cfaa79174643f94aa84e062451ebd0c267eda6d200e08e88ef0987", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|649b78e009cfaa79174643f94aa84e062451ebd0c267eda6d200e08e88ef0987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pyutils/test_gather_with_cancel.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_async_generator"}, "properties": {"repobilityId": 135967, "scanner": "repobility-ast-engine", "fingerprint": "51facc0d6c32fbdfc8e696864bb5f686929c7aa423600a77e3eedfad52a0f6ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51facc0d6c32fbdfc8e696864bb5f686929c7aa423600a77e3eedfad52a0f6ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pyutils/test_inspect.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_generator"}, "properties": {"repobilityId": 135966, "scanner": "repobility-ast-engine", "fingerprint": "f339cf71e6f5662d59dd8ec4e5a2ff35c1f6742b241c4e52a8743928ab4602b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f339cf71e6f5662d59dd8ec4e5a2ff35c1f6742b241c4e52a8743928ab4602b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/pyutils/test_inspect.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.context` used but never assigned in __init__"}, "properties": {"repobilityId": 135965, "scanner": "repobility-ast-engine", "fingerprint": "7c620a2b360c3eeaf515ab2a2f44d0148a0080c7858a794f367d510fcad15e30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c620a2b360c3eeaf515ab2a2f44d0148a0080c7858a794f367d510fcad15e30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/validation/test_validation.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.context` used but never assigned in __init__"}, "properties": {"repobilityId": 135964, "scanner": "repobility-ast-engine", "fingerprint": "633ac41d36f1d797f8638c5d8f309c477e73496bda1fca2f9439d0ac8be85011", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|633ac41d36f1d797f8638c5d8f309c477e73496bda1fca2f9439d0ac8be85011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/validation/test_validation.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.last` used but never assigned in __init__"}, "properties": {"repobilityId": 135963, "scanner": "repobility-ast-engine", "fingerprint": "ff21d66470e7c4cfdbde1eb2c6b407fbbd42ed3fad312260417485600c37cec0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff21d66470e7c4cfdbde1eb2c6b407fbbd42ed3fad312260417485600c37cec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_lists.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.last` used but never assigned in __init__"}, "properties": {"repobilityId": 135962, "scanner": "repobility-ast-engine", "fingerprint": "10419da847d8a4c60435c30c6dde1925432cdfea0867db05f98ba92bfef37297", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10419da847d8a4c60435c30c6dde1925432cdfea0867db05f98ba92bfef37297"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_lists.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.last` used but never assigned in __init__"}, "properties": {"repobilityId": 135961, "scanner": "repobility-ast-engine", "fingerprint": "40ba5eb59b052850ac8fb8d70332c7f63a5b4dfed03ce30f5ebb54cb4e8ae508", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40ba5eb59b052850ac8fb8d70332c7f63a5b4dfed03ce30f5ebb54cb4e8ae508"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_lists.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.last` used but never assigned in __init__"}, "properties": {"repobilityId": 135960, "scanner": "repobility-ast-engine", "fingerprint": "48203f1fcac80758f8bd82fd8114bf9ef3768e8ea7d2b79b1eaa806ae2a2356f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|48203f1fcac80758f8bd82fd8114bf9ef3768e8ea7d2b79b1eaa806ae2a2356f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_lists.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.last` used but never assigned in __init__"}, "properties": {"repobilityId": 135959, "scanner": "repobility-ast-engine", "fingerprint": "11b0b97bc60eba55d11b0e8e12a22df92151da9ec902615e6cadf04c82f43802", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11b0b97bc60eba55d11b0e8e12a22df92151da9ec902615e6cadf04c82f43802"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_lists.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.last` used but never assigned in __init__"}, "properties": {"repobilityId": 135958, "scanner": "repobility-ast-engine", "fingerprint": "a13b201988b2739806d3b315a21292baf5f6cdc3d9344c20ea3caa00cad3c949", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a13b201988b2739806d3b315a21292baf5f6cdc3d9344c20ea3caa00cad3c949"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_lists.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fail_to_change_the_number` used but never assigned in __init__"}, "properties": {"repobilityId": 135957, "scanner": "repobility-ast-engine", "fingerprint": "f7d0b7c95ee1589befa27ef850d486bfce608499629b75fecd448c2da407280b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7d0b7c95ee1589befa27ef850d486bfce608499629b75fecd448c2da407280b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_mutations.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.immediately_change_the_number` used but never assigned in __init__"}, "properties": {"repobilityId": 135956, "scanner": "repobility-ast-engine", "fingerprint": "837bdc50c98963491ee9eec27c23e52e20f43ff17c0b5e51279cdf9c81b6ec47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|837bdc50c98963491ee9eec27c23e52e20f43ff17c0b5e51279cdf9c81b6ec47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_mutations.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.to_equal` used but never assigned in __init__"}, "properties": {"repobilityId": 135952, "scanner": "repobility-ast-engine", "fingerprint": "b05f289f6fd7dc8a7a25fec17cc0310f46b00997b672a1c4fd714c79a0ef488c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b05f289f6fd7dc8a7a25fec17cc0310f46b00997b672a1c4fd714c79a0ef488c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utilities/test_strip_ignored_characters.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.to_reg_exp` used but never assigned in __init__"}, "properties": {"repobilityId": 135951, "scanner": "repobility-ast-engine", "fingerprint": "c466bdba916e2afbd91c8d68f991eaf4790cb51991b0c9794b1b6df9a5f28c21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c466bdba916e2afbd91c8d68f991eaf4790cb51991b0c9794b1b6df9a5f28c21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utilities/test_get_introspection_query.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.to_reg_exp` used but never assigned in __init__"}, "properties": {"repobilityId": 135950, "scanner": "repobility-ast-engine", "fingerprint": "835b8af6e7474727b89b19d4bee053fe5c1fa8f9ed2e56797db55fa457fbe489", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|835b8af6e7474727b89b19d4bee053fe5c1fa8f9ed2e56797db55fa457fbe489"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utilities/test_get_introspection_query.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.to_equal` used but never assigned in __init__"}, "properties": {"repobilityId": 135948, "scanner": "repobility-ast-engine", "fingerprint": "8677cc016260507e3aeb98ed60135918df9e303527715694681b3805dea7cad1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8677cc016260507e3aeb98ed60135918df9e303527715694681b3805dea7cad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utilities/test_strip_ignored_characters_fuzz.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.emit_event` used but never assigned in __init__"}, "properties": {"repobilityId": 135947, "scanner": "repobility-ast-engine", "fingerprint": "23881989db307316c7e147a6dc269ec4607386ec362fb19771ab7a79db9dd69a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23881989db307316c7e147a6dc269ec4607386ec362fb19771ab7a79db9dd69a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_registry.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.emit_event` used but never assigned in __init__"}, "properties": {"repobilityId": 135946, "scanner": "repobility-ast-engine", "fingerprint": "a299595900d7074321312d6a35b42d19064a434a7817db8ada5e751eb39a175b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a299595900d7074321312d6a35b42d19064a434a7817db8ada5e751eb39a175b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_registry.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.emit_event` used but never assigned in __init__"}, "properties": {"repobilityId": 135945, "scanner": "repobility-ast-engine", "fingerprint": "53d4062f5096541bba9fde2c58d651ee29739a56b80b807c6947242fe0e85b1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53d4062f5096541bba9fde2c58d651ee29739a56b80b807c6947242fe0e85b1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_registry.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODSPEED_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 136007, "scanner": "repobility-supply-chain", "fingerprint": "cc11e55f65a8d4ed1b4dcd1a46066a136a87f4c26829a5b03792e0ca65a36471", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc11e55f65a8d4ed1b4dcd1a46066a136a87f4c26829a5b03792e0ca65a36471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 135995, "scanner": "repobility-ast-engine", "fingerprint": "3253c97e77e319a955189b76423d9bfa1d708744ad1dbb25c0318e1499e141a1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3253c97e77e319a955189b76423d9bfa1d708744ad1dbb25c0318e1499e141a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/language/printer.py"}, "region": {"startLine": 447}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 135994, "scanner": "repobility-ast-engine", "fingerprint": "4d6a595e13e0673d3e2ad2d367539e990d588a3aaaa1b444ac5849fecec0992a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d6a595e13e0673d3e2ad2d367539e990d588a3aaaa1b444ac5849fecec0992a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/graphql/execution/incremental_graph.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `ast` used but not imported"}, "properties": {"repobilityId": 135955, "scanner": "repobility-ast-engine", "fingerprint": "b306c2a3d479b00e52d03f814f79126547207b85dc75b19826cb79e52427e4c3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b306c2a3d479b00e52d03f814f79126547207b85dc75b19826cb79e52427e4c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/execution/test_variables.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `ast` used but not imported"}, "properties": {"repobilityId": 135954, "scanner": "repobility-ast-engine", "fingerprint": "7ae13c068db2fb034801ac921b59b1a3209bd997fc6c74a9cf39f567c9b3dc5e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ae13c068db2fb034801ac921b59b1a3209bd997fc6c74a9cf39f567c9b3dc5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utilities/test_build_ast_schema.py"}, "region": {"startLine": 1084}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `ast` used but not imported"}, "properties": {"repobilityId": 135953, "scanner": "repobility-ast-engine", "fingerprint": "20a46346e2d62738e6dc03d10b46eafea26ace28734d8247c8c021a29a18459d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20a46346e2d62738e6dc03d10b46eafea26ace28734d8247c8c021a29a18459d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utilities/test_type_info.py"}, "region": {"startLine": 494}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `ast` used but not imported"}, "properties": {"repobilityId": 135949, "scanner": "repobility-ast-engine", "fingerprint": "396d7fe7b38cfa6f7b6fe4d20d3af0cac3e752b0621e28768d31ee416f02d0ff", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|396d7fe7b38cfa6f7b6fe4d20d3af0cac3e752b0621e28768d31ee416f02d0ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utilities/test_ast_to_dict.py"}, "region": {"startLine": 59}}}]}]}]}