{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `mode` has cognitive complexity 21 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `mode` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 21."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `python-slugify` has no version pin", "shortDescription": {"text": "requirements.txt: `python-slugify` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.vdebug` used but never assigned in __init__", "shortDescription": {"text": "`self.vdebug` used but never assigned in __init__"}, "fullDescription": {"text": "Method `_fast_refresh` of class `PyArlo` reads `self.vdebug`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1026"}, "properties": {"repository": "twrecked/pyaarlo", "repoUrl": "https://github.com/twrecked/pyaarlo", "branch": "master"}, "results": [{"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 96246, "scanner": "repobility-threat-engine", "fingerprint": "875ac33c92b7bc4658b5299c06b0700bfc2cf8559757c12bcb405f9786f87d06", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        ret = requests.get(url)\n    except requests.exceptions.SSLError:\n        return None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|875ac33c92b7bc4658b5299c06b0700bfc2cf8559757c12bcb405f9786f87d06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/util.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 96238, "scanner": "repobility-threat-engine", "fingerprint": "4370b5fe0b8eed59872384c0f5358b4b04542b39d4193f3d17d91850639fe0ae", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|pyaarlo/storage.py|31|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/storage.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 96237, "scanner": "repobility-threat-engine", "fingerprint": "132b50b09f0631df1224679826122ff46ae881fa47348e4d54502df68078d4d0", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "CERT_NONE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|pyaarlo/ratls.py|106|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/ratls.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `mode` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, else=1, for=2, if=9, nested_bonus=7."}, "properties": {"repobilityId": 96230, "scanner": "repobility-threat-engine", "fingerprint": "3691a6940e25662eedea9439b6ac75f573991c76a5424a01b1614331a494e07a", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "mode", "breakdown": {"if": 9, "for": 2, "else": 1, "break": 2, "nested_bonus": 7}, "complexity": 21, "correlation_key": "fp|3691a6940e25662eedea9439b6ac75f573991c76a5424a01b1614331a494e07a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/location.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_event_handler` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=7, nested_bonus=7, recursion=1."}, "properties": {"repobilityId": 96229, "scanner": "repobility-threat-engine", "fingerprint": "05c84ccb86ecd93b391456c2bdcd156ec5fc23767aaa1a032b9898521c226184", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_event_handler", "breakdown": {"if": 7, "recursion": 1, "nested_bonus": 7}, "complexity": 15, "correlation_key": "fp|05c84ccb86ecd93b391456c2bdcd156ec5fc23767aaa1a032b9898521c226184"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/doorbell.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_run_next` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, else=1, except=1, for=2, if=3, nested_bonus=12."}, "properties": {"repobilityId": 96228, "scanner": "repobility-threat-engine", "fingerprint": "bcfcf47a5888fd2549b92550782c12f4eb60076bac17160e8cf455dfce256df4", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 20 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_run_next", "breakdown": {"if": 3, "for": 2, "else": 1, "break": 1, "except": 1, "nested_bonus": 12}, "complexity": 20, "correlation_key": "fp|bcfcf47a5888fd2549b92550782c12f4eb60076bac17160e8cf455dfce256df4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/background.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `python-slugify` has no version pin"}, "properties": {"repobilityId": 96227, "scanner": "repobility-supply-chain", "fingerprint": "596b3af9fcca56303490de817cd0b68793c8eff33ae8a5f2ef9ad44e42251b3f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|596b3af9fcca56303490de817cd0b68793c8eff33ae8a5f2ef9ad44e42251b3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `cryptography` has no version pin"}, "properties": {"repobilityId": 96226, "scanner": "repobility-supply-chain", "fingerprint": "29a753a9be445350aa59e3c9c403e0b04e7a4d20bdcef9469ecd113edc5040f3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|29a753a9be445350aa59e3c9c403e0b04e7a4d20bdcef9469ecd113edc5040f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `paho-mqtt` has no version pin"}, "properties": {"repobilityId": 96225, "scanner": "repobility-supply-chain", "fingerprint": "4264111d8ab0b8f6c0c59db047db7c233e494745bdf85fe5357b7f2f2df4800c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4264111d8ab0b8f6c0c59db047db7c233e494745bdf85fe5357b7f2f2df4800c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `unidecode` has no version pin"}, "properties": {"repobilityId": 96224, "scanner": "repobility-supply-chain", "fingerprint": "5490ff1a5e74548a9df8e73dbc7399141d7d4782dddc58eab09e0c51991545f7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5490ff1a5e74548a9df8e73dbc7399141d7d4782dddc58eab09e0c51991545f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `pycryptodome` has no version pin"}, "properties": {"repobilityId": 96223, "scanner": "repobility-supply-chain", "fingerprint": "825b29301894c05b8ce37d2d28b6f93a0a0ef5a2b54910b3403d3c34cf8789e8", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|825b29301894c05b8ce37d2d28b6f93a0a0ef5a2b54910b3403d3c34cf8789e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `click` has no version pin"}, "properties": {"repobilityId": 96222, "scanner": "repobility-supply-chain", "fingerprint": "9fb925c2a5da4f6929a2bb2d021e1e04485ecec745bb810d2160259a29f02712", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9fb925c2a5da4f6929a2bb2d021e1e04485ecec745bb810d2160259a29f02712"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `requests` has no version pin"}, "properties": {"repobilityId": 96221, "scanner": "repobility-supply-chain", "fingerprint": "87a4d8ad4681a97afa4ea2c5ac72490679de4486842287faa9f6f8812067a998", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|87a4d8ad4681a97afa4ea2c5ac72490679de4486842287faa9f6f8812067a998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96220, "scanner": "repobility-ast-engine", "fingerprint": "d846ffc1ae5a97b1b2386f4ecaab3b338fa454d740e094ecb624eae753de74e5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d846ffc1ae5a97b1b2386f4ecaab3b338fa454d740e094ecb624eae753de74e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/backend.py"}, "region": {"startLine": 688}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96219, "scanner": "repobility-ast-engine", "fingerprint": "b27a1d54714c179a20681039b11157b3d9b7342f9b4e929a6bbda49218d4bf32", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b27a1d54714c179a20681039b11157b3d9b7342f9b4e929a6bbda49218d4bf32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/backend.py"}, "region": {"startLine": 609}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96218, "scanner": "repobility-ast-engine", "fingerprint": "b94228dcf884541791afaf13e4e0153028232a6c677b0fe21d0097a2c818bc18", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b94228dcf884541791afaf13e4e0153028232a6c677b0fe21d0097a2c818bc18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/backend.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96217, "scanner": "repobility-ast-engine", "fingerprint": "714371c03b127df5a25b885155141cd6313c51e4ca7c05efbdb58b8268ac8ad0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|714371c03b127df5a25b885155141cd6313c51e4ca7c05efbdb58b8268ac8ad0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/backend.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96216, "scanner": "repobility-ast-engine", "fingerprint": "d8e00bfc04e196aa91357866fdcad53151e3894a79d7714871fa81569773ad56", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8e00bfc04e196aa91357866fdcad53151e3894a79d7714871fa81569773ad56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/backend.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96215, "scanner": "repobility-ast-engine", "fingerprint": "67f9ae2ef604f538ad044ce9610841f436a3d95efbbde05bb26707b1ff171284", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67f9ae2ef604f538ad044ce9610841f436a3d95efbbde05bb26707b1ff171284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/backend.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96214, "scanner": "repobility-ast-engine", "fingerprint": "8231e3a88f19208a3af09abfc24687a58813dec6d588db177a1eaae314300cf4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8231e3a88f19208a3af09abfc24687a58813dec6d588db177a1eaae314300cf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/main.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96213, "scanner": "repobility-ast-engine", "fingerprint": "0ca469198aa2b248f5e1d042dc86a2957468dd127dc97bc0f26068d9fe437386", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ca469198aa2b248f5e1d042dc86a2957468dd127dc97bc0f26068d9fe437386"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/main.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96212, "scanner": "repobility-ast-engine", "fingerprint": "e52909b5a5d52d3e91e99410345e91715b2cf32318a3a63b37d6576c2a9a4856", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e52909b5a5d52d3e91e99410345e91715b2cf32318a3a63b37d6576c2a9a4856"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/background.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96211, "scanner": "repobility-ast-engine", "fingerprint": "b0eb74f10c0c8d084afa3cca1deec88179273ec146448e9c35dc68e29ead9615", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0eb74f10c0c8d084afa3cca1deec88179273ec146448e9c35dc68e29ead9615"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/tfa.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96210, "scanner": "repobility-ast-engine", "fingerprint": "82ae76010138e9fd96301e192957ab50d1de96057dfa494214b2af181f369b32", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82ae76010138e9fd96301e192957ab50d1de96057dfa494214b2af181f369b32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/tfa.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96209, "scanner": "repobility-ast-engine", "fingerprint": "95da4ef375f07a56537d4bec15991eda109cb8a355e3187383615a0685caf38b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95da4ef375f07a56537d4bec15991eda109cb8a355e3187383615a0685caf38b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/tfa.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96208, "scanner": "repobility-ast-engine", "fingerprint": "b2807bee6c6346879e4a38b9ff612f75eafa047a28e2b98b5d5ae4a53074061c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2807bee6c6346879e4a38b9ff612f75eafa047a28e2b98b5d5ae4a53074061c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/tfa.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96207, "scanner": "repobility-ast-engine", "fingerprint": "c28ff342f5faaf7b2129183f0aa133a5acd8d7b8720ef213bd20425e43ee3157", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c28ff342f5faaf7b2129183f0aa133a5acd8d7b8720ef213bd20425e43ee3157"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/storage.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96206, "scanner": "repobility-ast-engine", "fingerprint": "469c2c58de15bdbe2c24cffa58da07b4e19d529f5fca109177a7886bee392eed", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|469c2c58de15bdbe2c24cffa58da07b4e19d529f5fca109177a7886bee392eed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/storage.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96205, "scanner": "repobility-ast-engine", "fingerprint": "c2ceea53efdd86c3716333af5b620486402516bf6d9ceb293d802dca68e3c18b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c2ceea53efdd86c3716333af5b620486402516bf6d9ceb293d802dca68e3c18b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/ratls.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96204, "scanner": "repobility-ast-engine", "fingerprint": "fde4045e70d07fa1667792b7fa13dfa659fe143dfb46b0c96b8adf398af842da", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fde4045e70d07fa1667792b7fa13dfa659fe143dfb46b0c96b8adf398af842da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 96178, "scanner": "repobility-ast-engine", "fingerprint": "5ea22d73687f7db4729917e25c8514c162c9832208ca6c7c50e05c4b113c25fe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ea22d73687f7db4729917e25c8514c162c9832208ca6c7c50e05c4b113c25fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/util.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 96174, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96177, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e1184dd6c63734db59a14747f562ef6e6952e9ace9b5c684ad652f924a5eb52b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pyaarlo/__init__.py", "duplicate_line": 548, "correlation_key": "fp|e1184dd6c63734db59a14747f562ef6e6952e9ace9b5c684ad652f924a5eb52b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/arlo.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96176, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3981476e3c9d02645e54287ae4c3e11806c4e84e0c1e7135acf8830b9a9fede3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pyaarlo/device.py", "duplicate_line": 102, "correlation_key": "fp|3981476e3c9d02645e54287ae4c3e11806c4e84e0c1e7135acf8830b9a9fede3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/super.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96175, "scanner": "repobility-ai-code-hygiene", "fingerprint": "75707c66794e33dafd66d42374d1b24704fd9bf76834e975c8e5a79ca672db30", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pyaarlo/base.py", "duplicate_line": 187, "correlation_key": "fp|75707c66794e33dafd66d42374d1b24704fd9bf76834e975c8e5a79ca672db30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/location.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 96245, "scanner": "repobility-threat-engine", "fingerprint": "38366c9a13938ac35cf52c534b07a6729e3409d5be8a829727885207d88b1f89", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|38366c9a13938ac35cf52c534b07a6729e3409d5be8a829727885207d88b1f89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/util.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 96244, "scanner": "repobility-threat-engine", "fingerprint": "85ad9ae31c50bdcc55f32ec37b17a171f33acd0f4f160e27f39044038ea27a5a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85ad9ae31c50bdcc55f32ec37b17a171f33acd0f4f160e27f39044038ea27a5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/tfa.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 96243, "scanner": "repobility-threat-engine", "fingerprint": "6d927cfd8f7299328fb880c4e399d41343aaf8a1af2b1f1c0a087d761805137a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6d927cfd8f7299328fb880c4e399d41343aaf8a1af2b1f1c0a087d761805137a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/tfa.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 96235, "scanner": "repobility-threat-engine", "fingerprint": "dcee9adefac1690256bd316a5cb6eb298eee809bec813b801805e764edc309be", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dcee9adefac1690256bd316a5cb6eb298eee809bec813b801805e764edc309be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/light.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 96234, "scanner": "repobility-threat-engine", "fingerprint": "716bab6dbf8790c9cc576c0e73c649c373e112ab5fdf3590830338c0608669a7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|716bab6dbf8790c9cc576c0e73c649c373e112ab5fdf3590830338c0608669a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/device.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 96231, "scanner": "repobility-threat-engine", "fingerprint": "ae057f38a82b4ab40df0f4aaddc1a0bad56cc3e35c9a31fbdc7db8da14fe6f6c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_run_next", "breakdown": {"if": 3, "for": 2, "else": 1, "break": 1, "except": 1, "nested_bonus": 12}, "aggregated": true, "complexity": 20, "correlation_key": "fp|ae057f38a82b4ab40df0f4aaddc1a0bad56cc3e35c9a31fbdc7db8da14fe6f6c", "aggregated_count": 7}}}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 96242, "scanner": "repobility-threat-engine", "fingerprint": "0aa9cc7e7a8fb8705415c62a5572b03913c068f34a2e4464841a6ab40329ecb6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0aa9cc7e7a8fb8705415c62a5572b03913c068f34a2e4464841a6ab40329ecb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/util.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 96241, "scanner": "repobility-threat-engine", "fingerprint": "7558bb0d8bf2e0a23c621c42dae024687f01f0473d685c8d68d926c46f04b9f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7558bb0d8bf2e0a23c621c42dae024687f01f0473d685c8d68d926c46f04b9f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/tfa.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 96236, "scanner": "repobility-threat-engine", "fingerprint": "b763280f6a8e9d47ebc44abfe610d0e194305d0c497d3c3728789772d4febee8", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|pyaarlo/ratls.py|65|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/ratls.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 96233, "scanner": "repobility-threat-engine", "fingerprint": "cf2497058ae1efb6f2042aadde580561c9113269b24625930e5660c0798ee8dd", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cf2497058ae1efb6f2042aadde580561c9113269b24625930e5660c0798ee8dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/ratls.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 96232, "scanner": "repobility-threat-engine", "fingerprint": "ec6506b9b86f030f3de726c0a21ea2ee63e32dc24dffeb6348487aab7654473a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ec6506b9b86f030f3de726c0a21ea2ee63e32dc24dffeb6348487aab7654473a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/cfg.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96203, "scanner": "repobility-ast-engine", "fingerprint": "5ddcaea91374e433903e70b5a29b4ef33e39f8386e499709b02d37eb0d0b9752", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ddcaea91374e433903e70b5a29b4ef33e39f8386e499709b02d37eb0d0b9752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 449}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96202, "scanner": "repobility-ast-engine", "fingerprint": "98396aedf8842a88cc0beb48acac831658f3bbdcdeac97fa279c707e6b51d02d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98396aedf8842a88cc0beb48acac831658f3bbdcdeac97fa279c707e6b51d02d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 441}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96201, "scanner": "repobility-ast-engine", "fingerprint": "bb56b3801fb6eda6574fd1d6eca107edba74f838bfe9dff54b17348cb5389f62", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb56b3801fb6eda6574fd1d6eca107edba74f838bfe9dff54b17348cb5389f62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 468}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ping_bases` used but never assigned in __init__"}, "properties": {"repobilityId": 96200, "scanner": "repobility-ast-engine", "fingerprint": "311ccc9a6d9760965c7f9777c4780dca220e7d33054e53b9d7d60087768a6b56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|311ccc9a6d9760965c7f9777c4780dca220e7d33054e53b9d7d60087768a6b56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 436}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96199, "scanner": "repobility-ast-engine", "fingerprint": "9470a02cf33fafdeb27683d4513400fe3ed62f4e4220e391106d1632d4370c0d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9470a02cf33fafdeb27683d4513400fe3ed62f4e4220e391106d1632d4370c0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 434}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96198, "scanner": "repobility-ast-engine", "fingerprint": "ab91028f3a53cb6618c9bfa1f964a0478140d2f7878a046b70c76824510e948d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab91028f3a53cb6618c9bfa1f964a0478140d2f7878a046b70c76824510e948d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 425}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96197, "scanner": "repobility-ast-engine", "fingerprint": "7146a684df7ff1e135dcf543cd1df4c459a40677ba192d9e180d0beba16f5b22", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7146a684df7ff1e135dcf543cd1df4c459a40677ba192d9e180d0beba16f5b22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 414}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.warning` used but never assigned in __init__"}, "properties": {"repobilityId": 96196, "scanner": "repobility-ast-engine", "fingerprint": "4ce2229e34338c0ba04b8439ef5d2ff8fb9bd66994db3c0237563acab404a69a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ce2229e34338c0ba04b8439ef5d2ff8fb9bd66994db3c0237563acab404a69a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.be` used but never assigned in __init__"}, "properties": {"repobilityId": 96195, "scanner": "repobility-ast-engine", "fingerprint": "3bfb83f61948f2d906237670069c55f455f51d4489b354ebf79714cad75cf29b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3bfb83f61948f2d906237670069c55f455f51d4489b354ebf79714cad75cf29b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 379}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.debug` used but never assigned in __init__"}, "properties": {"repobilityId": 96194, "scanner": "repobility-ast-engine", "fingerprint": "56d4a1077b17978a77b6cf5280daa4343b631e51d32599806c52187f86908663", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56d4a1077b17978a77b6cf5280daa4343b631e51d32599806c52187f86908663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 377}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.debug` used but never assigned in __init__"}, "properties": {"repobilityId": 96193, "scanner": "repobility-ast-engine", "fingerprint": "8bb908feb3793b0fc978c9dd5161d7da5f5b55319cc839e5c2f0651ba1d7ee4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bb908feb3793b0fc978c9dd5161d7da5f5b55319cc839e5c2f0651ba1d7ee4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96192, "scanner": "repobility-ast-engine", "fingerprint": "0d62eb5b1be384fbdac8584dbc42701398562995a0f5c70677fe0b116982ccea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d62eb5b1be384fbdac8584dbc42701398562995a0f5c70677fe0b116982ccea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 389}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.debug` used but never assigned in __init__"}, "properties": {"repobilityId": 96191, "scanner": "repobility-ast-engine", "fingerprint": "c47373779ef70fa7800134340b08e15b71376ce60523f2fbf2a00599455ef4d1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c47373779ef70fa7800134340b08e15b71376ce60523f2fbf2a00599455ef4d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 370}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96190, "scanner": "repobility-ast-engine", "fingerprint": "c7241e2332a49606a685cac97420b542a7274f1548724998f741c098e682542e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7241e2332a49606a685cac97420b542a7274f1548724998f741c098e682542e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96189, "scanner": "repobility-ast-engine", "fingerprint": "98b6eae14c40774b34edf0e1874afc7c0d854c7425a3ffc9348045169e7033d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98b6eae14c40774b34edf0e1874afc7c0d854c7425a3ffc9348045169e7033d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 362}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._devices` used but never assigned in __init__"}, "properties": {"repobilityId": 96188, "scanner": "repobility-ast-engine", "fingerprint": "a3ab2acc78ca89b47f03bd1973539a306cdede86ad079d88378a3b8385091a57", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3ab2acc78ca89b47f03bd1973539a306cdede86ad079d88378a3b8385091a57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 352}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.lookup_device_by_id` used but never assigned in __init__"}, "properties": {"repobilityId": 96187, "scanner": "repobility-ast-engine", "fingerprint": "d9c96e3a950963d8b07c94e426844b16172f2eceb7e9c7124f874b1cb84c3e05", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9c96e3a950963d8b07c94e426844b16172f2eceb7e9c7124f874b1cb84c3e05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 360}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96186, "scanner": "repobility-ast-engine", "fingerprint": "7b77e15afd36ee2c893c4242ec4626e577eff655234ccd30a7f405b143d71400", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b77e15afd36ee2c893c4242ec4626e577eff655234ccd30a7f405b143d71400"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 358}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.warning` used but never assigned in __init__"}, "properties": {"repobilityId": 96185, "scanner": "repobility-ast-engine", "fingerprint": "3680025dd520f8bad2b0e5d7d8e514ed50f63fb3fe75f068b02c84f3417dc32c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3680025dd520f8bad2b0e5d7d8e514ed50f63fb3fe75f068b02c84f3417dc32c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 350}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.vdebug` used but never assigned in __init__"}, "properties": {"repobilityId": 96184, "scanner": "repobility-ast-engine", "fingerprint": "43c400e4c31d5675ab1076530cc45bd9b7e0c64c662eb7cb4c4dfd5e4c7af8b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43c400e4c31d5675ab1076530cc45bd9b7e0c64c662eb7cb4c4dfd5e4c7af8b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 352}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._devices` used but never assigned in __init__"}, "properties": {"repobilityId": 96183, "scanner": "repobility-ast-engine", "fingerprint": "54f4acf02d200ecd310fd651da33a29b1e6203c363b9b5abce5c5d12c1651a76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54f4acf02d200ecd310fd651da33a29b1e6203c363b9b5abce5c5d12c1651a76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 351}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._devices` used but never assigned in __init__"}, "properties": {"repobilityId": 96182, "scanner": "repobility-ast-engine", "fingerprint": "9a156f2d1857f0f341160ed9f6417b3da632d5ee3fccd93dfc374fbea697f2ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a156f2d1857f0f341160ed9f6417b3da632d5ee3fccd93dfc374fbea697f2ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._devices` used but never assigned in __init__"}, "properties": {"repobilityId": 96181, "scanner": "repobility-ast-engine", "fingerprint": "d3762ae45e71988e955d3b0c1a1ef752501b65becd438fc6a5e80188cf0c1889", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3762ae45e71988e955d3b0c1a1ef752501b65becd438fc6a5e80188cf0c1889"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._devices` used but never assigned in __init__"}, "properties": {"repobilityId": 96180, "scanner": "repobility-ast-engine", "fingerprint": "29bbc0bb34bb721a9d9ccab8ef66effb3d1945f441a7e9082f067f54e5c5812d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29bbc0bb34bb721a9d9ccab8ef66effb3d1945f441a7e9082f067f54e5c5812d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.cfg` used but never assigned in __init__"}, "properties": {"repobilityId": 96179, "scanner": "repobility-ast-engine", "fingerprint": "b782c78d8eb03097af32052d5e9563858f98dca5daa0478e59925d75fa682a00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b782c78d8eb03097af32052d5e9563858f98dca5daa0478e59925d75fa682a00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/__init__.py"}, "region": {"startLine": 339}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 96247, "scanner": "gitleaks", "fingerprint": "f370ca1dff74191499ebffb7b906c67cf5d64882e516b7df3c1fd688c320a650", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token\":\"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|readme.md|48|token : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 481}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 96240, "scanner": "repobility-threat-engine", "fingerprint": "c77216ed8695ebc2762d0ec12489984ec3568d97971d8dc9356e1f5b2d8c86d6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c77216ed8695ebc2762d0ec12489984ec3568d97971d8dc9356e1f5b2d8c86d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/storage.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 96239, "scanner": "repobility-threat-engine", "fingerprint": "9a0835284325ad34193d06c6e2958e5e14222abd9735dfaf584ee390a3163f85", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9a0835284325ad34193d06c6e2958e5e14222abd9735dfaf584ee390a3163f85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pyaarlo/storage.py"}, "region": {"startLine": 31}}}]}]}]}